Fraud Risk Profile for Financial Services Providers
The financial sector has the dubious distinction of coming in at No. 3 for the total number of overall data breaches in 2017. Worse, in the first half of 2017, financial institution fraud increased by 60% compared with the same period in 2016.
And yet, many financial services businesses still ignore their online fraud risks. Only 41% of respondents think they’ll be the victim of cybercrime in the next two years.
As fraud increases and cybercriminals become savvier, financial institutions must be doing all they can to combat fraud attacks and defend customers. Because it’s not a matter of if the next attack will happen — it’s when.
Why the Financial Industry Is a Target for Fraudsters
Fraudsters know what can be gained by targeting the financial industry: cash, and lots of it. And with the advances in technology — like digital wallets and mobile apps — come cybercriminals’ determination to find a way to compromise them all.
Even though cybercrime is the second-most common type of economic crime financial services organizations face, they may still be vastly underestimating how vulnerable are to fraud.
Here are three reasons why the financial services industry is particularly susceptible to fraud.
1. Frequency of Data Breaches
The Identity Theft Resource Center tracked 980 data breaches in 2016 and a stunning record-high 1,579 breaches in 2017, due to the increased reporting by businesses and evolving fraud tactics.
Businesses who are the direct victim of a data breach find themselves out significant time, money and effort as they scramble to do damage control.
But businesses don’t have to be the direct victim of a data breach to suffer serious loss. Fraudsters frequently take the user names and passwords stolen from one company and try them on other financial services sites, hoping the victim used the same passwords everywhere.
2. Customer Vulnerability to Phishing
A form of social engineering and identity theft, phishing scams try to trick individuals into revealing personal information. Fraudsters typically contact victims by text, email or phone, posing as an authority figure or a legitimate company — often a financial institution — to get the victim’s confidential data.
An estimated 23% of recipients open phishing emails — and 11% click on the links — making it an easy and effective way for fraudsters to quickly capture sensitive data and hack in to a victim’s financial accounts.
3. Failure to Conduct Security Assessments
Because so many financial services businesses don’t think fraud will happen to them, 25% of businesses surveyed reported they don’t conduct annual fraud risk assessments. In fact, half of those who haven’t conducted assessments don’t even know what the assessments involve or what their value is. That leaves the door wide open for a fraudster to take advantage of unsuspecting — and unprotected — businesses.
Why Online Fraud Is a Risk for the Financial Industry
Financial services businesses are often challenged by the desire to protect against fraudsters while approving legitimate customers. There are several types of fraud that businesses must watch for.
Synthetic Identity Fraud
Identity fraud is already common — costing U.S. consumers $31 billion in 2015 — but fraudsters are taking it one step further with synthetic identity fraud. With this type of fraud, identity thieves use a combination of real and fictitious — sometimes completely fictitious — personal data to create new, “synthetic” identities that are used to build credit, obtain driver’s licenses and defraud creditors.
Over the course of several months, fraudsters establish credit and take out loans from unsuspecting institutions. And if those financial services businesses aren’t careful, they can find themselves out significant amounts of money.
Account Takeover Fraud
Another type of identity theft, account takeover fraud, cost businesses and customers $2.3 billion worldwide in 2016. What makes account takeover fraud different is that fraudsters use a piece of a consumer’s identity — like an email address or a driver’s license number — to access and take over the unsuspecting victim’s account. Checking and savings accounts are particularly vulnerable, but even retirement and brokerage accounts can be compromised.
Account takeovers can happen several ways, including:
- Installing malware on a victim’s computer that captures keystrokes, like user names and passwords, and gives fraudsters the data needed to hack financial accounts.
- Stealing credit card data via skimming devices or the theft of the physical card and impersonating the victim to make purchases where ID isn’t required.
- Hacking mobile phones and compromising financial accounts or intercepting confirmation calls from financial institutions to approve changes to accounts.
Once fraudsters have taken over an account, they’ll reroute the account’s contact information to the fraudsters. As long as the legitimate customer doesn’t realize they aren’t receiving transactional or statement notifications, fraudsters will drain the accounts.
Authorized Users
Another way fraudsters open accounts under a fictitious identity is by first becoming an authorized user on legitimate cardholder’s account. Fraudsters pay legitimate cardholders to add a synthetic identity to their credit cards, letting the criminal piggyback onto and then “inherit” the cardholder’s good credit history.
How the Financial Industry Can Minimize Its Online Fraud Risk
Online fraud is more than an inconvenience for customers — it can lead to a lack of trust and increased dissatisfaction. And because the financial and reputational impact of fraud on these businesses is significant, businesses in the financial industry should do all they can to protect customers.
Simple ways to do that include:
Implement Two-Factor Authentication
Require customers to enter both a password and a one-time text code to confirm their identity before they’re granted access to their accounts.
Communicate Clearly
Reassure customers that they’ll never receive an email from you asking for their sensitive customer information. If they’re ever in doubt about the legitimacy of an email, they should type your website address directly in their browser and check for secure messages that way.
Verify Customer Data
Don’t review just select information on credit or loan applications. Review the entire application in detail and ensure data matches. Some fraudster rings establish fake call centers to field credit check calls from financial services employees, so it’s critical for businesses to get the whole picture.
Be Cautious of Limited Credit History
It’s understandable that a young college student will have limited credit history; less so with someone in their 30s. Take a detailed look at credit reports to see why they might have a scant credit record.
Protecting the Financial Services Industry Against the Rising Fraud Risk
Financial services companies must take a proactive approach to fraud prevention, or they risk bearing the brunt of the expensive costs of fraud and data breaches. And they can add up quickly, costing financial institutions an average of $141 per record lost or stolen and an average $4 million per data breach.
But this doesn’t mean the situation is hopeless. Using a combination of artificial intelligence and trained fraud protection staff, financial services businesses can benefit from a comprehensive view of a customer’s profile and better evaluate the risk of online fraud.
When you’re ready to further develop trusted relationships with your customers and protect your business against sophisticated fraudsters, contact the experts at ClearSale. We’ll help you compare your options and show you why our Fraud Protection Solution can help ensure your security and protect you from the next big fraud scheme.