Banks Are Waging a Never-Ending Battle Against Fraudsters

Kristina Schaefer thought she had stumbled across an amazing opportunity — a chance to buy tickets to one of Taylor Swift’s Eras Tour concerts from a friend through Facebook Marketplace.

“I got excited about this,” Schaefer says, so she messaged the friend about it. But almost immediately the situation felt off. “She didn’t sound like herself. She was very worried about getting the money.”

Schaefer instead texted the friend and came to find out that the Facebook account had been hacked, and the person’s family was blocked so they wouldn’t be able to respond to the post and alert others to the fraud. Fortunately for Schaefer, the red flags alerted her to the deception before she lost any money. 

“People always think, ‘I would never fall for that.’ But you don’t think about things like this,” says Schaefer, associate general counsel and director of government relations at Dacotah Banks, a $4.6 billion holding company based in Aberdeen, South Dakota. “I work in fraud for a living.” 

Schaefer’s experience demonstrates the uphill battle banks are currently waging against fraudsters. Fraud is ubiquitous. The Federal Trade Commission reported consumers lost $12.5 billion in fraud in 2024, a jump of 25% from the prior year. The significant uptick in fraud losses didn’t come from more reports. Instead, the percentage of people who lost money to a scheme increased. 

Fraud and scams affect both consumer and commercial customers, and can take many forms — identity theft, fraudulent card-not-present transactions, push-payment scams, check fraud, account takeovers, internal theft by an employee and more. These crimes could be perpetrated by an individual based in the bank’s community or driven by an organized crime syndicate halfway around the world and out of reach of local law enforcement. And even when the crime is initiated outside the bank, such as on a social media platform, banks are often on the hook or left to help customers sort through the aftermath.

Given all of these factors, it is incredibly difficult for banks to effectively fight against fraud.

“[W]hat is the bank struggling with as far as fraud?” asks Andy Lapp, senior director of fraud and managed services at CSI, a provider of banking and risk management solutions. “Is it ACH fraud? Is it [person-to-person] fraud? Is it wire fraud? Is it social media scams or elder abuse? There’s a lot of different types of fraud, and there’s not a silver bullet that wipes them all off.” 

The Scope of the Problem
Technology has made it easier than ever for consumers and businesses to open accounts, move money, take out a loan and complete numerous other banking activities that are necessary in a thriving society. But at the same time, these changes have made it easier for criminals to defraud victims. “Fraud is pretty rampant,” says Stephanie Kalahurka, a partner at the law firm Fenimore Kay Harrison. “With all the ways we’ve made banking more convenient, we have also created more points for fraud. Criminals have different tools in their toolbox, depending on whether the fraud is against a consumer or commercial account.” 

As of August 2025, depository institutions had filed more than 1 million suspicious activity reports (SARs) this year related to fraud, according to the Financial Crimes Enforcement Network. In 2024, roughly 75% of the SARs filed mentioned fraud as a red flag. 

Fraud results in losses that extend beyond the bottom line. LexisNexis calculates that the U.S. financial services industry loses $5.75 for every $1 lost to fraud. This figure includes the indirect impact of fraud, such as costs tied to operations, compliance and customer trust. If a customer isn’t happy with how the bank responds to an instance of fraud or a scam, then the institution risks losing the relationship. For instance, 2024 research from FICO shows that 13% of customers worldwide said they would switch banks if they were unsatisfied with how the institution handles the experience with a scam.

Of the SARs from 2025, roughly 318,000 of these related to check fraud — an issue that will be explored in further detail later in this report — while another roughly 144,000 reports were suspicious activity related to ACH transactions. 

More than 200,000 of the SARs filed related to credit and debit cards. Card fraud is one of the most common types of fraud. But it generally leads to smaller losses per incident, says John Meyer, a managing director at the consulting firm Cornerstone Advisors. Card fraud made up roughly 59% of fraud cases but only accounted for about 39% of fraud losses, according to the 2025 Annual Survey of Community Banks from the Conference of State Bank Supervisors.  

Criminals steal card information through a variety of ways, including ATM shimmers, a small device inside the card reader that can scan the chip information on a customer’s card.  Fraudsters will then often do a test by attempting to make a small purchase with the stolen card information, and if that is successful, they will go on to make bigger transactions, Meyer says.

Card-not-present fraud — when a purchase is completed through a channel, such as online, where a card isn’t physically present — has been one of the biggest types of fraud that The Denison State Bank in Holton, Kansas, has been battling. Fraud has become so pervasive that the $454 million bank, a subsidiary of Denison Bancshares, recently created a loss prevention department, staffed by two employees. It also has implemented new technology, with the help of its core provider CSI, that can help detect check fraud. Heather Deneault, vice president of deposit operations and branch management officer, notes that worsening fraud last year was the tipping point for the institution. 

“Up until that point, you just dealt with fraud after the fact, after the customer’s debit card was compromised or after the check cleared the account,” she adds. “[W]e really wanted to take as much of a proactive approach as we could.”

The Challenges With Fighting Fraud
There are several issues that make it harder for banks to successfully fight fraud. First, much of it may start on another platform that is unrelated to the industry. The fraudster attempting to sell nonexistent concert tickets on Facebook to Schaefer is a good example of this. Banks have little-to-no say in how the social media giant Meta runs Facebook Marketplace. “We have seen that banks control the things within their ability to control but the ecosystem is much broader than that,” says Brian Fritzsche, associate general counsel at the Consumer Bankers Association, a banking trade group. “Fraud doesn’t just live in one sector. We really need a whole society approach to fighting fraud.”

Certain regulations also mean that banks are frequently on the hook for mistakes that consumers, in particular, make. The Electronic Fund Transfer Act, which is implemented through Regulation E, “protects consumers when they use electronic fund and remittance transfers,” according to the Consumer Financial Protection Bureau. This covers ATM withdrawals, direct deposits, overdrafts and more. 

But Regulation E also means that institutions are often required to reimburse funds consumers lose to fraud and unauthorized transactions, Kalahurka says. That’s even true if the consumer makes an avoidable mistake, such as losing their debit card after writing their PIN number on it only for a thief to find it and withdraw money from the account. There is no legal recourse for the bank in these instances. 

“Banks are also not permitted to ask consumers to waive their Regulation E protections in deposit agreements,” she adds. “What if the consumer is negligent? They are still not responsible.” 

Finally, experts agree that law enforcement often is not able to catch those responsible for fraud. That’s partly because the fraud could be originating outside of the jurisdiction of local law enforcement. On top of that, local police may not have the time or resources to devote to a fraud case, unless a significant amount of money is stolen or other crimes are involved. 

Other times, victims may be reluctant to step forward and admit what happened. This could be especially true if the fraud started as a scam that is embarrassing to the individual. Fraud is when a customer’s account is accessed by an unauthorized individual and money is stolen. The victim normally doesn’t realize the account has been accessed until money is missing. Scams are generally a form of fraud and can lead to monetary losses to the victim. In these situations, the victim has been tricked out of their funds or manipulated into giving up their account information. 

In cases where a consumer directly authorizes a transaction to a criminal, then the bank isn’t required to replace those funds under Reg E. However, if the consumer is tricked into providing their account access information to a fraudster, and the criminal uses that information to initiate an electronic funds transfer from the consumer’s account, the bank can be on the hook for the unauthorized activity.

Meyer has experienced firsthand how closely linked fraud and scams can be. Several years ago, while he was traveling abroad with a friend, his credit card company called to ask him if he had signed up for a membership to a Christian dating website. At the same time, his friend was signed up for a different dating website. Meyer believes they must have used an ATM that had been corrupted by criminals to steal their card information. 

“Why a dating website? They were probably going to catfish someone,” he speculates, noting that it would be hard to catch the fraudsters given that they had used stolen information to sign up for the dating profiles. “Sometimes they use bad information to do other bad things.” 

All of this is to say that banks must be highly vigilant right now as fraud increases, and technology creates more avenues for potential victims. “Everyone has to be worried about fraud,” Schaefer says. “It doesn’t matter the size or sophistication of your bank anymore. Everyone is a target.” 

*This article appeared in Bank Director’s report “The Fraud Menace: Protecting Your Bank,” which is sponsored by CSI.