How banks can use pre-transaction data to prevent fraud before it happens

The conventional modus operandi regarding fraud has largely been for banks to react after uncovering an attack. That’s because historically, banks haven’t had data available pre-transaction to be more proactive about fraud prevention. That’s all changed in the age of digital trust. Banks now have new possibilities to understand more about customers and fraud that didn’t exist before. As digital trust becomes the norm, it’s time for financial institutions (FIs) to work to prevent fraud before it happens at all. 

The Anatomy of Fraud Lifecycle

Before we delve into how to prevent fraud before it happens, we should first understand how a fraud attack works. As I’ve discussed before, there are three distinct stages to each fraud attack: Customer (or fraudster) access, execution, and monetization.

For fraudsters, the customer access stage is when bad actors research potential targets for their scams. During this stage, fraudsters collect sensitive data such as account information or login credentials. Depending on how much information they have access to, some fraudsters will monitor their victims’ accounts for long periods. This enables them to learn important information, such as when victims receive their salary, and prepare their next move accordingly.

The execution stage is when fraud actually occurs. Fraudsters might attempt to defraud targets using tactics like authorized push payments, in which they manipulate their victims into sending them money in real-time. They could also breach their victims’ bank accounts using an account takeover attack and then transfer money to mule accounts or synthetic accounts they control. 

In the final stage of monetization, the fraudster pockets their ill-gotten gains. Fraudsters operate with a for-profit mindset. They will look to reap the profits of their scams either by withdrawing money transferred to their account as cash, converting it to a digital wallet or currency, or using it to buy goods or legitimate services.

How Fraudsters Fake Good Behavior

Financial institutions – and often their customers – tend to view fraud primarily through the lens of the execution stage. However, this is a narrow lens through which to view fraud. Execution, or when FIs and consumers discover fraud, is the middle stage – not the beginning – of an attack. 

Fraudsters do their research during the customer access stage, looking to bypass an FI’s fraud prevention systems. This period is critical because fraudsters realize they will only have one shot to defraud their victim. This means they will commit account takeovers but hold off on transferring funds until they understand when the account reaches its maximum value and their target’s typical patterns. 

In the meantime, fraudsters are ensuring the account holder’s bank or FI trusts the devices and digital footprint they use. In pursuit of this effort, fraudsters perform smaller activities to build up a baseline of normal behavior. This could include checking the account balance or reviewing old statements. By taking these seemingly harmless steps, the fraudster might be able to give the false impression to FIs that their device is trustworthy.

In another scenario, fraudsters use money mule accounts for both monetization and preparation. To establish trust with their banks, they might move small sums of money between their mule accounts. Moving these funds around establishes connections to the accounts, so it’s less suspicious when they transfer a larger amount of money.

How to Stop Fraud Before it Happens

By the time FIs and customers realize a fraud attack has occurred, it’s most likely too late to do anything about it. It’s like trying to unring a bell or unbreak a broken glass; it’s an ineffective response to fraud after the fact. It can also confuse both customers and businesses. If fraud is prevented, how will they know? In other words, where’s the smoking gun?

So what is an effective fraud approach? Prevent fraud from occurring in the first place. This approach requires stopping fraud at the earliest stage. If done correctly, FIs can stop fraud during the customer access stage so fraudsters can’t scam customers in the first place. 

5 tips to stop fraud before it happens

Here’s what banks can do to prevent fraud before it happens.

Apply what you know

Several factors indicate fraud. A specific transaction might be considered low-risk on its surface. However, if the bank has previously seen similar transactions that proved fraudulent or risky downstream, they can flag it as risky. Banks should apply the lessons learned from previous fraudulent activity and prepare themselves to stop new fraud attempts. This knowledge provides banks with early indicators of what fraud looks like in its early stages and a means to stop it before it can occur.

Follow the risk

Let’s say a mobile device is used to access ten bank accounts or credit card accounts in a single day. One of those accounts goes on to suffer from fraud, such as a card-not-present attack. If one account connected to the mobile device is compromised, the odds of the other nine being at risk massively increases. Understanding these connections can help FIs get ahead of fraudulent activity and proactively take steps to keep their customers safe when warning signs of fraud first emerge.

Disrupt the fraudster’s network

The crucial step for a fraudster is to cash out their ill-gotten gains. Some fraudsters use mule accounts to transfer small amounts of money to other accounts they control to establish a relationship between the two accounts. The goal is to build a history of payments between the different accounts to ensure that the transactions are not flagged as fraudulent. Banks can learn if a device connected to a risky transaction is linked to another account that has not yet experienced fraud. Linking these accounts allows banks to understand which accounts are connected to fraudulent activity and disrupt fraudsters’ monetization efforts. 

Use the data tools you have

Detecting fraud and preventing fraud are similar but different concepts. It’s easier to keep records of fraud that is known and detected. However, as FIs embrace and shift to fraud prevention strategies, they need to demonstrate the effectiveness of their solutions with concrete data. Tracking important metrics such as the rate of false positives will gauge how much fraud an FI has prevented and where are opportunities for improvement. Banks need to use the tools they have to demonstrate their effectiveness in preventing fraud.

Communicate (effectively) with your customers

FIs need to build a communication strategy for how and when they will contact customers about their fraud prevention efforts. Banks should find the right communication balance that assures they are actively preventing fraud while not causing unnecessary frustration or anxiety. If a bank’s fraud prevention measures automatically close a user session because it detects suspicious activity, the bank can notify the customer by email, text, or phone. However, if the bank issues multiple alerts, it could undermine customer confidence in its ability to manage fraud prevention.

On the other hand, if there is no communication with customers and fraud is discovered later, the customer may resent the bank for not being more transparent. Finding the right balance is critical to building digital trust with customers. At the end of the day, fraud prevention is about building relationships and trust. It’s a moment of truth that can build strong customer ties if done well. But it could also undermine trust if it’s done poorly.

Stopping fraud before it happens requires FIs and banks to rethink their traditional approach to fraud. Banks need to understand how the fraud lifecycle unfolds and how fraudsters fake good behavior and then implement strategies and controls that nip fraud in the bud before it happens.