Call centers and bank branches are major fraud liabilities

Img

Recently released results from a survey by American Banker's parent company Arizent indicate that as banks look to protect their digital channels from automated fraud branches and call centers have been left behind, leaving them more vulnerable to branch-based fraud activities.

The finding is one of many in the research on maximizing fraud prevention while minimizing customer inconvenience. The research is based on a May survey of 158 banking professionals, including executives and upper management at banks of various sizes, mostly banks with more than $10 billion in assets.

The survey results explain why banks including JPMorgan Chase have been looking to strengthen their fraud protections inside bank branches, why bankers see potential in the use of AI to fight fraud in call centers and the opportunity banks have to form more consortia for sharing fraud data and insights. Here are three of the most important findings from the survey:

Fraud consortiums are popular but rare

One of the largest opportunities for banks in the fraud space is fraud data consortiums. Among surveyed financial institutions, 61% said consortium data was "critically" or "very" important in the fight against fraud; another 26% said it was moderately important. Meanwhile, only 16% of respondents said they were already participating in a fraud data consortia.

Despite a lack of participation, many fraud consortia already exist. Some identity verification companies, including Mitek, Unit21 and Experian, manage fraud data consortia as part of their suite of offerings. Other groups focus exclusively on running a fraud data consortium, including Sonar and the Financial Fraud Consortium.

"Organizations like the Financial Fraud Consortium offer a platform where institutions can share their insights, explore emerging privacy technologies, and develop unified strategies to strengthen their data privacy and fraud detection efforts," the consortium's website reads.

While many consortia focus on creating a forum for sharing knowledge and insights between financial services companies, some have built application programming interfaces, or APIs, that leverage members' fraud data to flag potentially fraudulent transactions.

For example, Sonar offers such an API that allows members to send personal information on a potential customer or transaction to the consortium. In response, the member gets a list of indicators such as risk scores, the number of transactions any flagged account has made and whether the flagged account exists on any block lists.

When Sonar formed in 2023 — under the name SardineX — its members included Chesapeake Bank, Visa, Blockchain.com, Alloy Labs Alliance and Airbase.

"We cannot operate in isolation and hope to identify fraudsters in real time," said DJ Seeterlin, chief innovation and strategy officer at Chesapeake Bank, at the time. "We must collaborate across financial services to identify the bad actors and protect our customers and their accounts."

Pooling fraud data together creates another potential leverage point: training machine learning models on the large datasets to identify patterns in fraudulent behavior. Artificial intelligence has long played a role in fraud prevention, and banking leaders continue to see it as important.

AI helps fight fraud, but it can still do more

Two-thirds, or 66%, of respondents in American Banker's survey said AI will be very valuable or critically important to preventing fraud in digital channels (chiefly mobile and online banking) while half, or 49%, said it would be very or critically important to call center interactions. Fewer respondents, or 36%, said it would be very or critically important in branches.

Payments leaders have said that while AI has long played a role in fraud, generative AI creates new opportunities to help their employees on the front lines defend their institutions from these threats. 

"We've been using AI for the last 30 years, so the AI is not new to us, but what's new is generative AI," said Subra Kumaraswamy, senior vice president and chief information security officer at Visa, at the RSA cybersecurity conference in May. "AI has immense opportunity, specifically around how we can enable the defenders in the security operations centers that operate 24/7 — by giving them the information at their fingertips."

Digital channels and call centers are not the only places inside financial institutions that can benefit from AI; bank branches, which have been targets for fraudsters specializing in check fraud and other schemes, may also benefit from AI-enabled fraud detection, not least because the security checks inside bank branches differ significantly from the checks banks use in call centers and digital channels.

Call centers and branches are fraud liabilities

Bank branches use strikingly different methods of identity verification compared to digital channels and call centers. The most popular method of identity verification in digital channels is one-time passcodes (for example, codes sent via text message to the user) with a 74% usage rate among respondents, followed by PINS and passwords at 68%.

These same methods were also the most popular in call centers, but, concerningly, at a far inferior level. Less than half, or 46%, of respondents said they use PINs and passwords to verify a customer's identity in their call center, and 42% said they use one-time passcodes. One-time passcodes are not popular inside branches, according to 25% of respondents, while PINs and passwords are somewhat popular, according to 51% of respondents.

Among the 13 identity verification methods American Banker asked about in the survey, only one was more popular in call centers or branches than in digital channels. A quarter, or 23%, of banks surveyed use ID document verification by a human in their call centers, while 19% use this method in digital channels. Manual document verification is the most popular method of identity verification inside branches, with 70% of banks using it there.

The findings suggest that, while banks put significant protections against fraudsters in their digital channels, these same protections are severely lacking in call centers and branches. This may partially be explained by the need to protect against automated fraud attacks. While a fraudster can blast many banks at once with the same fraud method in digital channels, the same is not true of call centers or branches, where a person must be present.

Still, the difference in protections banks leverage inside branches and call centers versus digital channels present opportunities that fraudsters have been exploiting. Last year, Laura Spiekerman, the co-founder and president of Alloy, argued in an article for Forbes that in-branch fraud prevention systems are critical among a rise in fraud targeting branches — particularly check fraud.

Others have sounded this alarm, as well. Fraudsters are "taking advantage of the weak spots," according to Kerry Cantley, who joined identity and fraud prevention firm Mitek last year after a 26-year career with Bank of America. Mitek sponsored American Banker's research but was not involved in the creation of the survey or data analysis.

Cantley highlighted check fraud as a form of fraud that has increased significantly in the years since the COVID-19 pandemic began because branches were closed, preempting in-person verification. This pushed fraudsters to innovate and create more sophisticated approaches to fraud.

"They're very agile and quick to communicate where those weak points are," Cantley said. "Whereas, sometimes in the industry, we're not."


More From Life Style