A version of this blog appeared on the BioCatch blog written by Seth Ruden and Justin Hochmuth.
Since 2019, bank imposter schemes have emerged as a significant threat for fraud managers, driven by the rapid adoption of digital banking solutions, particularly real-time peer-to-peer (P2P) payment channels. This shift, while essential in a competitive market, exposed financial institutions to new levels of fraud. As these institutions embraced P2P payments, they faced the challenge of balancing innovation with security.
In the initial phase, fraud detection strategies relied heavily on established methods and legacy fraud platforms. However, these traditional approaches soon proved inadequate against the evolving tactics of fraudsters. The challenge was to develop sustainable fraud detection methods that could adapt to the consistent and innovative strategies employed by attackers.
To gain insights into effective fraud prevention strategies, we spoke with Justin Hochmuth, a threat analyst for BioCatch. Justin collaborates with various financial institutions, including community banks and credit unions, to address evolving threats. His focus is on mitigating the risk of social engineering account takeover (ATO) scams using a unique behavioral data-driven approach.
Behavioral intelligence analyzes user interactions within online banking platforms, providing valuable insights that traditional methods might miss. Fraudsters often exhibit unfamiliarity with user data and utilize advanced keyboard and mouse functions differently than genuine users. By detecting these behavioral anomalies, financial institutions can significantly enhance their fraud prevention capabilities.
Historically, financial institutions relied on strong controls to decline fraudulent transactions in real-time. While automation through decline or lockout mechanisms remains effective, the goal is to prevent fraudsters from initiating transactions in the first place. Behavioral data points throughout the digital banking session can be leveraged to detect anomalies early and mitigate risks before any money is moved.
Fraudsters not only move money but also access personal identifying information, card data, and application channels. By assessing risk at various stages of the online banking journey, institutions can protect account holders’ information proactively and reduce the chances of unauthorized access.
Fraudsters continually refine their methods, sharing best practices and strategies through online messaging platforms. One prevalent tactic involves spoofing financial institutions’ contact numbers and posing as security representatives. By gaining the trust of account holders, fraudsters obtain one-time passcodes (OTPs) and instruct victims not to log into their accounts for a few days, allowing time for the fraudulent activity to go undetected.
The use of AI tools like ChatGPT has further enhanced fraudsters’ capabilities, enabling them to create professional scripts, change voices, and even conduct deep fake video conferencing. Device emulation and VPNs make traditional data points like device and network location unreliable. As a result, measuring behavioral differences becomes increasingly valuable in combating these sophisticated threats.
To effectively combat these evolving fraud tactics, financial institutions must pair traditional controls with the utilization of advanced fraud tools. Behavioral-based data provides financial institutions with key insights that allow them to apply targeted strategies that incorporate both legacy data types (network and device) and offer the best protection against fraud attacks while also reducing high levels of customer or member friction and improving fraud detection efficiency.
Collaboration among financial institutions is also crucial. Sharing best practices and strategies through networking groups and shared platforms can help protect account holders from fraudsters. While fraud strategies may vary between institutions, the exchange of ideas and experiences can provide valuable insights and enhance overall fraud prevention efforts.
Justin’s insights highlight the importance of delivering cutting-edge fraud prevention technologies to even the smallest institutions. By syndicating world-class banking services, these institutions can implement advanced technologies with minimal effort and realize rapid benefits. The current fraud risk environment is undergoing significant technological changes, necessitating continuous adaptation and innovation.
Fraudsters will always target the most vulnerable, but with the right tools, strategies, and collaboration, financial institutions can stay ahead of these threats. By integrating behavioral intelligence, banks and credit unions can detect and mitigate fraud more effectively, protecting their account holders’ information and reducing friction for genuine users.
In conclusion, the scope of fraud prevention is constantly evolving, requiring financial institutions to stay vigilant and proactive. By leveraging advanced technologies and fostering collaboration, they can navigate these challenges and provide secure, seamless banking experiences for their consumer and business accounts.