Fraud in Financial Services: A Persistent Threat

Fraud has been a constant concern within the financial services industry, much like it attracted notorious bank robbers such as Willie Sutton. The primary reason is that fraud presents significant opportunities for financial gain. Yet, many financial institutions remain hesitant to invest heavily in solutions that could effectively combat these threats.

Where Things Stand

The major concerns within the industry are centered around credit and debit card fraud, which remains top of mind for most financial institutions. However, identity fraud may pose an even greater threat moving forward. According to Javelin Strategy & Research, there was a substantial increase in identity fraud cases in 2024, with total losses reaching $27.2 billion, compared to $22.8 billion the previous year.

A significant component of this rise is account takeover (ATO) fraud. Annual ATO-related losses are estimated at nearly $16 billion and have affected approximately 5 million consumers each year. Weak authentication measures—such as lenient password policies and optional multi-factor authentication—have exacerbated the issue. Suzanne Sando, Lead Analyst of Fraud Management at Javelin Strategy & Research, highlighted that users often reuse their login credentials across multiple accounts, both financial and non-financial. This practice provides an opportunity for criminals to exploit weak authentication measures.

Suzanne Sando: “People continue to use and reuse their login credentials across multiple accounts, both financial and nonfinancial. That’s not the victim’s fault, but it is an opportunity for banks to look into their account takeover protections and make better decisions based on some of the account actions that criminals are taking.”

Additionally, Sando pointed out that with ATO, criminals can circumvent Know Your Customer (KYC) and identity verification processes by hacking credentials, altering critical information, and evading detection until the customer notices they’ve been locked out of their account.

Current Defenses Are Not Strong Enough

The increasing losses from fraudulent attacks indicate that current prevention methods are inadequate. Almost half of the financial institutions surveyed allocated less than $50,000 to fraud, authentication, and identity verification solutions. Javelin’s research also revealed that many financial institutions lack necessary tools and have no plans to increase their investment in this area.

For example, in 2023, fewer than a third of organizations used authorized push payment (APP) fraud solutions, and only 18% planned to adopt one. Similarly, tools designed to address synthetic ID fraud, chargeback fraud, and peer-to-peer fraud are underutilized. Additionally, three-quarters of organizations aren’t using decision engine tools—systems critical for effective and scalable fraud management.

“A decision engine takes in a bunch of different signals and behaviors and data points, and it spits out a decision on whether or not you should allow a transaction or particular account action to happen,” Sando explained. “For example, it can use inputs like behavioral biometrics, which are the way you type, the way you hold your phone, device intelligence. ‘Is this normally Suzanne’s iPhone, and is she using the same operating system?’ “

The Solutions Are Available

Effective fraud-fighting tools exist even for financial institutions with limited budgets. The key is strategic implementation—integrating multiple tools rather than siloed environments. Fraud detection and prevention technology operates on various levels, providing a comprehensive view of user behavior and real-time risk assessment.

Risk-based decision engines that draw from diverse data sources are better suited for handling complex processes compared to single internal systems. These engines use data like biometrics to automate decisions related to fraud detection. This capability gives financial institutions greater confidence in their actions regarding individual users and transactions.

Suzanne Sando: “This is truly an area where there is strength in numbers. Shared industry data, compiled from many sources, can provide critical insights that support better-informed decisions. In a rapidly changing fraud landscape, this level of industry collaboration is essential.”

The Growing Role of AI

Artificial intelligence (AI) is already enhancing fraud detection capabilities by identifying patterns and behaviors that human eyes might miss. AI-powered solutions can sift through vast amounts of data to identify key indicators, while machine learning handles much of the heavy lifting in trend analysis—supporting a risk management process that remains relevant and up-to-date.

Suzanne Sando: “AI is a more precise way of looking for some of these patterns and behaviors that the human eye cannot detect. We can only do so much as we look through someone’s transactions. Let’s say there’s a bot attack. You may notice some characteristics of that which are in line with fraud, but AI can recognize patterns in ways that we simply cannot.”

What FIs Need from Their Partners

Financial institutions require partners who can meet their unique needs and existing tech stacks. Flexibility is crucial as most financial institutions have complex, highly customized technology environments. Additionally, clear visibility and accessibility are important; respondents value knowledgeable and trustworthy collaborators with whom they can have in-person interactions before adopting new technology.

Protecting the brand from fraud is a top priority for businesses concerned about financial security. A bank’s reputation is its most valuable asset, as customers are willing to switch providers if they fall victim to fraud. Banks must prevent negative publicity and maintain trust with their customers, which can be lost at any time.

Suzanne Sando: “You are more likely to read a bad review about someone than a good one. If one fraud victim has a bad experience and starts publicizing it, that’s something a bank wants to prevent. Trust is such a basic part of the foundation of a relationship between a customer and a bank. If you don’t have that trust, that person can walk at any time. And we’re seeing growing numbers of fraud victims who are willing to close their accounts and move somewhere else.”