In 2022 in the US alone, the Federal Trade Commission reported that consumer fraud losses amounted to over $8.8 billion. FIs can prevent these losses, however, by better understanding the fraud attack vectors that threaten not only their customers’ security but their own bottom lines.
In this article, the first in our financial fraud deep dive series, we’ll introduce you to three major threats to financial institutions (FIs) today: Account takeover fraud, social engineering attacks, and authorized push payment fraud.
You’ll also learn how to better detect and prevent these attacks using a modern, layered approach to security built on strong device identity and smart authentication methods.
In this article, the first in our financial fraud deep dive series, we’ll introduce you to three major threats to financial institutions (FIs) today: Account takeover fraud, social engineering attacks, and authorized push payment fraud.
You’ll also learn how to better detect and prevent these attacks using a modern, layered approach to security built on strong device identity and smart authentication methods.
1. What is account takeover fraud?
Account takeover (ATO) fraud, which can start as a phishing attack, occurs when an attacker takes control of a customer’s account. Once under their control, the fraudster can make fraudulent purchases, transfer funds, or access linked accounts.
In the case of phishing, a consumer receives a fraudulent text, email, or phone call from a fraudster who pretends to be a bank employee or an organization that they trust, like a phone company. The scammers hook their victim by creating urgency around protecting their account or helping someone in trouble, to gain access to their login credentials or get them to click on a link. In the end, the scammers take over the account and are free to steal their victim’s money, identity – or both.
Often the victims may only become aware of the attack a few days later, by which time their funds or identities have been stolen. The outcome for FIs is a loss in revenue and potentially driving up customer attrition rates.
Multi-factor authentication (MFA) is one way that FIs can protect themselves and their customers from ATO attacks like phishing and SIM swaps. It works because the authentication solution includes an additional factor of authentication beyond weak, password-only authentication measures.
In the case of phishing, a consumer receives a fraudulent text, email, or phone call from a fraudster who pretends to be a bank employee or an organization that they trust, like a phone company. The scammers hook their victim by creating urgency around protecting their account or helping someone in trouble, to gain access to their login credentials or get them to click on a link. In the end, the scammers take over the account and are free to steal their victim’s money, identity – or both.
Often the victims may only become aware of the attack a few days later, by which time their funds or identities have been stolen. The outcome for FIs is a loss in revenue and potentially driving up customer attrition rates.
Multi-factor authentication (MFA) is one way that FIs can protect themselves and their customers from ATO attacks like phishing and SIM swaps. It works because the authentication solution includes an additional factor of authentication beyond weak, password-only authentication measures.
Read more: 3 Ways to win against account takeover fraud.
2. Understanding social engineering attacks
When fraudsters manipulate people into sharing sensitive information like one-time passwords (OTPs), we’re talking about a social engineering attack. In these scams, fraudsters manipulate their victims by pretending to be someone they know or trust like a police official, a business partner, or even someone from the government.
Business email compromise (BEC) is a form of social engineering that occurs when an employee opens an email from an alleged company CEO or supplier who’s actually a fraudster. The cybercriminal then requests a payment that appears legitimate and, if successful, defrauds the company.
The number of BEC attacks has doubled in 2022, causing major damage to FIs and their customers. From financial losses to damage to credit scores, FIs’ reputations, and customer trust.
Yet, FIs can fight back and protect their customers. MFA provides an additional layer of protection against social engineering attacks. Plus, education — for banking customers and employees — is another key preventative tool against this fraud vector.
Business email compromise (BEC) is a form of social engineering that occurs when an employee opens an email from an alleged company CEO or supplier who’s actually a fraudster. The cybercriminal then requests a payment that appears legitimate and, if successful, defrauds the company.
The number of BEC attacks has doubled in 2022, causing major damage to FIs and their customers. From financial losses to damage to credit scores, FIs’ reputations, and customer trust.
Yet, FIs can fight back and protect their customers. MFA provides an additional layer of protection against social engineering attacks. Plus, education — for banking customers and employees — is another key preventative tool against this fraud vector.
3. The sneakiest one: Authorized push payment fraud
A particularly dangerous scam affecting FIs today is authorized push payment (APP) fraud. APP fraud occurs when fraudsters trick people into making a payment into a fraudulent account, like during the purchase of a property. Notably, with this type of fraud the victim is voluntarily transferring the funds, as a result of the scammer’s manipulation, making it harder to detect or prevent.
Unfortunately, APP fraud, which can take the form of impersonation scams, invoice fraud, romance scams, and tech support scams, is on the rise. Of the one in five global consumers experiencing payment fraud, over 25% of those incidents constitute APP fraud. Along with the potential for massive financial losses from reimbursements, APP fraud also damages an FI’s reputation, limiting their potential to retain top-of-wallet status.
However, FIs that keep up to date with compliance standards, such as EMV 3-D Secure, and the latest authentication measures, such as behavioral biometrics, can deliver more secure digital payments. Sharing intelligence across the payment ecosystem is another way industry stakeholders can work together to stop these scams in their tracks.
Unfortunately, APP fraud, which can take the form of impersonation scams, invoice fraud, romance scams, and tech support scams, is on the rise. Of the one in five global consumers experiencing payment fraud, over 25% of those incidents constitute APP fraud. Along with the potential for massive financial losses from reimbursements, APP fraud also damages an FI’s reputation, limiting their potential to retain top-of-wallet status.
However, FIs that keep up to date with compliance standards, such as EMV 3-D Secure, and the latest authentication measures, such as behavioral biometrics, can deliver more secure digital payments. Sharing intelligence across the payment ecosystem is another way industry stakeholders can work together to stop these scams in their tracks.
Read more: How to stop APP fraud from damaging your FI.
How to prevent fraud attacks with a layered authentication approach
What we’ve come to learn about most malicious attacks is that many FIs still rely on passwords or OTPs as their single line of defense. These methods are not only a hassle for consumers – especially when passwords are lost or forgotten – but particularly vulnerable to fraud attacks.
What all FIs need now are modern fraud prevention solutions that leverage the power of data and apply a layered approach to security that can detect and defeat all types of fraud.
Entersekt’s cross-channel authentication technology, for example, provides a single authentication platform that covers all banking channels. Our cutting-edge technology breaks down data silos and shares vital data points about each transaction across all digital and payment channels, delivering modern, secure user experiences that let only your customers in, and keep fraudsters out.
What all FIs need now are modern fraud prevention solutions that leverage the power of data and apply a layered approach to security that can detect and defeat all types of fraud.
Entersekt’s cross-channel authentication technology, for example, provides a single authentication platform that covers all banking channels. Our cutting-edge technology breaks down data silos and shares vital data points about each transaction across all digital and payment channels, delivering modern, secure user experiences that let only your customers in, and keep fraudsters out.
Protect your customers from evolving fraud threats with modern authentication technology. Contact one of our experts today.