What is fraud prevention?
Fraud prevention is the implementation of a strategy to detect fraudulent transactions or banking actions and prevent these actions from causing financial and reputational damage to the customer and financial institution (FI). As the online and mobile banking channels becomes more popular and FIs continue to digitize, a strong fraud prevention strategy is only going to become more important.
Fraud prevention and cybercrime are connected and always changing. As fraud prevention professionals develop new authentication and fraud detection solutions, the fraudsters are networking with each other, monetizing, and exchanging information on the Dark Web. Fraudsters today are using sophisticated strategies and malware to succeed in their fraudulent activities. Though fraud prevention technology has made great advances and continues to do so, it’s important to be aware of fraudulent tactics and understand how to prevent fraud.
In this article, we will cover:
- Fraud Detection vs. Fraud Prevention Solutions
- How Fraud Prevention Works: Machine Learning
- How Banking Customers Can Reduce their Risk of Fraud
- Common Fraud Schemes
Fraud Detection vs. Fraud Prevention Solutions
Financial institutions are continuing to invest money in fraud detection and prevention to protect their customers. Those these are related concepts in cybersecurity, but they differ in important ways:
- Fraud prevention occurs before the fraud attempt
- The goal of fraud prevention is to reduce the risk of future fraud
- Fraud detection occurs during the fraud attempt
- The goal of fraud detection is to mitigate fraud
- Sophisticated fraud detection solutions also reduce false positives which improves the user experience and increases the productivity of fraud teams
How Fraud Detection and Prevention Works: Machine Learning
The emerging trend in fraud detection and prevention at the moment is a focus on machine learning. Machine learning is the use of artificial intelligence to improve upon a system without being specifically programmed to make these improvements. In the context of fraud prevention, there are two types of machine learning: unsupervised and supervised machine learning.
Unsupervised machine learning uses anomaly detection, where it determines what is usual and what is unusual about the transaction. However, supervised machine learning has additional, significant benefits for fraud analysis teams. With supervised machine learning, the model is trained using historical information around fraud. It is therefore able to determine whether a transaction, usual or unusual, is likely to be fraud by assigning a fraud score in real time. Machine learning can also be used from an automation perspective as well. It's impossible to have a fraud expert in place at all times to monitor all events. In addition, machine learning is removing that availability bias as well as potentially an affirmation bias. Machine learning removes these human challenges and enables fraud teams to make decisions on events in real time in an automated way.
Machine learning can also make decisions for other types of workflows – such as what type of authentication a financial institution should apply to a transaction and other internal controls. It can determine whether the strength of the authentication required relates to the risk. This can also be used to improve the customer experience – whereby financial institutions can determine that where the risk is low, there is no need to request authentication from the user at this point in time. If financial institutions are using continuous monitoring then if the risk changes, they can then serve up a stronger authentication biometric. Through this process, machine learning allows the financial institutions to adapt authentication types to the level of risk as well.
How Banking Customers Can Reduce Their Risk and Help Prevent Fraud
Beyond fraud detection systems, individual banking customers can reduce their risk of fraud by following a few best practices. Below, we’ve compiled a short list. By encouraging these practices, you can help reduce your organizations risk of fraud as well.
Use Safe Payments
Though online banking is becoming more popular , it is still important to use discretion before spending and moving money online. How individuals spend money online incurs different levels of fraud risk. Unsecured websites are vulnerable to fraudsters who can infiltrate the site and access payment information. For these reasons, it is important to use discretion whenever purchasing a product or service online. Stick to known and well-established payment networks like Paypal.
Guard Personal Information
Personal information has value. Discourage your customers from readily disclosing it, even if the individual requesting the information claims to represent a trusted organization. The consequences can be serious, for example, with user’s personal information attackers can commit account takeover fraud and use the account to open lines of credit or transfer wealth to an unknown account.
To acquire your customer’s personal information, attackers may use phishing techniques. Phishing and social engineering are types of fraud that seek to exploit the trust and good nature of the average person. It could be a phone call, text, or email from a hacker pretending to represent a company. They may then ask to verify bank account details or to inform the customer of an immediate crisis. when in doubt as to whether a communication from the bank is legitimate, encourage your customers to confirm the issue by contacting the bank directly. In addition, there are tell-tale signs of a phishing email, such as misspelled words, unknown email addresses, and other oddities.
Check Credit Reports Regularly
Encourage your customers to monitor their credit report throughout the year. Various applications and banking services will allow individuals to review their credit score without actually pulling a hard check on their credit. These tools will help identify fraudulent purchases or credit taken in their name that may unexpectedly impact their credit score.
If a customer loses their credit card or suffers a security breach, they can request a credit alert from one of the three leading credit agencies, Experion, Equifax, and TransUnion. Learn more about fraud alerts from the US Federal Trade Commission.
Finally, the strongest protection they can put on their own account is to request a credit freeze from the credit agencies listed above. This will prevent anyone, including fraudsters, from opening a line of credit until the account is unfrozen.
Conduct Online Searches
An individual’s is at risk of fraud when shopping online. Before doing business with an online company, users should conduct a quick search for online reviews on the most popular review sites like Yelp and Google. The company in question is not in control of these review platforms and will be unable to remove negative reviews. If a user only finds negative reviews or cannot find any reviews at all, they should reconsider the risk of doing business with this company.
What’s more, users should only use financial applications with robust security solutions in place, such as the OneSpan Mobile Security Suite.
Remain Skeptical About Free Trials
Free trials are a wonderful tool for companies to help demonstrate the value of their product and perfect for customers to ensure they are purchasing the right solution. However, a free trial download could also be a ploy from fraudsters. It could be a phishing attempt for email information or even malware to control the user’s device remotely. Before downloading anything from a website, including a free trial, users should make sure they trust the website and can verify its legitimacy.
Common Fraud Schemes and Fraudulent Activities
Data breaches occur when a fraudster infiltrates a corporate network and copies information from the database. Often the fraudster is in search of customer records, credit card information, or other personally identifiable information. Once acquired, this information is then sold on the Dark Web. Though the result is often the same, the means by which a fraudster executes their attack can be varied. What’s more, attackers are always varying their approach. Below, we’ve included some of the most common types of fraudulent activities that still occur today.
- Denial of Service:
A Denial of Service (DoS) attack seeks to overwhelm the computing resources of the website to cause it to crash. By wielding hundreds or thousands of zombie computers, a fraudster can command their botnet to, for example, repeatedly complete the contact us form thousands of times until the website stalls trying to process the influx of requests.
Short for “malicious software,” malware is a broad term to describe a variety of harmful software including viruses, ransomware, spyware, and more. It has been a threat to individuals and organizations ever since the 1970’s when the Creeper virus was first discovered.
Phishing seeks to exploit the people in an organization to extract valuable information. With an email, SMS message, phone call, or other form of communication, the phishing message will attempt to trick the user into revealing information or downloading malware onto their device.
Ransomware is a form of malware that encrypts your local files on the infected device. In order to obtain the encryption key to once more access your files, the fraudster will demand payment. Effectively, the fraudster holds your data ransom. Worse yet, paying the ransom is not a guarantee that the fraudster will provide the encryption key. It is not uncommon for the fraudster to simply receive payment and cease all contact.