In the second part of our blog series, we examine how financial institutions can evaluate current and emerging technological capabilities to detect and prevent fraud from occurring
The response of financial institutions to prevent and detect fraud typically begins with the conduction of a fraud risk assessment, which divides fraud into two areas, external and internal fraud. For our purposes, we will focus on external, non-loan-based fraud, which usually involves systematic and replicable approaches to defraud banks and their customers.
Fraud typologies can be segmented based on the two main entities affected: i) new customer fraud or new account fraud; and ii) existing customer fraud or existing account fraud. Each typology requires distinctive technologies for detection and prevention.
New account fraud
New account fraud primarily affects banks and occurs when a customer opens a bank account with fraudulent intent. For simplification, we will focus on remote and digital account opening workflows, as these are the areas where fraud occurs most frequently.
The main considerations in prevention and detection should focus on three aspects: i) personally identifiable information; ii) biometric identification; and iii) technology- and IT-based insights. Let’s look at each of these in turn:
Personally identifiable information — This includes all available public records that help identify the customer. Secondary identifiers, such as previous addresses, relatives, telephone numbers, asset registrations, places lived, and other associated records, are essential components. In this instance, cross-referencing the data submitted by the customer with publicly available records can strengthen the customer verification processes.
Biometric information — This provides an additional layer of verification, whether the biometrics are based on fingers, eyes, or hands. Fingerprint scanning captures unique patterns and is used in mobile devices and security systems. Facial biometrics analyze facial structures and features, while highly accurate iris and retina scanning can also be employed. Voice recognition, traditionally used for verification, is becoming less secure as artificial intelligence can now allow illicit users to bypass it. Hand geometry, though less common, analyzes the shape and size of a customer’s hands for identification purposes.
Technology- and IT-based insights — These are critical in assessing customer legitimacy, and in a digital workflow, they can reveal important information about the validity and the risk profile of a customer. For example, geolocation data can reveal where the account is being opened. And when an application is originating in a foreign country, such as Nigeria, it could be a red flag for the bank. In fact, a case can be made to reject all digital applications that have been made from high-risk designations or from foreign countries in general.
Other tech-based insights — such as network data and IP addresses, Wi-Fi information, ISPs, and domain analysis — can further determine the risk profile of the customer. Threat intelligence tools, such as proxy and botnet detection, can block suspicious applications, while virtual private networks (VPNs) can also be assessed to identify fraudulent attempts.
By integrating all three of these methods — robust data capabilities, biometric verification, and IT insights — banks can better address new account fraud typologies. These include mule accounts, accounts opened with stolen IDs, and synthetic IDs. (Indeed, synthetic ID fraud, the fastest-growing type of fraud in the United States, requires special mention.)
Prevention in these instances involves a systematic approach encompassing three components: First, IT systems block account openings originating from high-risk IP addresses or flagged geolocations. Second, customer data verification against public records filters out applications using previously issued Social Security Numbers or invalid personally identifiable information. (It is possible to check if each customer’s SSN has been used by other people, likely indicating synthetic ID fraud.) And third, biometric verification can include liveness checks during account opening or credit limit expansions to confirm authenticity.
Fraud against customers
Existing account fraud primarily targets customers, as fraudsters aim to take over accounts or execute unauthorized transactions. This often involves rapid money transfers or payments from the victim’s account into the fraudster’s account. Social engineering scams play a central role, ranging from credential and personal information harvesting to real-time scams that exploit authorized push payments and remote access tools.
Multi-factor authentication is a key strategy to mitigate existing account fraud and widely deployed at financial institutions. This type of authentication enhances login security by requiring that users provide multiple forms of identification. These include something they know (such as a password), something they have (a security token or phone), and something they are (biometric data). The underlying IT layer as outlined previously can prevent these forms of attacks prior to a customer interaction when network and device information of the fraudster is obtained, and access is blocked.
Detection technologies now focus on interactions between fraudsters and victims, and real-time monitoring is critical for detecting account takeover scenarios. Behavioral analytics, augmented by machine learning, can build detailed customer profiles based on transaction history, spending patterns, login times, and other behaviors. This data helps financial institutions detect anomalies, such as unusual transaction amounts or login behaviors, which can trigger alerts.
Session metrics, such as the duration of activity and velocity of transactions, can indicate abnormal behavior. Behavioral biometrics, including typing speed, keystrokes, mouse movements, and navigation patterns, also can establish baselines for customer activity. Significant deviations, such as rapid clicks or erratic navigation, can raise red flags.
When suspicious activity is detected, financial institutions can act immediately by alerting the customer, temporarily freezing the account, or requesting additional verification. Authorized push payment scams, which rely on rapid execution, can be disrupted by introducing delays, adding additional verification steps, or by sending tailored messages to the customer.
Behavioral biometrics further enhance security in these cases as well. A customer’s sudden changes in typing speed, unusual mouse movements, or deviations in other baseline behaviors may be indicators of potential fraud. These tools allow banks to preemptively block fraudulent transactions or slow down execution, giving the customer more time to realize that a fraud attempt is happening and halt the scam.
Conclusion
Fraud prevention and detection in financial institutions require a multi-layered approach. Integrating analysis of multiple methods of prevention and detection — personally identifiable information, biometric verification, IT insights, and behavioral analytics — can provide financial institutions with a comprehensive framework to address evolving fraud typologies.
By adopting these measures, financial institutions can protect both their customers and their own operations while building trust and resilience against financial crime.
In the final part of our 3-part blog series, we will see how financial institutions can find the right tech solutions to detect and prevent AI-based fraud.
