Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

12 Most Common Types of Bank Frauds

illustration of a fraudster committing online bank fraud

Solving fraud in banks is a constant challenge. According to PYMNTS, banks experienced a 41% increase in fraud incidents between 2021 and 2022. ACH fraud increased from 19 to 24%, while fraud attacks via mobile wallets quadrupled. What’s more, there were nearly 1.7 million reports of identity theft in 2021 alone. The numbers have only soared for every type of bank fraud in recent years.

Given the strong similarities between the two types of entities, credit unions’ fraud issues are largely parallel to banks’.

Fraud prevention banking professionals know that as banking industry fraud increases, so do the associated losses. The United States’ Federal Trade Commission reported $5.8 billion lost to fraud in 2021 — up 70% since 2020 — with 2.8 million consumers impacted.
Why the steep increase in bank fraud? There are more fraud vectors. Digital channels are particularly susceptible, and as mobile banking, mobile payment apps, ACH payments and online loan applications rise in popularity, fraudsters targeting the banking industry stand to profit substantially.

Let’s examine various types of banking fraud, including what they are, how they occur and what can be done to stop them.

Account Takeover

An Account Takeover – or ATO – occurs when fraudsters take ownership of an online account, often using stolen credentials. Thiefs can easily purchase credentials on the dark web or acquire them through social engineering scams, data breaches or phishing attacks and later use them to commit bank account fraud.
Once access is achieved, the attacker may change the password to lock out the real account owner. They may transfer money to another account, make fraudulent payments, or open new accounts (most often credit lines) in the victim’s name.
ATOs result in costly disputes for banks, and can have a detrimental impact on the company’s reputation and customer loyalty. They also cause substantial financial losses for consumers. About 22% of U.S. adults are victims of ATOs per year, with average losses of around $12,000.

Here’s a closer look at some of the techniques fraudsters may use to launch an ATO attack:

  • Phishing attacks

    fraudsters may obtain account credentials by sending a fake email or text message to customers that direct them to a fake bank login page. When customers enter their credentials, fraudsters steal them.

  • Credential stuffing

    Fraudsters leverage sophisticated bots to automatically test random credentials. Also referred to as “brute force” attacks, they leverage lists purchased on the dark web, trying different combinations until they gain access to an account.

  • Social engineering

    A broad range of attacks that fraudsters use to obtain account information directly from users by tricking them or appealing to their emotions and fears during interactions.

  • Cybersecurity issues

    Fraudsters often target unpatched software and other cybersecurity weaknesses to gain access to data servers and steal customer information.

  • Call center fraud

    Call center fraud is a form of social engineering in which a fraudster contacts an organization’s call center pretending to be a legitimate customer. They may then trick the call center representative into giving them access to an account or performing fraudulent or malicious actions within an account. According to Pindrop, call center fraud attacks increased by 57%

New Account Fraud

One of the most common type of bank fraud, New account fraud is also known as account creation fraud, account opening fraud, and fake account fraud. It describes the type of fraud that occurs when a fraudster or money mule opens an account with the intent of committing fraud, often utilizing stolen or synthetic identities.

They may steal identities of legitimate customers via data breaches or phishing, or they may sensitive information of children, deceased or even homeless people. In some cases, mules might create accounts using their own identities for fraudulent purposes, thus committing first-party fraud.

Fraudsters can also create synthetic or fake identities, which is more complex but common. To do this, they use some legitimate information about a real person combined with random, invented or stolen information from others. Once a new account is created, fraudsters may rack up charges or write checks against it in a victim’s name.

Money Laundering

Money Laundering is named right – illegal or “dirty” money is put through a series of transactions through foreign banks and/or legitimate businesses, making it legal or clean. Through this process, the money is “washed” – its origin is concealed, and no one can trace it to illicit activities such as drug trafficking, corruption, embezzlement or illegal gambling. Typically, money laundering is executed by organized fraud rings. There are three stages to money laundering:

  • Placement

    Money is placed into the financial system. For example criminals can break up large sums of cash into less conspicuous amounts that are deposited into accounts or used to purchase checks or money orders. Money may also be placed into bank accounts in small amounts that fall below the AML reporting thresholds – a process called “smurfing.”

  • Layering

    During this phase, the criminal moves funds around, creating distance between the origin. They may channel funds by purchasing and selling investments, using a holding company, or transferring it to different financial entities. They might disguise transfers as a private loan or payments for goods and services.

  • Integration/Extraction

    During the third stage, criminals integrate funds into the economy by buying goods and services, investing in real estate or business ventures, or hiring fake employees. The process of washing reduces profits, but the fraudster still comes out ahead.

Some of the warning signs of money laundering include repetitive transactions in amounts just under $10,000. Transactions executed by the same account on the same day by different people and large numbers of internal transfers are also yellow flags.
It takes good expertise and strong data to combat money laundering and stay compliant with AML regulations to avoid regulatory and law enforcement issues. Customer due diligence is key, and so is having the right software to monitor accounts and warn officials of potential criminal activity.

Money Mules

Money mules transfer money that they acquire illegally either in person, via a courier service or digitally on behalf of someone else. They’re transaction mercenaries and paid for their services.

A criminal recruits a money mule to help launder funds that they secure through online scams and other types of fraud or criminal activity, such as drug trafficking. The mule helps add to the “layers” of distance between the criminal and the source of the funds they stole.

Money mules move funds through bank accounts, cashier’s checks, cryptocurrency, prepaid debit cards or other means. Some of the mules are aware that they’re assisting criminals, while others may be completely naive. For example, they may have a trusting relationship with the criminal who’s asking them for help, and think that they’re doing the person a favor. That’s why it is the one of the most difficult types of bank frauds to detect as mules pass all KYC and AML checks and are not flagged as fraudsters.

Payment Fraud

Payment fraud occurs when a cybercriminal completes any type of false or illegal transaction. There are many different types of transactions that take place in the banking Industry across the customer account lifecycle. Some examples include cash withdrawals and deposits, checks, online payments, debit card transactions, wire transfers and loan payments. Each one is an opportunity for bad actors to commit fraud.

ACH Fraud

ACH fraud occurs when a criminal steals funds through the Automated Clearing House (ACH) financial transaction network, which is a central clearing facility for all U.S. Electronic Fund Transfer (EFT) transactions. In 2020 alone, the Federal Trade Commission received more than 2.2 million fraud reports.

Imposter scams were the most common type of fraud, with scammers using Authorized Push Payment (APP) schemes to trick customers into executing ACH transitions. Since ACH fraud can be committed with just two pieces of stolen information – a business checking account and a bank routing number – it’s easy to commit. Banks must compensate consumer accounts for fraudulent ACH transactions, and, as a result, ACH fraud can be costly for banks.

Check Fraud

Check fraud occurs when paper or digital checks are used to steal money. People may write fraudulent checks on their own accounts or closed accounts, forge someone else’s signature, or draft a fake check.

According to data published by the Association of Financial Professionals (AFP) in conjunction with JPMorgan, checks and wire transfers are still the payment methods most impacted by fraud (66% and 39%, respectively). One contributing factor to the rise in check fraud is the increased use of mobile check deposits, which rose 41% between 2020 and 2021.

Banks typically reimburse customers for check fraud, and the cost is high – for every dollar of losses, the associated costs for disputes and other fees is about $4.

Card Fraud

Credit card fraud is probably the most common type of bank fraud. It is a broad term that signifies fraud committed using any type of payment card, including credit, debit, gift card, and prepaid ones. How do they obtain this information?

By stealing a physical card, finding a lost card or card information, or card skimming (for example at a gas station). It can e divided into card-present fraud (CP) and  card-not-present (CNF) schemes. CNP fraud is 81% more prevalent than CP is.

The Payment Card Industry Data Security Standard (PCI DSS) is a data security standard. It was created to help financial institutions process card payments securely and reduce card fraud, but it’s not always successful.

According to 2021 research, about half of all Americans experienced a fraudulent charge on their credit or debit cards. Meanwhile more than one in three credit or debit card holders have experienced fraud multiple times.

P2P Payment Fraud

Today, one billion people use Paypal, Venmo, Zelle, Apple Pay and other cash apps globally to complete peer-to-peer (P2P) payments. These digital payment apps are easy targets for fraudsters who know that companies often lack the data and insights to detect new fraud patterns associated with them.

Scams occur frequently — a fraudster might sell goods to consumers over an online marketplace requiring payment via Paypal or Zelle, for example, and never deliver the goods. Fraudsters may also use stolen credit card information to create P2P accounts and purchase goods and services for themselves.

Since 2016, the number of people falling victim to fraud via P2P payment fraud has risen an astonishing 733%. Unfortunately, most P2P apps don’t have policies for protecting users against fraud losses due to scams. Worse yet, P2P fraud serves as a gateway to account takeovers and other types of fraud.

Wire Transfer Fraud

The term “wire transfer” originated from the practice of transferring funds between banks across telegraph wires. Wire transfer fraud typically occurs in one of two ways:

  • A scammer poses as a trusted individual, vendor, company or family remember and requests a wire transfer, often tricking the victim emotionally by claiming it’s an emergency. For example, an employee in finance receives an email from the CEO asking for money to be transferred to a vendor by the close of business or the deal will fall through. The email includes the account information and looks legitimate, but isn’t.
  • A hacker may monitor email communications around a wire transfer and change the wire instructions to redirect the funds to a different account.

With people becoming more comfortable sending money online, wire transfer fraud is increasing – as is the value of each transfer. One study shows that the average value is up nearly 68% from Q2 2020, reaching $12.5K in Q4 2021

Application Fraud

To commit application fraud, criminals use stolen or synthetic IDs to apply for loans or lines of credit. Here are a few examples:

  • A criminal applies for a credit card and builds credit gradually over months or even years to gain access to more credit. He then maxes out the card, with no intention of paying back the lender.
  • A fraudster may submit an application for credit or a loan using someone else’s information. Today these criminals can submit applications at scale to different financial institutions at once (this is called loan stacking), using automated bots and virtual machines. By the time fraud is detected, the criminal has received the money and is long gone.

Third-party application fraud often involves fraudsters creating synthetic identities by mixing real and fake information. First-party fraud involves people using their true identity by providing false information, such as a fake residence or inflated income.

Loan Fraud

A subset of application fraud is loan fraud. During Q2 of 2022, nearly 1% of all mortgage applications – 1 in every 131 applications – contained fraud. There are several different types of loan fraud, including mortgage fraud, loan scams and payday fraud, but all of them involve criminals using a person’s personal information to illegally obtain a loan.

Loan fraud has increased in recent years due to the rising popularity of online lenders, who often don’t execute thorough background checks on applicants. They may rely solely on basic information such as name, address, social security number and income to make lending decisions – information that can easily be stolen or or obtained via nefarious means.

How Do You Fight Banking Fraud?

According to research by PYMNTS, 88% of banking executives say reducing fraud is critical to maintaining merchant processing revenue, and most are using machine learning and AI to do so. Nearly all – 98% of acquiring banks surveyed – use AI, with 60% using it as their primary weapon. Additionally, 27% say rules-based algorithms are the most important anti-fraud tool to combat various types of bank frauds.

By combining advanced machine learning approaches and rules-based detection, DataVisor’s comprehensive fraud and risk management platform helps banks capture up to 30% more fraud with 94% accuracy. This can save millions in fraud losses while removing friction from legitimate customer transactions. Learn more here and explore our banking industry case studies.

If you want to see how these ML techniques can fit custom with your fraud solution, reach out for a chat with our team of fraud experts.