Tearsheet/Tanaya Macheel: What you need to know about financial services fraud

    The Latest Hot Topics ▾ WTF Podcasts Events ▾

Data
Tearsheet termsheet: What  you need to know about financial services fraud

    The ways in which a person can commit fraud is growing so much and so fast the word become kind of vague. We break down what fraud is and how it happens

    There are three distinct patterns of fraud: transaction fraud, application fraud and account takeover fraud

Tanaya Macheel | AUGUST 15, 2017

    Facebook Icon Twitter Icon LinkedIn Icon Email Icon

In the digital age of digital transactions and other digital engagements, the word fraud gets thrown around a lot. Just see here, here and here.

That’s particularly true in financial services, since gaining access to cash “fraudulently” is harder now. As much as technology has raised the bar for the customer experience, it’s also raised the bar for hackers and fraudsters.

Here’s what we’re really talking about when we talk about “fraud.”

OK, what is fraud?
Fraud happens when someone tries to take money that doesn’t belong to him or her for any number of reasons and has an increasing number of ways in which to do it. That person could find a card in the back seat of a cab and use it for the next meal or somehow know enough of someone else’s personal information to walk into a bank and get a new debit card issued, which is why Chase removed that feature of its card business last week.

In the digital age, however, it can get more complex than that — and so can the consequences for the victim. Creating passwords that meet certain companies’ standards for security is more difficult and people move more quickly in the digital age and have shorter attention spans; it’s led consumers to care more about speed and convenience that security and privacy.

“It’s incredibly hard for people to get stuff done digitally because we’ve made it so hard to prove who you are at the places where you want to share your data,” said Greg Wolfond, CEO of SecureKey, which is partnering with Canadian banks on a solution to that problem.

Are there different types of fraud?
In finance, there are three distinct patterns of fraud: transaction fraud, application fraud and account takeover fraud.

Most people who use plastic cards have experienced transaction fraud. The card or card number is stolen or otherwise obtained by some bad actor and then fraudulent charges begin to appear on your account. In this case it’s pretty likely the you alerted the bank, which reversed the fraudulent transactions and replaced your card, and you moved forward with your life. Card issuers lost $15.72 billion (72 percent) in gross fraud losses in 2015 and merchants and acquirers lost the remaining $6.12 billion (28 percent), according to the Nilson Report.

Application fraud is the fastest-growing type of fraud in financial services and happens when a fraudster actually pretends to be you using actual account credentials to open new lines of credit. We can break it down even further into three types:

    Third party fraud: when someone gets enough of someone’s personal information from a compromised data set to go to a bank and pretend to be that person to apply or a loan or credit card
    First party fraud: when the person coming to the bank (or other service) really is the person he or she claims to be but intends to not pay back the loan or credit card; in instances of first party fraud, the bank or business is the victim, not the customer
    Synthetic fraud: when someone creates a persona using fake or borrowed information, like a social security number, and adds other, made-up elements of personally identifiable information like a name, address or date or birth

Synthetic identity is often confused with traditional identity theft, in which someone impersonates a real person. A synthetic identity is a purely fabricated identity; there’s no real person beyond the social security number. And whereas transaction fraud or third party app fraud is often motivated by a need for quick access to cash, synthetic fraud tends to have links to organized criminal activity, according to Ken Meiser, vp of identity solutions at ID Analytics, which is owned by cybersecurity firm Symantec.

Account takeover fraud is the final type of fraud (for the purposes of this primer, at least). It happens to people when fraudsters obtain their various user IDs and passwords to be able to access other accounts that involve financial transactions.

Did those new chip cards I got help?
Kind of! Account takeover incidents increased 61 percent to $2.3 billion from 2015 to 2016, according to research by Javelin published in February. Victims pay an average of $263 out of pocket and spent 20.7 million hours to resolve it in 2016 – six million hours more than in 2015.

In October 2015, U.S. card issuers began replacing people’s debit and credit magstripe cards with new chip cards and retailers began upgrading their payments terminals to allow customers to insert their chip cards into the devices instead of swiping the stripe. Even though Europe has been using chip-and-pin to pay for years, this finally went down in the U.S. two years ago as part of a push to lower card fraud — by using chips instead of magstripes, it’s harder to clone a card or steal the PII associated with it.

At the same time, it’s become easier for fraudsters to access accounts. Passwords have become kind of a pain in the ass so it’s not uncommon for someone to use the same password for multiple accounts and hope they can actually just log in biometrically. There are many sites one can access if they have Facebook credentials. Day-to-day engagement between people and businesses is generally more digital.

“As more of these activities become non face-to-face, if someone can compromise your credentials… Conceivably your identity lets fraudsters get access to other locations,” Meiser said. “When someone sells a compromised user ID and password, they’re really selling the opportunity to use that somewhere else.”
Data
How Wells Fargo is letting customers take back control of their financial data

    Next year Wells Fargo customers will be able to view their financial digital footprint in their mobile banking app and control where their information is used

    Wells Fargo's latest move in the crusade to give customers control of their data signals the overall industry shift to building emotional loyalty by offering customers' choice of how they use their money

Tanaya Macheel | JULY 24, 2017
Data
How JPMorgan is pushing back against fraud in fintech

    JPMorgan wants to make it easier for customers to use fintech apps -- something JPM excelled in long before the rest of the industry embraced legacy-startup collaboration

    JPMorgan and Wells Fargo are leading the push against screen scraping, the more common way for companies to access customer data

Tanaya Macheel | JULY 12, 2017
Data
5 charts that show where open APIs are taking banks

    53.8 percent of banks believe they'll evolve into platforms; 56.5 percent believe they'll remain the main channel

    As banks still try to execute an omnichannel strategy, consumers may have moved beyond that and gone all digital by this point

Tanaya Macheel | JUNE 23, 2017
Data
The challenge of solving for financial inclusion

    Technology offers a lot of promise and potential for the financially underserved, but it's a bitter truth that the most successful financial apps require linked customer bank accounts

    Financial inclusion was once a hot buzzword in fintech, but focus has shifted to financial health and users that have bank accounts

Tanaya Macheel | JUNE 19, 2017
© 2017 Tearsheet. All rights reserved.
About Us Masthead Digiday Media Custom Advertise with Us Legal