September 20, 2024 - Dan Gringarten

4 Major Digital Bank Frauds and How to Stop Them

“It is not the strongest of the species that survives, not the most intelligent. It is the one that is the most adaptable to change.” Though Charles Darwin said this about our natural world, he could describe the modern financial industry quite accurately—especially banking.

Not just since the dawn of the internet, but even in the last few years, digital banking has gone through a revolution. New technologies made customers’ experience smoother. Disruptors splintered operations off the big banks to offer specific services faster. Digital banks have even started offering debit and credit cards without requiring you ever set foot in a branch (not that you could.)

Whether initiated through phishing attacks, card fraud, phone calls, online transactions, online accounts or mobile banking apps, bank fraud can result in substantial financial losses. In this blog post, we’ll take a look at developments in fraud detection for financial services organizations in recent years, and how technology advances can help fight multiple types of banking fraud that have increased due to digitization.

The rise of digital banking fraud

Just as the banking industry itself adapted to serve the needs of modern customers, so too did digital banking fraud. Fraudsters have access to new technology as well, and they’re using it to put a new spin on classic methods to commit financial fraud in fintech. In the wake of their attacks, trust eroded in digital banking. Some users found they were even blocked from using digital bank cards by retailers as the industry scrambled to find out what to do.

In the end, digital banking fraud shares many similarities with other bank fraud types. In fact, many common types of digital banking fraud fall under the same scheme umbrella — account fraud.

Stamping out fraudsters before they attack digital banks is possible. It simply requires knowing their tactics and setting up the right prevention and detection tools. Let’s dissect the top 4 types of digital bank account fraud and then explore how adaptive institutions prevent them.

What are different types of digital bank account fraud?

Of the many types of fraud attacks on banks and digital banks specifically, the predominant four fraud attacks on digital banks are: fake accounts, account takeovers (ATO), money mules, and authorized and unauthorized transactions. Below we’ll explain them and the most effective fraud detection and prevention methods for each type of attack.

1. Fake accounts

Fraudsters target the onboarding process using tools to bypass traditional prevention methods like CAPTCHA and ID verification. Once they have the system fooled, they leverage bots to create hundreds, even thousands of fake accounts. Sometimes these accounts are used in coordination to exploit promotions—a common crypto-targeted scheme. Other times, they’re used to launder money. In many cases, fraudsters rely on the sprawl created by their fake account army to hide a small handful of accounts committing the actual financial fraud.

Fraudsters can get around traditional ID methods by using stolen information they’ve purchased on the dark web. When a digital bank asks for an SSN, an experienced fraudster can provide a real one with relative ease.

The key to detecting these fake accounts is to spot them early. Of course, that’s easier said than done. One of the best solutions available is unsupervised machine learning (UML). UML looks at the digital footprint of new account owners in the context of all the traffic experienced by a digital bank to find correlations between events (e.g. shared addresses, behavioral patterns, and common email domains) that are invisible to the human eye. .

In one UML success story, a leading fintech detected 92% of fraudulent account openings before the fraudsters could even claim a new-signup promotion.

2. Account takeovers

You know the emails and calls. “We need you to log into your account to update your billing method.” “We have a special offer for you, just log in here to claim it!” Fraudsters phish by email, text, and phone hoping to convince you they’re a legitimate entity. Once they have your password, it’s added to a database of hundreds of millions of other stolen passwords that they pass around inside crime ring circles.

Today, these schemes are even more sophisticated thanks to tools like Chat GPT that will write a perfectly convincing phishing email for a fraudster in seconds. Once a fraudster gets control of a digital bank account, they can drain it, use it for money laundering, or simply sell the information to the highest bidder.

Data leaks are another goldmine for fraudsters. Lists of compromised credentials are passed around, giving them access to countless customers’ accounts. When combined with the fake account smokescreen, a fraudster can do serious damage to a good user without ever being noticed.

These are just a couple of the many ways cyber scammers can take over accounts. You can read more about their methods if you’re interested. The key to stopping them is a more delicate process. Because traditional methods of customer authentication — including multi-factor authentication solutions — have a dire effect on customer experiences, smarter solutions look for financial fraud in the background. They strategically flag the actions of bad users without disrupting good traffic, which is of paramount importance.

3. Money mules

A money mule is defined by the FBI as any entity that transfers illegally acquired funds on behalf of someone else. Sometimes a money mule is another fraudster in on the scam and sharing the profit—common in money laundering schemes. Other times, and more frequently nowadays, a money mule is an unknowing victim. Romance scams fool an account holder into sending money to a fraudster disguised as a long-distance lover. Hopeful employees can be tricked into accepting and sending illegal payments to a fraudster thinking they are only doing what’s needed to land a job.

However they’re put in place, fraudsters rely on money mules to add a layer of distance between their victims and themselves. Mules also disguise the money trail, making it harder for investigators to trace an online banking fraud scheme.

Spotting a money mule requires a tool that detects suspicious activity between a network of seemingly unconnected accounts. This is another area where machine learning and artificial intelligence (AI) play critical roles.

Implementing advanced technology is crucial in the fight against money mules , as it enhances the ability to detect and prevent fraudulent transactions. Anti-money laundering (AML) efforts rely on sophisticated algorithms, machine learning, and AI to identify suspicious patterns and anomalies that could indicate illicit activities.

By automating the monitoring of transactions and incorporating robust security measures, financial institutions can more effectively screen for red flags associated with money laundering schemes. These technologies allow for real-time analysis and response, enabling institutions to quickly identify and halt fraudulent activities before they escalate.

Advanced AML solutions not only improve compliance with regulatory standards but also strengthen the overall security posture of financial systems, safeguarding them against the evolving tactics of financial criminals.

4. Authorized and unauthorized transactions

The ACH, or Automated Clearing House, is where a huge proportion of electronic fund transfers (EFTs) takes place in the U.S. Fraudsters can siphon funds from accounts that have been taken over (unauthorized transfers), or convince unsuspecting victims to send over money using social engineering techniques (scams). Venmo, Paypal, and Zelle transfers are also often used by criminals for these schemes.

Possibly more than using credit card information or identity theft, ACH fraud is appealing to fraudsters because it’s relatively easy to commit. They don’t even need your phone number — just a checking account number and routing number. Then they’ll use ACH fraud tactics to:

  • Move fraudulent funds back and forth between accounts to hide its true source
  • Divert a legitimate payment and cover it up with other payments
  • Use stolen credentials to steal money via ACH
  • Trick an actual account holder into providing their credentials, opening the account for fraud

Outside of ACH blocks, catching this type of fraud requires constant monitoring to spot malicious behavior patterns. The best way to accomplish that, and the method most banks are turning to, is machine learning.

Is malware a growing cybersecurity threat for banks?

In addition to these four types of fraud, malware is a significant threat, as cybercriminals and hackers exploit cybersecurity vulnerabilities to carry out fraudulent activities.

Malicious software, such as keyloggers, Trojans, and ransomware, is often used to infiltrate banking systems or trick individuals into providing sensitive information. Once malware infects a device, it can capture login credentials, intercept banking transactions, or even manipulate account details, allowing cybercriminals to divert funds or steal personal information.

Cybersecurity measures are essential in combating these threats, as they help identify and close vulnerabilities that hackers exploit. For banks and financial institutions, investing in robust cybersecurity defenses and educating customers about the risks of malware are critical steps in preventing bank fraud and protecting financial assets.

How do you stop digital bank account fraud?

Where traditional ID verification and fraud prevention methods aren’t enough, digital banks can catch fraudsters with a robust tech stack. The components that each digital bank needs will vary based on the fraud they face the most. However, a few solutions fit ideally to counter account fraud and prevent it before it happens.

What is ID graphing?

Data is the best tool a fraud fighter has to stop bad actors. ID graphing aggregates information from millions of data points and relationships to provide insight into account behavior. Once a fraud fighter has this graph-based visualization, they can decide which accounts appear to truly be fraudulent and which are good users. The graphing model is critical to help fraud teams spot patterns of abuse, massive fake account networks, and compromised accounts, even in real-time.

What is device intelligence?

Another core piece of machine learning digital fraud prevention, device intelligence uses device fingerprinting to uniquely identify the background of an account. This is extremely useful when both verifying good users and spotting accounts that fraudsters took over or created altogether. In the case of DataVisor’s device intelligence solution, fraud fighters can leverage it to protect against emulator attacks, botnets, hijacked accounts, app cloners, and more. It also delivers accurate signals and device IDs to boost detection while reducing false positives.

DataVisor

DataVisor’s complete fraud prevention solution leverages both ID graphing and device intelligence along with decisioning tools like Decision Flow to first spot fraud, then help digital banks make the right decision on eliminating fraud accounts while preserving the smooth experience for good users. It’s chosen by leading digital banks, multinational apps, respected financial institutions, and celebrated fintech companies alike. To explore how DataVisor’s best-in-class fraud prevention platform can help you stop digital banking fraud, talk with one of our experts and explore it for yourself.

about Dan Gringarten
Dan is a Product Marketing Manager at DataVisor, with over eight years of diverse professional experience, including a finance background where he earned his CPA. He is passionate about sports, cats and the art of mixology. Dan holds an MBA from Berkeley Haas.
about Dan Gringarten
Dan is a Product Marketing Manager at DataVisor, with over eight years of diverse professional experience, including a finance background where he earned his CPA. He is passionate about sports, cats and the art of mixology. Dan holds an MBA from Berkeley Haas.