The Rippleshot Data Breach Blog

ABA Banking Journal: ‘Five Top Fraud Risks for Banks’

Written by Anna Kragie | Oct 5, 2018 5:06:03 PM

It's impossible for a bank executive to pinpoint just one fraud risk to be concerned about. From synthetic identity and account takeover fraud to skimming, ATM and CNP fraud, the running list of methods fraudsters are capitalizing on grows each year.

A recent article by the American Bankers Association Banking Journal took a deeper dive into the top five fraud risks banks face today — sharing insight from Rippleshot Co-Founder Canh Tran. He discussed the rise of online fraud and how financial institutions can prepare themselves to take on fraudsters.

“When you plug one hole it pops up somewhere else,” Tran told the ABA Banking Journal about the spread of fraud. Besides the shift of fraudster tactics, what’s led to an increase in CNP fraud, for example, has also been the staggered compliance dates in the EMV shift that has left additional outlets vulnerable for fraudsters to exploit.

“A lot of merchants were pressured to go to chip readers, but gas stations had a reprieve from the networks until 2020,” Tran noted. He noted the evolution of this problem, but said one of the biggest issues is that fraudsters are getting better at aggregating stolen consumer data.

“Right now they’re segregated, but they need to find a fraud solution platform that’s somewhat integrated and works across AML, card compromise, and other fraud areas in a way that makes it more efficient," Tran said.

The article also highlights risks that Rippleshot has discussed in our posts throughout the past year, including compromised business emails and more sophisticated data mining, phishing scams, technology gaps and synthetic identity fraud. Collectively, this has created the five fraud risks for banks, according to the ABA Journal.

  • Business Email Compromises: This scheme is where a fraudster poses as another person to gain access to a bank employee’s information to release funds or bank account info. Instant communication across the banking ecosystem has caused this type of fraud to scale quickly.
  • Phishing Scams: According to the ABA Journal, “Phishers have better grammar, enviable attention to detail and a sophisticated network of phony websites to make them harder to catch. With more consumers navigating the Internet on a mobile device.”
  • CNP Fraud: Although transaction fraud losses are slowly falling, thanks to EMV, this is shifting fraud to debit and prepaid cards. CNP continues to be on the rise as fraudsters shift their efforts toward online card fraud. The amount of prepaid card fraud also rose 3 times in 2017 from 2016’s figures (to 3.4 million people). The number of debit card fraud victims rose to 6.6 million.
  • Targeted Attacks on Vulnerable Demographics: Fraudsters have found new methods to target both young and old consumers. From synthetic ID fraud that targets children who have yet to join the mainstream financial fold, to elderly consumers, the ABA Journal points to how fraudsters are capitalizing on tools that victimize more vulnerable demographics.
  • Synthetic Identities: ID verification systems aren’t working as efficiently as needed for today’s fraud ecosystem. Synthetic ID fraud and automated attacks are on the rise. Fraudsters are using personally identifiable information to determine identities quicker. Financial institutions are at an increased risk to new account fraud and increased ID theft fraud as a result.

How have card compromise risks changed over the years?

Lacking the resources, time, qualified employees and access to data (or understanding of that data) have presented hurdles for financial organizations. The rate at which fraud is evolving is getting faster than banks can keep up with on their own. Fraudsters have sharpened their own tools and are capitalizing on compromised card fraud through techniques that continue to evolve faster than banks’ internal technology and fraud detection solutions can keep up with.

  • Time is of the essence: Banks used to be rely on alerts that caught compromised card breaches within days and weeks, but that is no longer the case. Risks are greater than ever because once accounts are compromised it increases the chance exponentially that that same account will continue to be breached again.
  • The fraud landscape is also evolving: Compromised card fraud now consists of everything from card-present and card-not-present fraud, but also applies to: Synthetic fraud, account takeover fraud, identity theft fraud, ATM fraud, skimming, bots that make online fraudulent purchases, hacking payment systems, to auctioning of compromised cards across the dark web. These are all used to monetize card fraud occurs faster than a bank can detect a compromise, identify compromise cards, reissue the cards and call the cardholders.
  • Card issuers are using new tools to fight fraud: Machine learning, automation, cloud technology, etc. — but so are the fraudsters. Only better and faster. The monetization of compromised cards has become a sophisticated industry, and it’s gaining ground, thanks to advancements in how hackers are utilizing the dark web.
  • Fraudsters are capitalizing on delays: The time it often takes for cards to get canceled, reissued or deemed compromised has created a new avenue for fraudsters. Stronger, faster, more secure fraud detection measures are the only methods to preventing the spread of compromised card details, and from even bigger data breaches from occurring.
  • Increased Digital Touchpoints: This has paved the way for new methods to access data. In the next three years, Gartner forecasts that there will be 20.4 billion connected devices, which means even more access points for hackers to breach.
  • The Use of Aggregated Stolen Data: Fraudsters are also changing how they use pieces of information. It’s not just about stolen payment card numbers anymore — it’s about the rich data that’s associated with it that allows hackers to commit more widespread fraud.
  • The reselling of payment card credentials:This technique is is running rampant across the dark web, creating an entirely new business model for fraudsters. Experienced fraudsters are even using the dark web to create educational resources for novice hackers to learn how to do the same.

How Can Banks Better Protect Themselves?

Stopping the spread of compromised card fraud can only be done through better, faster breach technology that pinpoints incidents at its source. This means finding a proactive solution that can target where and when the card was actually compromised. This can help banks get ahead of compromised card fraud before it escalates — resulting in few cards reissued and less fraud losses.

Banks must ask more from their data processors and get faster fraud alerts. Instead of relying on weekly, or monthly reports, fraud alerts should be delivered in near real time with daily data from credit card transactions within your network.

Fraud tools today shouldn’t take 90 days to implement, require complicated platforms, have integration delays with core systems or complex modeling iterations. Solutions need to be fast, efficient, and actionable before the money gets out of the network. These same solutions need to be able to streamline the data feed process, automate the analytics process, offer continuous model refresh, and deliver actionable results within hours — and continue to do so on a daily basis.