Eight Opportunities for Better Consumer Banking Fraud Controls
By Jim G. George
Fraud and Money Laundering Expert Witness
Fraud and Money Laundering Expert Witness
Having worked as a fraud-reduction consultant for many years, the author finds many banks have opportunities to strengthen their anti-fraud programs.
All bank fraud is about lies, but ironically it involves at least one simple truth: Few perpetrators today are foolish enough to commit fraud using their real name, address and Social Security number. As a result, almost all fraud involves some form of identity falsification for the purpose of funds access, account takeover, or new account creation.
All frauds eventually involve some form of financial transaction as well, which means banks have an opportunity to address fraud from both identity and transactional perspectives. A balanced antifraud program will include coordinated business decisions in each opportunity area, resulting in the best overall trade-offs among customer satisfaction, operational costs and fraud control.
There is good reason to address every opportunity to address the issue. Just looking at checks, attempted check fraud at the nation’s banks surpassed $12 billion, according to an American Bankers Association 2007 Deposit Account Fraud Survey Report. This number doubled in the last 3 years. But the same study indicated actual dollar losses to the banks were $969 million. This is up about 43% in three years. The Nilson Report puts total check fraud losses at $40 billion annually. Much of this represents losses taken by retailers. This number also doubled in the last 3 years. Other forms of fraud are also on the increase.
Eight points areas for improvement are described below. Four are ID-based, and four are transaction-based.
The four ID-based opportunities to help stop consumer bank fraud include the following:
* Sort out legitimate applicants from defrauders – Beginning with the application process, banks have the opportunity to sort out legitimate applicants from defrauders. Each bank sets its policies and procedures in a way that represents a trade-off of loss control versus ease of customer acquisition. Expect to see more use of databases, analytics, photographs and biometrics in banks’ customer acceptance process. The key is to make those processes part of a comprehensive fraud prevention program and not just isolated activities.
* Review your customer set – Once accounts are open, banks should routinely focus on verifying that existing customers are the kind they’d like to retain. In other words, after making a rapid competitive decision, take the time to follow up in a more in-depth fashion and apply analytic tools to account data. For example, one bank decided to sort its account records by address and discovered approximately 500 of its customers all "living" at the same house. The bank immediately froze all 500 accounts and didn’t receive a single complaint. As a result, one form of fraudulent activity went down nearly 30 percent the next month.
* Scrutinize nonmonetary transactions – Unauthorized maintenance of existing accounts is being used by defrauders to "hijack" control by rerouting statements, check orders and other correspondence. Therefore, banks need to rethink the way they authorize and verify nonmonetary transactions. For example:
– The reasonableness of a customer’s move should be considered, based on sophisticated analysis, or even data as simple as zip codes. If a customer claims to be relocating from a relatively high-income neighborhood to a very low-income area, the change bears more scrutiny.
– Check reorders by phone also present an opportunity for defrauders who can purchase personal data, such as Social Security numbers, through the Internet. Therefore, banks should make sure their printing companies have the ability to verify customer identity before new checks are shipped. E-mails or letters to customers telling them when they should expect to find new checks in their mailboxes would provide some protection from theft of new checks.
* Banks should not inadvertently become part of the problem – Banks should have processes in place to monitor employee interactions with customers, if not to deter fraud by employees themselves, then to educate and guard against sloppy or unsecured transactions. Before giving out information to people identifying themselves as customers, for example, employees should have procedures to verify that they’re dealing with the right person. Overused and widely available Social Security numbers aren’t good enough anymore. In addition, banks should help customers avoid pitfalls. For example, banks should proactively warn customers about "phishing," the practice of sending official-looking but fraudulent e-mails to customers. Defrauders claiming to represent banks ask clients to log on (through a link to an official-looking but fraudulent site) and reenter personal information to supposedly update their accounts.
Taken together, these four identity-related steps represent a powerful antifraud package that can have a significant impact on a bank’s bottom line. But banks can do even more on the transaction side. The four transaction-based opportunities to help stop consumer bank fraud include the following:
* Be your own first line of defense – With transactions that take place through ATMs, branch offices, phone centers and online systems, banks have the opportunity to be their own first line of defense. In terms of safeguarding their own transactions, banks can develop tighter controls around every delivery channel but also must consider their impact on customer service.
* Use new controls to avoid problems – Other transactions come through other banks’ facilities and are presented for payment via paper or electronic transactions. While there may be some chance to recover write-offs caused by others’ errors, once a bank has made a decision to accept a bogus debit against a customer account (or has allowed an account to overdraft), it may be difficult or impossible to recover at a later date. With the implementation of Check-21, banks will be engaging in check-clearing based on paper or electronic images of original checks. In either case, most time-tested paper controls will evaporate into the digital world. To verify the authenticity of check images, banks should consider implementing electronic signature verification and other techniques.
* Take advantage of new technologies – Since overwhelming volumes have reduced the likelihood of uncovering suspicious transactions manually, the use of analytical software presents an opportunity to analyze customer banking patterns and identify unusual activity for human review. The USA PATRIOT Act requires identification of unusual activity which might be part of money laundering or terrorist funding schemes. Banks also may want to build on systems infrastructure needed to meet those requirements to support antifraud analysis.
* Build a feedback mechanism – There is the opportunity to learn from transactions that slip through the net by building a self-learning feedback loop into the overall antifraud program. To do that properly, there needs to be a link between fraud investigators and the people who design the policies, procedures and systems that protect the bank. Banks can develop a "fraud dashboard" to help them understand what is happening better and faster, and to provide data to help make the optimum trade-offs among losses, customer service and investments in improved targeting.
By developing a comprehensive antifraud program revolving around both ID-based and transaction-based opportunities, banks can make a significant dent in the success rate of traditional and online criminals. They can protect themselves and their customers while continuing to accept legitimate new accounts and offer valuable financial services. Because when it comes to defrauders, there’s one more simple truth that can’t be ignored: Nobody expects to see them getting legal, legitimate jobs anytime soon.
ABOUT THE AUTHOR: Jim G. George
Jim George is an independent consultant working with banks and software companies serving the banking market. He has more than 25 years of experience in bank consulting, with an emphasis on payments and deposits operations and strategy.
Copyright Jim G. George
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.