Payment fraud remains a major challenge for both banks and their diverse range of clients, with increasingly complex anti-fraud solutions needed to combat attacks. Andreas Hauser, Transaction Surveillance – Head of Fraud Prevention Management, Deutsche Bank explores the challenges faced by the industry – and how collaboration offers the key to tackling fraudulent behaviour.
In an increasingly digital, real-time world, fraud prevention has emerged as a major challenge for consumers, corporates, and banks alike. The frequency of payment fraud, as well as the extent of the losses, are increasing year on year. At the same time, both the attacks and their perpetrators have become more professional – a trend that makes their detection increasingly difficult.
Among those hit hardest by these new trends in fraud are multi-national and mid-sized corporates. This is because fraud attacks have become many and varied and increasingly target corporate payments, which are – by their nature – also many and varied.
In response, banks are looking at ways to better collaborate with their clients to ensure their anti-fraud teams can help keep one step ahead, or at the very least keep pace with today’s criminals.
In the past decade, the world of fraud has changed significantly. Perhaps the biggest evolution witnessed has been the vast movement from the physical to the online world. This shift affects corporates in two ways: firstly, incoming payments increasingly face card fraud – driven by the growth of the ecommerce market, accelerated by the COVID-19 pandemic. For example, the dark web – a hidden set of internet sites only accessible with a specialised web browser – has become an important tool for criminals seeking undetected access to personal financial information.
Even more important – and the second dimension to how the move online affects corporates – are the outgoing payments initiated by corporate treasury departments to pay their company’s suppliers. A pattern that has proved very popular is the ‘man in the middle’ attack. This is a form of cyber scam where the fraudster manipulates communications; for example, requesting that the company changes the bank account to which payment should be made. Worst case examples have involved significant cash losses for the targeted company. While publicly available statistics indicate an average loss per incident of EUR 80,000 to EUR 100,000, it’s worth noting that there are extreme outliers in both directions of the scale, ranging from double-digit sums to the most ambitious attacks scams, where losses run into millions.
This is particularly true in an ever-faster payments landscape that aims to facilitate a seamless and quick end-to-end experience but also makes fraud detection harder for banks. With instant payment, settlement is often completed within 10 seconds, giving banks only a tiny window in which to investigate whether a transaction was legitimate.
Given these growing pressures, how are banks looking to tackle fraud for their clients? The process begins with awareness trainings, as banks reach out to ensure their clients are apprised of the current trends, as well as any areas where they may be particularly vulnerable. The second line of defence is preventative measures that include Strong Customer Authentication and vendor validation services, such as the SWIFT Beneficiary Account Validation service.
If you cannot prevent the fraud, the next step is to try and detect it. Banks generally carry out comprehensive risk assessments that access outliers to a typical flow. One means of doing this is through smart systems that look into source information. For example, if the bank can identify that human intervention has taken place during the transaction process, they can then investigate further to identify any fraudulent interference.
Fraud detection, however, remains a challenge for banks, as much of this contextual information is unavailable, often lying with corporates and their software providers instead. This is because corporate clients tend to have multiple banking providers – and each of these banks can only see those payments they are directly involved in. Without access to this complete picture of a client’s payment flows, this at best leads to more false positives, and at worst allows fraudsters to exploit the gaps.
Banks and corporates can tackle this particular challenge by looking further upstream into clients’ internal infrastructures, thereby seamlessly acquiring the payment information necessary to spot, and react to, fraudulent activity. For this to work, closer collaboration between banks and corporates is key – and partnerships with software vendors and fintechs are facilitating this.
For example, Deutsche Bank is collaborating with Treasury Intelligence Solutions (TIS), a provider of cloud technology for managing corporate payments. The solution, which seamlessly integrates into existing client infrastructures, leverages data from Deutsche Bank, as well as multi-corporate community data, and applies the information into a smart rule management and pattern recognition system. The solution screens outgoing payments before they are sent to the respective bank. Depending on the result of various rule-based checks and assessment scores, an intelligent alert management system triggers an efficient workflow to review suspicious payments before execution.
Preventing fraud remains a vital task for every finance and treasury function. With the threat of fraud ever increasing, a comprehensive approach – involving regular reviews and updates for all potential scenarios – has moved from a ‘nice to have’ to an absolute necessity.
The key, it appears, to creating a more robust anti-fraud offering is to collaborate as one rather than work in siloes. Clients, banks, software providers, and fintechs are all part of the solution – and working together can help to combat payment fraud attacks more logically and holistically.
This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime.
About Deutsche Bank
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now