Strengthening Relationships With Credit Score Monitoring

Written by

Customers want to improve their financial wellbeing and save money. Banks want to create sticky digital relationships.

Here’s something that can help both groups: credit monitoring.

Having a safe and easy way to keep an eye on their credit enhances consumer financial wellbeing in a variety of ways:

  • Makes it easier to find and stop fraud. According to the Federal Trade Commission, American consumers lost more than $5.8 billion to fraud in 2021, which was a 70% increase over 2020. When customers have a safe, convenient way to monitor their credit, they’re more likely to uncover and recover from fraud more quickly.
  • Helps uncover and correct credit report mistakes. Credit report errors are much more common than many people realize. According to a 2021 Consumer Report investigation, more than a third of consumers who participated in a voluntary credit report check found errors. And these errors are more than a nuisance. Negative impacts can include being uncorrectly charged higher interest rates on a loan or credit card or being turned down for a job or a place to live. 
  • Can improve credit scores and consumer financial wellbeing. Based on internal research SavvyMoney has conducted with partner financial institutions, we’ve found that consumers who monitor their credit data see strong improvements in their credit scores. Across all score ranges (except the 750 to 850 range), there was a 30% improvement in six months and a 39% improvement in 12 months. In the 300 to 649 score range, the improvements were even more dramatic: 32% in six months and 41% in 12 months.

Score improvement can mean significant savings for bank customers. Most importantly, consumers who improve their score can see a stark difference in interest costs on their loans. According to a study from LendingTree, borrowers with “fair” credit scores, which range between 580 and 669, could end up paying over twice as much interest on personal, auto and student loans, and 97% more on their credit cards.

Most consumers don’t currently monitor their credit. But that could change if they monitor it through your institution. Because credit monitoring is a soft pull, customers can check their credit data as often as they want without any impact to their credit score. That can help them get a better handle on their current financial health and areas where they could improve. And banks can add in personalized education and loan offers based on their score, creating a virtuous cycle of better credit, better lending rates and improved overall financial wellbeing.

Unfortunately, most people don’t monitor their credit. According to LendingTree’s annual customer survey, only a third of American consumers take that step. A big reason why: Consumers are understandably reluctant to provide their personal information.

This is where giving customers access to credit monitoring helps your financial institution too.

Consumers’ reluctance aligns with a key finding from SavvyMoney’s financial institution partners: 75% of users want to be able to check their credit score from inside their trusted financial institution. If their credit data is available through a single sign-on through your financial institution’s online or digital banking, they won’t have to.

Use a credit monitoring service that updates credit files more frequently — the best offer the option of daily updates — allows customers to track if they’ve moved into a new range and be alerted when their most up-to-date score qualifies them for lower rates.

Look for companies with solutions that integrate with your digital banking platform. That allows your customers to safely and easily monitor their credit score right from your online or mobile banking, driving engagement with your website or app. As the chart below captures, that additional engagement can drive an uptick in a wide variety of products and services, including checking penetration, which is often seen as a proxy for primary financial institution status.

Source: SavvyMoney partner case study

Credit monitoring is good for both your customers and your bank. If your financial institution isn’t currently making it easy for customers to check their credit with you, it’s a service worth investigating.

How to Give Cardholders Digital Self-Service, Fraud-Fighting Capabilities

Written by

Despite the dramatic changes in consumer spending habits over the last 18 months, an unnerving constant remains: Fraudsters are ever-present, and financial institutions and consumers must stay on guard.

To address fraud issues and enhance safety, credit and debit card payments are being reimagined and increasingly conducted via digital channels. By deploying digital self-service card capabilities, banks can better protect their consumers and allow them to keep transacting securely.

Recent research by Raddon, a Fiserv company, shows the ongoing primacy of credit and debit card payments. In a typical month, 77% of U.S. households use a debit card for purchases and 80% of household use a credit card for purchases, according to the research.

 

Card usage among varying demographic consumer segments remains robust, with millennials, Generation X and baby boomers all reporting significant reliance on card-based payments.

However, the definition of a “card payment” is changing. Consumers are increasingly using their cards digitally, with 40% saying at least half of their monthly transactions are done digitally on their mobile phones or computers, according to Raddon.

Mobile card applications are the answer to these changing trends. Today’s digitally minded consumer needs card apps that help them manage their accounts when and how it suits them. Banks can keep customers satisfied and safe by implementing a comprehensive mobile card management solution.

Digital wallet participation enables banks to give cardholders the ability to add a card to their smartphone or wearable. If cards can be digitally issued at the time of account opening, all the better. This process enables immediate card access via the digital wallet and provide an easy, secure and contact-free way to pay. Card apps can also provide control features designed to keep cardholders safe and their financial institution top-of-mind. Consumers can use these apps to protect their accounts, manage their money and take charge of card usage. Their increased peace of mind will drive transaction volume and cardholder engagement, empowering users to fight fraud through alerts for card transactions and personalizing usage controls.

Consumers are concerned about their spending patterns. Providing cardholders with detailed spend insights and enriched transaction information makes it easier for them to understand their spending and make informed spending decisions. An enriched transaction can make the difference between a panicked consumer who is worried about fraud and someone secure in knowing that each purchase is one they’ve made. The transactions should include real merchant names, retail locations for physical purchases, transaction amount and purchase date. It should also include contact information for the merchant, so consumers can make any inquiries about the purchase directly with the merchant.

Every interaction with consumers is a chance to make a great impression, especially on mobile. Consumers appreciate fresh app designs and features that focus on simplicity, including one-touch access to functions. For example, consumers should be able to quickly and easily lock a misplaced card to prevent fraud and unlock it when located. These digital-first, self-service capabilities create an efficient and safe cardholder experience. Banks can leverage existing marketing resources and creative assets to keep their consumers informed about and remind them of secure self-service aspects of the payments program.

Consumer expectations continue to rapidly evolve and drive change. Banks must respond by staying focused on consumer needs and regularly delivering new app features and interconnected payment experiences. The institutions that do will succeed by continuing to provide consumers with convenient and safe digital management capabilities for their credit and debit cards, whenever and wherever consumers transact.

A Deep Dive Into Wire Fraud and Business Email Compromise

Written by

Consumers demand for fast and convenient payments channels has increased opportunities for fraudsters to target financial institutions and their customers.

With wire fraud and business email compromise (BEC) attacks increasing, it is critical that banks remain vigilant to prevent fraud losses and reputational risks. We are sharing unparalleled data-driven insights into the current fraud landscape that we uncovered through the Verafin Cloud, with a deep dive into wire fraud and BEC. The Verafin Cloud contains an immense set of anonymized data from over 3,000 financial institutions, comprising $4 trillion in assets. Importing core, ancillary, open-source, third-party and consortium data, and analyzing over a billion transactions a week in the Verafin Cloud, we can accurately identify emerging fraud trends and create a substantial set of labeled fraud data to train machine learning analytics for fraud detection.

The Main Target for Wire Fraud
Criminals are constantly searching for weaknesses in banks’ wire fraud controls and will shift tactics to target points of least resistance – often your own customers. Criminals have refocused their efforts to leverage your customers as an attack vector, targeting them with known fraud scams. Statistics from the Verafin Cloud show that nearly three-quarters (74%) of all wire fraud cases targeted individuals, with elderly persons accounting for 63% of all people victimized by wire fraud.

BEC Behind Majority of Loss
While individuals were more frequently targeted by wire fraudsters, data in the Verafin Cloud shows that businesses sustained 73% of all financial losses to date, driven largely by BEC schemes. While most BEC attempts in our analysis involved wire transactions, 24% of BEC occurrences involved ACH transfers, demonstrating this channel is not immune to attack. A high value, high speed, and widespread scheme, BEC has become the No. 1 reported crime to the FBI, and is an ever-increasing threat to all banks.

Payee Risk Analysis
At many banks, a wire sent to a first-time beneficiary is automatically considered high risk. This assumption creates undue friction for your customers, as well as massive alert volumes — especially when a large proportion of wires from banks are destined for new recipients. This figure was substantial in our data: 23% of wire transfers were directed towards new payees for a customer. Banks should consider technology that provides visibility into the transaction counterparty in real time to ascertain whether a wire recipient is truly suspicious or has a trusted history of activity at other institutions.

A Step Ahead
Wire fraud is a growing threat for financial institutions. As fraud schemes evolve and become more sophisticated, wire transfers —which can be high value and irrevocable — are the perfect target for fraudsters. As criminals increasingly target your customers with a variety of fraud scams and schemes, banks must remain vigilant and ensure that holistic fraud detection and management solutions are in place to prevent loss and stay a step ahead of financial crime.

10 Fraud Prevention Tips to Help Protect Your Institution

Written by

According to a recent study, organizations lose 5% of revenue to fraud each year — a staggering statistic. In an effort to help institutions decrease this percentage, here are 10 fraud prevention tips.

1. Confidential Hotline
This is the single most cost-effective anti-fraud action an institution can take. Tips via hotlines are the No. 1 way that frauds are detected, according to the ACFE 2020 Report to the Nations; most tips come from employees. We encourage banks to set up a confidential hotline operated by a third party and advertise it internally to all of their employees.

2. Fraud Awareness Training
Awareness training for employees can result in shorter duration for prospective fraudulent activities and lower losses. Institution-wide awareness is critical: Turn your employees and managers into fraud detectors and take advantage of all those eyes and ears.

3. Vendor Controls
Vendor fraud is very common because of the large number of payments going out to different companies and entities. Every company has vendors/suppliers, so it’s an easy place to perpetrate fraud. Some items to consider:

    • New vendor selection:
      1. Who can select?
      2. How are they selected?
    • Due diligence on new vendors:
      1. Is the vendor real?
      2. Is their pricing reasonable?
      3. Is the vendor related to an employee?
    • Periodically reassess vendor relationships.
    • Reduce or eliminate conflicts of interest.

4. Implement Good HR Practices
Conducting checks on candidates before they walk in the door can go a long way in preventing fraud. Additionally, having exit interviews can be a very useful tool in finding out about fraud, waste and abuse in your institution. Without the interview, exiting employees may not bother to tell you what they know.

5. Implement Mandatory Vacations
You know those employees who never take a vacation day, and if they do, they check in the whole time? It may not be because they are super dedicated. Many problems are identified during perpetrator vacations, because someone must fill in for them and perform their duties. Implementing mandatory vacations or job rotations can help identify fraudulent activities.

6. Credit Card, Expense Reimbursement Policies
Purchase and credit cards are a very common and convenient tool for committing fraud. Closely monitoring with strong controls in place is essential to reducing the risk of this type of fraud. Start with a clearly defined policy on what is and is not acceptable. Card use for “business purposes” is not good enough.

    • What types for expenses do you really want to be paying?
    • What types of expenses are not acceptable?
    • What documentation is required?

7. Fraud Risk Assessment
Similar to going to the doctor for a checkup, banks should conduct a fraud risk assessment annually or biannually. The bank changes, and with those changes come different risks. A periodic fraud risk assessment can help adapt to those changes, allow executives to understand their institution’s fraud risks and focus their efforts. This assessment should be performed by someone who looks at fraud issues on a regular basis.

8. Segregation of Duties
This can be difficult for small or growing institutions that have controls that have not kept pace with their growth. Segregating duties is not a new concept, but it’s just as critical today as any time in the past.

A few places to focus on:

      • A/P access to signed checks.
      • A/P clerks who can set up vendors.
      • Payroll clerks who can set up new employees.

9. Code of Conduct
These can seem like “soft” controls, but it is critical that an institution has these in place so employees cannot claim “ignorance” that what they were doing was wrong. Policies to consider implementing include:

    • Anti-fraud policy.
    • Conflict of interest policy.
    • Policy related to gifts and gratuities.

10. Create the Right Culture
Culture is a critical component to fraud prevention. If leadership demands and displays integrity and transparency, it typically permeates through an institution.

    • Tone is set at the top: Management must “walk the walk.”
    • Create a positive workplace environment.
    • Establish a culture of honesty and high ethics.
    • Put an emphasis on doing the right thing.

Decades of experience have taught us that even if a bank implements all the tips above, it could still become a fraud victim. Fraudsters are infinitely creative with their schemes; detecting or preventing those schemes is a never-ending task. But when taken together, these top 10 tips can still go a long way in helping your institution mitigate its fraud risk.

This article is for general information purposes only and is not to be considered as legal advice. This information was written by qualified, experienced BKD professionals, but applying this information to your particular situation requires careful consideration of your specific facts and circumstances. Consult your BKD advisor or legal counsel before acting on any matter covered in this update.

Fraud Attempts on the Rise Since Pandemic’s Start

Written by

As Covid-19 passes its one year anniversary in the United States, businesses are still adjusting to the pandemic’s impacts on their industry.

Banking is no exception. While banks have quickly adjusted to new initiatives like the Small Business Administration’s Paycheck Protection Program, the most notable impact to financial institutions has been the demand for online capabilities. Banks needed to adjust their offerings to ensure they didn’t lose their client base.

“ATM activity is up, drive-through banking is up 10% to 20% and deposits made through our mobile app are up 40%,” said Dale Oberkfell, president and CFO of Midwest Bank Centre last June.

The shift to digital account openings has been drastic. The chart below looks at the percent change in cumulative number of evaluations from 2019 to 2020 for a cohort of Alloy customers, limited to organizations that were clients for both years. Since the onset of the pandemic, digital account opening has increased year-over-year by at least 25%.

Although the shift to digital was necessary to meet consumer demands, online banking opens up the possibility of new types of fraud. To study the pandemic’s impact on fraudulent applications, we took a closer look at changes in consumer risk scores since the onset of the pandemic. Similar to credit scores, risk scores predict the likelihood of identity or synthetic fraud based on discrepancies in information provided, behavioral characteristics and consortium data about past fraud activity.

Comparing the pandemic months of March 2020 to December 2020 to the same period in 2019, Alloy clients saw a dramatic rise in high-risk applications. Total high-risk applications increased by 137%, driven both by overall growth in digital application volume and a comparatively riskier population of applicants.

There are several ways for you to protect your organization against this growing threat. One way is to use multiple data sources to create a more holistic understanding of your applicants and identify risky behaviors. It also ensures that you are not falling victim to compromised data from any one source. It’s a universal best practice; Alloy customers use, on average, at least 4 data sources.

Another way for you to protect your institution is by using an identity decisioning platform to understand and report on trends in your customer’s application data. Many data providers will return the values that triggered higher fraud scores, such as email and device type. An identity decisioning platform can store that data for future reference. So, even if a risky application is approved at onboarding, you can continue to monitor it throughout its lifetime with you.

Digital banking adoption and usage is expected to only increase in the future. Banks need to ensure that their processes for online capabilities are continuously improving. If your organization is spending too much time running manual reviews or using an in-house technology, it may be time for an upgrade. Click here to see how an identity decisioning platform can improve your process and help you on-board more legitimate customers.

Covid-19 Fraud: A Financial Pandemic

Written by

Even as some regulators have reduced reporting requirements, the Financial Crimes Enforcement Network (FinCEN) has opted for a less-relaxed approach in regard to financial institutions and Bank Secrecy Act compliance.

Earlier this year, FinCEN offered some insight into its expectations regarding the Covid-19 pandemic as it applies to BSA. It noted that financial institutions will face challenges related to the pandemic but “expects financial institutions to continue following a risk-based approach” to combat money laundering and related crimes and “diligently adhere” to current BSA obligations. There are some special issues that banks should look out for, along with reporting requirements surrounding those issues.

Potential Fraud Indicators
An 2017 advisory letter outlines some potential fraudulent activities that can occur during a natural disaster or relief efforts. The release was intended to help financial institutions identify and prevent fraudulent activity that may interfere with legitimate relief efforts. The following are likely issues that could arise in the wake of a disaster.

  • Benefits Fraud — Benefits fraud typically occurs when individuals apply for emergency assistance benefits to which they are not entitled. Financial institutions are at risk when fraudsters seek to deposit or obtain cash derived from the emergency assistance payments. FinCEN noted that fraudsters often used wire transfers to perpetrate these scams. In those situations, they request withdrawals and the banks wire funds to the accounts, where the fraudster immediately withdraws the funds.
  • Charities Fraud — Charities provide a vehicle for donations to assist disaster victims; during times of disaster, criminals seek to exploit these vehicles for their own gain. Both legitimate and fraudulent contribution solicitations and schemes can originate from social media, emails, websites, door-to-door collections, flyers, mailings, telephone calls and other similar methods.
  • Cyber-Related Fraud — Cyber actors take advantage of public interest during natural disasters in order to conduct financial fraud and disseminate malware. The Center for Internet Security expects this trend to continue, as new and recycled scams emerge involving financial fraud and malware related to natural disasters.

According to an October release, FinCEN advised financial institutions to remain alert when it comes to fraudulent transactions that resemble those that occur in the wake of natural disasters. FinCEN is monitoring public reports and BSA reports of potential illicit behavior connected to Covid-19 and notes some emerging trends, in addition to those issues identified above.

  • Imposter Scams — Bad actors could attempt to solicit donations, steal personal information or distribute malware by impersonating healthcare organizations or agencies like the Centers for Disease Control and Prevention or the World Health Organization.
  • Investment Scams — The U.S. Securities and Exchange Commission urged investors to be wary of coronavirus-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect or cure coronavirus.
  • Product Scams — The U.S. Federal Trade Commission and U.S. Food and Drug Administration have issued public statements and warning letters to companies selling unapproved or misbranded products that make false health claims pertaining to Covid-19. Additionally, FinCEN has received reports regarding fraudulent marketing of coronavirus-related supplies, such as certain face masks.
  • Insider Trading — FinCEN has received reports regarding suspected coronavirus-related insider trading.

Suspicious Activity Reporting
FinCEN still expects institutions to report suspicious activity — however, there are some special expectations within the reporting fields. FinCEN requests, though does not require, that financial institutions reference the 2017 advisory letter and include the key term “disaster-related fraud” in the SAR narrative and in SAR field 31(z) (Fraud-Other) to indicate a connection between the suspicious activity being reported and possible misuse of relief funds.

New FinCEN COVID-19 Online Contact Mechanism
FinCEN has created a coronavirus-specific online contact mechanism, via a specific drop-down category, for financial institutions to communicate related concerns to FinCEN while adhering to their BSA obligations. While this reporting program is in place, FinCEN has not committed to more than an automated response to any communications received.

FinCEN has continued to encourage banks to follow existing guidance and regulation in an effort to secure transactions within the financial services space. FinCEN will offer additional guidance as fraudsters are identified and their efforts are better understood. Until then, financial institutions may do well to ensure that their BSA and anti-money laundering programs are prepared to weather the storm.

Community Risks That Community Banks Should Address

Written by

States and counties are starting to reopen after a prolonged period of sheltering in place due to the Covid-19 pandemic.

Many community banks that function as the primary lenders to small businesses in the rural Midwest have yet to see a significant negative financial impact because of the shutdown. In fact, many community banks stand to receive significant loan origination fees from the U.S. Small Business Administration for participating in the Paycheck Protection Program. They’re also flush with cash, report the community bank CEOs I’ve asked, as many borrowers haven’t used their PPP loan funds and consumers have been holding their stimulus payments in their checking accounts.

But just because things look stable from a financial perspective doesn’t mean there isn’t risk in your community and to your bank. Let’s take a brief look at some issues community banks should be monitoring today:

Increasing personal debt caused by prolonged unemployment. Unemployed Americans received an unprecedented amount of unemployment benefits that for the most part ended on July 31, 2020. What are Americans doing now? Some furloughed employees have been recalled, but others weren’t. When income is scarce, the use of credit cards, overdraft protection, and personal loans increases. What is your bank doing to monitor the increasing financial pressure of your individual borrowers and account holders?

Delayed business closures. Small businesses without a significant online presence are finding it difficult to operate in this new environment. “Nonessential” small businesses survived the shutdown by using government funds, furloughing employees, drawing on credit lines, or using personal savings. The lost sales may not have been deferred to a later date. Instead, they are truly lost and won’t be recaptured. Without a fast and heavy recovery for small businesses, they may be forced to close and may not be able to support their current debt load. How is your bank monitoring the performance of your small business customer?

Reduced need for office and retail space. With the increase in employees working remotely, especially at businesses that typically use commercial office space, the perceived need for office space is declining. Once a lease term expires, community banks should expect some commercial borrowers to experience reduced rental income as tenants negotiate for less square footage or overall lower rates. Are you tracking the going rate for rent per square foot in your market?

Increased fraud risk. When people experience all three sides of the fraud triangle (rationalization, opportunity, and pressure), they’re more likely to commit fraud. Identification of the fraud can be significantly delayed. A bookkeeping employee whose spouse has been laid off can rationalize the need for the company’s money, has the opportunity to take it, and feels the financial pressure to use it for personal needs. This person may be able to cover it for a short time; but, covering it becomes more difficult as it grows. That can happen within the bank or at any of your commercial borrowers.

Community banks have yet to see a dramatic increase in past dues or downgrades in loan ratings; it’s likely too early to see the financial stress. Several community banks are adding earmarked reserves to the allowance for loan losses in each loan category as “Covid-related.” However, community banks should carefully evaluate loans that were “on the bubble” prior to the shutdown, were granted some form of deferral by the bank, or are in certain industries like hospitality. Interagency guidelines permit banks to not account for these loans as troubled debt restructures (TDR) if they meet certain criteria, but banks are still responsible for maintaining a proper allowance. A loan in deferral may need an increased reserve, even if it isn’t accounted for as a TDR. The time it takes for that stress to show (called “loss emergence period” in accounting) is longer than many think.

Two other significant financial impacts to banks relate to overdraft fees and interchange fees. As spending decreased, so did overdrafts and associated fee income. And without the discretionary debit card swipes, interchange fees fell significantly as well.

How much of the above information will you use as you prepare the 2021 budgets this fall? What will your baseline for 2021 be: 2019 or 2020? Regardless, assess the risks to the bank and plan accordingly.

This article is for general information purposes only and is not to be considered as legal advice. This information was written by qualified, experienced BKD professionals, but applying this information to your particular situation requires careful consideration of your specific facts and circumstances. Consult your BKD advisor or legal counsel before acting on any matter covered in this update.

How One Bank Flattened Fraud

Written by

Argo.pngProtecting the bank and its customers — through cybersecurity measures, identity verification, fraud detection and the like — is vital in ensuring a financial institution’s safety and soundness, as well as its reputation in the marketplace. These investments typically represent significant cost centers, but fraud prevention tools can be an exception to the rule if they’re able to pay for themselves by preventing losses.

The idea is, when you put in a fraud system — and this is where some folks lose it — you want to make sure to catch more fraud than the system costs,” says Ronald Zimmerman, vice president in the operations department at $32.2 billion IBERIABANK Corp., based in Lafayette, Louisiana. “You always have to make sure that the cost doesn’t supersede your savings.”

Zimmerman implemented ARGO OASIS about a year ago. OASIS, which stands for Optimized Assessment of Suspicious Items, uses neural networks and image analytics to detect and prevent fraud. Modeled after the human brain, neural networks are a form of artificial intelligence designed to recognize patterns, making it well suited to identify check alterations, forgeries and other forms of transaction fraud. The solution then provides bank employees with detailed information to enable them to further investigate the activity.

Bank Director’s 2020 Risk Survey found that just 8% of executives and directors report that their bank uses AI technology to improve compliance. One-third are exploring these types of solutions.

IBERIA brought in OASIS to identify fraud in its “two-signature accounts” — customer accounts that require two signatures on a high-dollar check. “We have a queue set up in OASIS to monitor these checks as they come in through clearing. If a signature is missing or is in question, OASIS flags it for review,” Zimmerman says.

One thing about the technology that sets it apart is its check stock validation tool. “You have an overlay button where you can place a questioned check on top of a good check, and you have a little slide bar [so you] can see the small differences,” he says.

That tool alone has helped the bank stop roughly $300,000 in check fraud over the first eight months of use — meaning ARGO has already paid for itself. “We’ve caught a ton of fraud through this product,” says Zimmerman.

And $300,000 is a conservative estimate of the bank’s savings, Zimmerman says, because fraudsters have learned not to target his bank. “Check fraud flattened out, because the fraudsters have probably moved on, knowing that we’ve covered up a hole that was there before.”

ARGO OASIS was recognized as the Best Solution for Protecting the Bank at the 2020 Best of FinXTech Awards in May. ALTR, a blockchain-based security solution, and IDology, which uses big data for identity verification and fraud detection, were also finalists in the category.

Importantly, ARGO helps IBERIA stop fraud efficiently. A task that used to occupy three full-time employees’ time now takes two employees just a couple of hours.

IBERIA will soon merge with Memphis, Tennessee-based First Horizon National Corp. to form a $75 billion company. The deal was driven in part by the pursuit of scale.

Generating efficiencies is essential to better compete with big banks, said First Horizon CEO Bryan Jordan in a 2017 presentation. “We’ve got to be invested in technologies in such a way that we’re at or above table stakes,” he said. “The trick for us will be to … create efficiency in other parts of the business to create money that we can invest in leading-edge technologies and processes that really allow us to be competitive.”

Leveraging AI to reduce compliance busywork is a great place to start.

Small Changes Lead To Big Payoffs In Reducing Fraud

Written by

Banks can leverage their relationships with clients and empower to better control fraud.

Many financial institutions find themselves in difficult positions as a growing number of their customers are targeted for business takeover attacks. Hackers gain access to company funds through a variety of manipulations, often tricking an internal employee to send a wire transfer. Some corporates have ineffective controls around their bank accounts or make poor decisions when sharing banking information. Banks are often stuck in the middle. Regardless of its lack of involvement in a fraudulent transaction, the bank will likely receive the first call when money goes missing.

Organizations are increasingly concerned about these business takeover threats, according to RSM’s recent Middle Market Business Index Cybersecurity Special Report. The survey found that 64% of middle market executives believe their businesses are at risk of attempted employees manipulation in the coming year, up 9% from the previous year. They are right to be worried: These attacks are growing in popularity with criminals because of their low-tech and low-risk nature, combined with the potential of significant rewards.

Business takeover cases are simple on the surface, but can have complex details. In one recent example, a portfolio company from a private equity company sent an email to the PE firm’s chief financial officer seeking additional funds. A hacker who took control of the portfolio company’s email sent a follow-up email with the hacker’s bank account information to receive the fraudulent wire transfer. The CFO quickly recognized that something was wrong and called the bank. The company and the hacker used the same bank, which froze the funds. But the hacker successfully convinced the institution to release the funds and wired them out of the country.

While banks are not required to encourage customers to adopt stronger protections against takeover threats or modify their own internal processes to identify fraud, some small adjustments can make a big difference to help deter criminals.

Many banks still do not coach customers on how they can discourage takeover threats, or help them understand the tools at their disposal. For example, many banks offer two-factor authentication for wire transfers that customers choose to disable it, creating unnecessary vulnerabilities. When customers elect to turn off security controls, banks can intervene and help them understand how why those controls exist. Coaching can help clients avoid painful experiences.

In addition, banks should offer security information and training to their clients on a regular basis to help understand threats and the role the bank plays. Institutions need more visibility into emerging risks and the behavior and activity that clients need to avoid. They can use these touchpoints to check on their customers’ status, improve business relationships and discuss any additional necessary services. 

Many banks utilize flexible core banking systems that can identify high-risk transactions. These platforms feature extensive functionality, but banks often do not use all of the built-in capabilities and sometimes miss questionable transactions in real time. In many cases, they can establish controls to flag suspicious activity. 

For example, if a middle market company that traditionally only does domestic wire transfers sends funds to Romania, that transaction should stick out like a sore thumb. Perhaps a company that usually sends wire transfers under $20,000 suddenly sends one for $60,000. While large banks may not be able to pick up the phone to validate that transaction, community banks have an opportunity to reach out personally and provide more value than their larger counterparts.

Obviously, detecting a fraudulent wire transfer from within the bank is not always this straightforward. But the institution is often the last point of resistance in these attacks. Individuals responsible for oversight should review suspicious activity reports and other notifications of wire transfer fraud regularly to identify criminal activity.         

Banks may be able to better control fraud in three ways: confirming transfers with clients, being more conservative with internal fraud detection processes and paying attention for any outlier transactions.

Most banks and many customers have taken steps to improve their internal cybersecurity following high-profile attacks and increased regulatory scrutiny. However, plans to reduce business takeover risks both inside the bank and when guiding customer activities must be adaptable to new threats. Criminals’ methods will constantly evolve to circumvent today’s detective controls and protective measures.

Educating clients about how to avoid and address risks while adjusting internal bank processes can improve operations for both your bank and your clients. A stronger risk environment can increase customer satisfaction, reduce the strain on internal employees tasked to track down lost funds and help you avoid having to guide your customers through the fallout of a criminal hacking.

How Innovative Banks are Eliminating Online Card Fraud

Written by

Card fraud has a new home. Just a few years after the prolonged and pricey switch to EMV chip cards, fraud has migrated from purchases where the card is physically swiped to transactions where the card is not present. The shift means that U.S. banks might be on the cusp of yet another move in card technology.

EMV chips were so successful in curbing cases of fraud where the card was swiped that fraud evolved. Fraud is 81 percent more likely to occur today in “card-not-present” transactions that take place over the phone or internet rather than it is at the point of sale, according to the 2018 Identity Fraud Study by Javelin Research.

Technology has evolved to combat this theft. One new solution is to equip cards with dynamic card verification values, or CVVs. Cards with dynamic CVVs will periodically change the 3-digit code on the back of a credit or debit card, rendering stolen credentials obsolete within a short window of time. Most cards with dynamic codes automatically change after a set period of time—as often as every 20 minutes. The cards are powered by batteries that have a 3- to 4-year lifespan that coincides with the reissuance of a new card.

Several countries including France, China and Mexico have already begun adopting the technology, but the rollout in the United States has been more limited. The new Apple Card, issued by Goldman Sachs Group, boasts dynamic CVV as a key security feature. PNC Financial Services Group also launched a pilot program with Motion Code cards in late 2018.

Bankers who remember the shift to EMV might cringe at the thought of adopting another new card technology. But dynamic CVVs are different because they do not require merchants to adopt any new processes and do not create extra work for customers.

But one challenge with these more-secure cards will be their cost. A plastic card without an EMV chip cost about 39 cents. That cost rose to $2 to $3 a card with EMV. A card with the capability for a dynamic CVV could cost 5 times as much, averaging $12 to $15.

But advocates of the technology claim the benefits of eliminating card-not-present fraud more than covers the costs and could even increase revenue. French retail bank Société Générale S.A. worked with IDEMIA, formerly Oberthur Technologies, to offer cards with dynamic CVVs in fall 2016. The cards required no change in customers’ habits, which helped with their adoption, says Julien Claudon, head of card and digital services at Société Générale.

“Our customers appreciate the product and we’ve succeeded in selling it to customers because it’s easy to use.”

He adds that card-not-present fraud among bank customers using the card is “down to almost zero.”

Eliminating card-not-present fraud can also eliminate the ancillary costs of fraud, says Megan Heinze, senior vice president for financial institutions activities in North America at IDEMIA. She says card fraud is estimated to cost banks up to $25 billion by 2020.

“A lot of prime customers ask for the card the next day. The issuer then has to get the card developed—sending a file out that has to be printed—and then it’s FedExed. The average FedEx cost is around $10. The call to the call center [costs] around $7.50,” she says. “So that’s $17. And that doesn’t even include the card.”

What’s more, dynamic CVVs could also create a revenue opportunity. Société Générale charges customers a subscription fee of $1 per month for the cards. The bank saw a more than 5 percent increase in new customers and increased revenue, according to Heinze.

Still, some are skeptical of how well a paid, consumer-based model would fare in the U.S. market.

“The U.S. rejected EMV because it was so expensive to do. It was potentially spending $2 billion to save $1 billion, and that’s what you have to look at with the use case of these [dynamic CVV] cards,” says Brian Riley, director of credit advisory service for Mercator Advisory Group. “If it tends to be so expensive I might want to selectively do it with some good customers, but for the mass market there’s just not a payback.”

Still, dynamic CVVs are an interesting solution to the big, expensive problem of card-not-present fraud. While some institutions may wait until another card mandate hits, adopting dynamic CVV now could be a profitable differentiator for tech-forward banks.

Potential Technology Partners

IDEMIA

Idemia’s Motion Code technology powers cards for Société Générale and is being piloted by PNC and WorldPay.

GEMALTO

Gemalto’s Dynamic Code Card hasn’t been publicly linked to any bank or issuer names, but the company cites its own 2015 Consumer Research Project for some impressive statistics on customer demand for dynamic CVV cards.

SUREPASS ID

SurePass ID offers a Dynamic Card Security Code. The company’s founder, Mark Poidomani, is listed as the inventor of several payment-related patents.

FITEQ

FiTeq’s dynamic CVV requires cardholders to push a button to generate a new CVV code.

VISA AND MASTERCARD

Visa and Mastercard are leveraging dynamic CVV codes in their contactless cards

Learn more about the technology providers in this piece by accessing their profiles in Bank Director’s FinXTech Connectplatform.