As banks have increasingly moved online over the last year in response to COVID-19, there has been a parallel proliferation of cyberattacks that attempt to damage, disrupt or gain unauthorized access to the computer systems of banks and other financial institutions. So while banks are looking for ways to streamline the onboarding process, they must ensure that they build in the necessary safeguards to thwart these types of attacks.
iStock
Here’s just a smattering of cyberthreats that banks must now contend with and how having a smart account onboarding process can help.
1. New Account Fraud
What it is: New account fraud isn’t new, but it’s fast becoming one of the biggest problems in the digital banking era, costing the financial services industry billions each year. In fact, 48% of all fraud value stems from accounts that are less than a day old, according to RSA Security.
How smart onboarding can help: Requiring a bank customer to capture a picture of a government-issued ID and a corroborating selfie has a chilling effect on attempted fraud. The simple requirement of a selfie can deter as much as 90% of fraudulent attempts since it requires the scammer to capture and share their own likeness with the company they’re looking to defraud.
2. Sleeper Fraud
What it is: Also known as bust-out fraud, sleeper fraud is a type of credit card fraud where an individual applies for a credit card, establishes a normal usage pattern and solid repayment history, and then maxes out the card with no intention of paying the bill.
How smart onboarding can help: By requiring a picture of a government-issued ID document and a corroborating selfie, and not just relying on self-reported information, banks can thwart sleeper fraud and other forms of first-party fraud. Banks should also leverage analytics to help set a behavioral baseline and remove suspicious accounts from the collection workflow so that they can be properly analyzed.
3. Account Takeover
What it is: Criminals gain access to someone's bank account to make unauthorized withdrawals and purchases. Sometimes, the fraudsters will change login details to the account. In many cases, con artists engage in phishing activities as part of the scheme.
How smart onboarding can help: If a remote user is required to provide some type of biometric when they initiate a high-risk transaction such as a password reset or wire transfer, the account takeover threat is largely eradicated. ATO preys upon websites that rely exclusively on a simple username and password (or some basic form of knowledge-based authentication).
4. Synthetic Fraud
What it is: Fraudsters can also carefully hoard a cache of stolen bank account data, credit and debit card information, Social Security numbers and other details to impersonate legitimate customers. Using these details, fraudsters can cobble together realistic-looking identities to perpetrate identity theft, new account fraud and gain entry to other platforms.
How smart onboarding can help: Synthetic identity theft is one of the most difficult types of fraud to detect. Filters employed by financial institutions may not be sophisticated enough to catch it. Some identity verification solution providers can offer a 1-to-many face search. At Jumio, we have witnessed a number of synthetic fraud attempts where the fraudster exchanged particular data points (e.g., name, date of birth) but always uses the same selfie or photo printed on the ID, which is an obvious red flag.
5. Social Engineering
What it is: Criminals are increasingly sharing resources and information and reinvesting their illicit profits into the development of new, even more destructive capabilities. In fact, over 82% of surveyed financial institutions said cybercriminals have become more sophisticated, leveraging highly targeted social engineering attacks and advanced TTPs for hiding malicious activity (Source: VMware Carbon Black, May 2020).
How smart onboarding can help: Protecting online accounts and systems with a simple username and password is a recipe for disaster and represents a significant vulnerability. Banks need to move beyond password-based and knowledge-based authentication paradigms to better defend against social engineering exploits. Creating a biometric template of the customer at enrollment helps defend against downstream account takeovers.
6. Wire fraud
What it is: With most wire fraud scams, cybercriminals use spear phishing emails designed to gather email account details. Armed with account access, fraudsters wait patiently and obtain intimate details about a transaction and the participants involved. This makes all other parties involved in the deal targets. Nearly 64% of survey respondents reported increased attempts of wire fraud transfer, a 17% increase over 2019 (Source: VMware Carbon Black, May 2020).
How smart onboarding can help: The quickest way to defend against wire fraud is by requiring more than just a username and password to initiate a wire transfer. If a bank creates a biometric template of the customer at enrollment, they can request a new selfie, generate a new biometric template and compare the two templates to ensure that the user requesting the wire transfer is the actual account owner.
Want to learn more about building a better onboarding process for new customers? This guide provides an in-depth look at the principles and technologies that result in a seamless customer onboarding experience that optimizes new account conversions while also defending against emerging fraud tactics and meeting ever-evolving compliance mandates.
