How Banks Can Fight Back Against the Fraudsters

Given the constant onslaught of fraud, many banks may be feeling that sentiment from that famous line from Dante’s Inferno: “Abandon all hope, ye who enter here.” 

But that doesn’t have to be the case. There are ways that banks can fight back. For instance, 86% of bank leaders said they had changed ongoing employee education to fight fraud, according to Bank Director’s 2025 Risk Survey. Seventy-one percent said they regularly communicate with customers about scams and threats while 42% said they had improved internal controls. 

“I do think that right now banks are desperate for a solution,” says Steve Sanders, chief risk officer and chief information security officer at CSI. 

Here are three areas that bank executives and board members should think about when it comes to winning the battle against fraudsters. 

1. At What Point Do You Stop the Fraud?
Unfortunately for banks, there isn’t one piece of technology that will prevent all fraud. But banks should be reviewing the products they are currently using. “I think if I were in a bank, I would be challenging my vendors to tell me in practical terms why their solutions are the best solutions. … I mean, if you’re not, you’re just going to pay for it,” Sanders says. 

Part of this should be thinking about where in the process the bank is catching the fraud. There are essentially three points at which a bank can prevent a problematic transaction, says Andy Lapp, senior director of fraud and managed services at CSI. The first option would be catching the incident through a “batch” review. This is when a bank analyzes data at a set time, such as every 12 hours, for any potential issues. This is the more traditional way banks have combated fraud but also happens at the slowest rate — banks may not catch the fraud for several hours, Lapp says — so it also lets the most fraud through. 

The second is spotting the fraud in “near real time,” Lapp says. This method would usually catch something within minutes. For instance, with card fraud, the bank may allow the first fraudulent payment to go through but would stop subsequent transactions after something suspicious triggers a response. 

Finally, there are efforts to stop fraud in real time. This one is the most advantageous but also the most difficult for banks to achieve, Lapp says. “In real time means [that] I’m about to send you money but I have a fraud system in the middle saying, ‘No … she’s a little shady.’ And it declines the transaction.” 

There are numerous companies out there right now offering solutions that claim to prevent fraud in real time, Lapp says. But any bank needs to do thorough due diligence before implementing any of them. According to Lapp, key questions to ask vendors could include: How does the provider claim it prevents fraud in real time? Do they have integrations into your core provider already built in, or would that be part of implementation? 

2. Push Commercial Customers To Do Better 
Regulations require banks to limit a consumer’s liability for unauthorized electronic funds transfers. But it’s a different story when it comes to commercial customers, says Stephanie Kalahurka, a partner at the law firm Fenimore Kay Harrison. Banks can require businesses to be more proactive in preventing fraudulent transactions. Since businesses are often on the hook for fraud, they have an incentive to do so. 

Probably the easiest step to take is to ensure contracts for commercial deposit accounts are different from those for consumer accounts. Essentially, these contracts should outline that the bank is providing reasonable fraud prevention solutions and encourage the commercial customer to use those. If the business doesn’t utilize these systems, then the contract can provide that the bank isn’t required to reimburse any funds that are stolen. 

One product that banks should offer and push businesses to use is Positive Pay. This requires the customer to submit a list of checks it has issued each day. The bank can then compare that to any that have been presented for payment. Anything that doesn’t match is usually automatically returned, unless the business tells the bank to still pay, Kalahurka says. Some banks even offer Positive Pay for ACH transactions. In addition to that, banks should encourage businesses to set up dual authorization for transactions like wire transfers. This requires two employees to approve before a payment is made. That slows down the process — fraudsters thrive on making requests seem urgent — and allows a second person to review the situation. 

If these or other fraud prevention solutions are offered, the bank is likely off the hook for reimbursing the business for losses tied to fraud. Instead, the institution has the discretion to reimburse customers — and may do so if the relationship is an important one. “You have a lot more leverage,” Kalahurka says. “You might make the business decision to cover some of it, but then you are really doing it as a service and not as a legal obligation.” 

3. Work With Your Colleagues
In general, the banking industry tends to be congenial, and institutions are willing to help their peers. That holds true when it comes to fraud as well. There are a variety of options. For instance, Cornerstone Advisors started a free quarterly roundtable where bankers gather to discuss fraud, policy and tools. It has roughly 80 participants, says John Meyer, a managing director at the consulting firm. 

State and national banking associations usually have forums where bankers can share information about the fraud they are experiencing, says Heather Deneault, vice president of deposit operations and branch management officer at the $454 million The Denison State Bank in Holton, Kansas. However, she notes it is important that a bank never violate a customer’s privacy when discussing these issues. “We absolutely must protect information,” she adds. “But we have to be able to share. If we can’t talk to each other, it’s very difficult to stop.” 

There are consortiums that banks can join to combat fraud, money laundering and other illicit activities. These organizations do that by collaborating and sharing information. Having access to this larger dataset and a broader view of trends can be helpful. 

Unit21, which is open to banks, fintechs and crypto firms, offers one such consortium that is aimed at preventing fraud. Members can set up customizable, automated rules that trigger when suspicious transactions occur across the network. The member can learn how long a potential customer has had an account with another member institution, though the inquiring bank isn’t given any private information, such as the name of the other institution or any internal data. The inquiring bank can also learn if the potential customer has had a strange pattern of logins, or if another institution has cancelled the person’s services because of suspicious activity. 

Last year, information from a crypto firm in the Unit21 consortium helped a credit union detect that some of its members were being defrauded through a crypto ATM scam, says Dhiraj Bhat, Unit21 product manager. The credit union was able to set up monitoring and stop the transactions. “All of these developments in fraud are happening in near real time,” he adds. “By the time the financial institutions educate their end users about this, it is already too late.”