Customers across financial industries are increasingly using services almost entirely online. It’s a consumer shift that was gaining momentum before the pandemic, with the rise of neo–banks, but digital-first services became essential to keeping us financially connected over the last two years when there were physical restrictions and lockdowns. Now, as we enter a post-Covid era, there’s no sign of the shift to digital reversing as 1 in 2 global customers would now rather open a bank account online.
An increase in digital processes and online presence brings with it an increase in opportunities for fraud. In fact, Onfido’s 2022 Identify Fraud Report found a concerning 47% increase in identity fraud since 2019, with financial services remaining one of the highest targeted sectors.
While the opportunity for fraudsters has increased, scalability has also rocketed as organizations move to online business models. Take, for example, opening a bank account. In a branch, a fraudster would have a limited number of fake sign-up attempts before being recognized and caught. But with fraud online, once a fraudster finds a loophole, they have more opportunities to launch attacks at scale.
Fraud is also evolving. Organizations are having to deal with a wide range of attacks. From account takeover, synthetic identity fraud, replay attacks to deep fake technology, fraudsters continue to innovate their approach. And to prevent fraud, businesses need to do the same. But are they doing enough to keep up?
Fraud costs – but do we know how much?
Figures suggest that global losses from payment fraud alone were $32.39 billion in 2020. This is triple what it was in 2011 and is expected to increase to a projected cost of $40.62 billion by 2027.
It’s important to point out that these are estimates – and conservative ones. While many surveys seek to understand the accurate scale and cost of fraud to businesses, it’s difficult to unearth the full picture as they don’t consider the associated costs of fraud. That includes the hours banking staff spend rectifying issues, the reputational damage to businesses, as well as personal costs that fraud has on victims.
What is clear is that fraud remains a serious and costly problem.
Take a proactive, not a reactive approach to fraud
To counter the cost of fraud and combat new and growing threats, businesses need to invest time, money, and resources into fraud risk management. A successful model provides a comprehensive approach to identifying, assessing, mitigating, and monitoring fraud.
According to the Association of Certified Fraud Examiners (ACFE), the best approach to fraud risk management is proactive rather than reactive. In other words, businesses should not wait for problems to arise before fixing them. Instead, they must take a risk-based approach, identifying how they might be attacked, then measuring that against their risk appetite.
From there, it’s about putting robust fraud detection and prevention frameworks in place, and analyzing developing fraud trends to stay ahead of emerging fraud trends and techniques.
Five considerations for effective anti-identity fraud strategies
- People, strategy, and governance:
The position from the top influences fraud prevention and detection throughout the business. Therefore, fraud risk managers should educate on and enforce the fraud strategy. A successful model also needs the correct culture, as well as the diversity of experience amongst the team. Senior managers should not only employ individuals with forensic and fraud expertise but must bring in those with a customer-centric mindset as the absence of any customer-centricity is often where teams fall down.
The best fraud set-ups don’t exist in a vacuum. Fraud teams should work with the customer experience and those focused on business growth to achieve a balance between how much risk they take on and how many customers they onboard. Businesses could stop 100% of fraud overnight by not letting any more customers in. But the best fraud strategy understands that a balance is needed, and the team works with the broader business to get that balance right.
What fraud risks are your businesses encountering, and how have they changed? If fraud happens, what’s the potential cost to your business? The foundation for the prevention and detection of fraud starts with risk assessment.
- Prevention and detection:
Knowledge-based passwords or passcodes continue to dominate digital account authentication, despite more than a decade of discussion on why they must be replaced with more secure processes. For instance, Onfido’s research with Okta revealed that 70% of global consumers would be open to biometrics as opposed to using a password to log in. Exploring new authentication techniques that are more robust, yet convenient for users, such as biometrics, will help reduce fraud without deterring customers.
- Technology and analytics:
Digital banking and other financial services are increasing. Humans alone can no longer keep up with the scale and magnitude of the fraud. To combat the risks associated with this, banks need to employ smarter technology and analytics to detect, deter and prevent fraud.
Combatting the risk of fraud
Despite the serious risk that identity fraud presents, many financial institutions still don’t have effective systems in place to deal with it. There’s no singular approach that can act as a silver bullet. But building an anti-fraud strategy around these five key considerations can help combat many of the risks.