The ongoing COVID-19 pandemic is significantly affecting everyday life, with more than one-third of the world’s population subject to social distancing guidelines, stay-at-home orders or other regulations to prevent the virus’s spread. Banks are largely considered essential businesses and allowed to continue their operations, but it has hardly been business as usual for financial institutions. In-branch traffic has declined precipitously, with 82 percent of consumers expressing concerns about interacting with employees or other customers.
The risk of infection is not bank customers’ only concern during the outbreak, however. Digital fraud and other forms of financial crime are also on the rise due to the uncertainty and confusion surrounding the crisis. Twenty-two percent of Americans have reported being targeted by COVID-19-related fraud, and these scams have seen more than $1.2 million CAD ($865,800 USD) stolen in Canada as well as £800,000 ($1 million USD) in the UK.
FIs thus must thus be cognizant of the threat COVID-19 poses in terms of financial crime, as well as how to continue these fraud-fighting techniques once the pandemic recedes. The following Deep Dive explores the methods bad actors are leveraging to scam bank customers and the methods FIs are using to stem the tide of fraud.
The rise in financial crime during the COVID-19 pandemic stems from several factors, the first of which is the unprecedented volume of customers digitally accessing their banks instead of visiting bank branches. Many are using digital banking services for the first time, though, meaning they may be unaware of personal security best practices. This puts them at risk of schemes that involve submitting personal information to unauthorized sources.
Phishing attacks are some of the most common scams. Fraudsters impersonate banks and send emails prompting recipients to enter passwords or other authorization details into fraudulent websites that resemble bank portals. This information then falls directly into bad actors’ hands and gives them free rein over victims’ accounts, and such attacks saw a 667 percent increase between the end of February and the end of March. Some phishers even claim to be from the Centers for Disease Control and Prevention (CDC) or World Health Organization (WHO), exploiting victims’ trust in these organizations to gain access to their bank accounts.
Phone scams in which fraudsters pose as representatives from victims’ banks and ask for their security information are also growing more popular, according to card network Visa and the U.S. Secret Service. They often use internet-based phone services or voice over internet protocols (VoIPs) to spoof banks’ caller IDs, making their deception even more convincing. The ongoing pandemic and resulting economic downturn have made individuals so concerned about their finances that even those who should know better have fallen victim to these scams. Lori Hodges, vice president of risk in North America for Visa, has said even fraud prevention professionals have let their guards down. March alone saw more than 132 million robocalls per day, many of which preyed on victims’ fears of contracting the virus by offering free COVID-19 tests or fake health insurance schemes.
That up to half of American workers are operating from home is also contributing to COVID-19-related financial crime. Bank employees are remotely accessing their FIs’ networks to do their jobs, but banks typically secure their systems via firewalls and blacklists that flag or block suspicious entities from doing so. These systems often cannot differentiate between potential bad actors and employees working remotely, meaning FIs are struggling to balance seamless employee access with network security — and fraudsters are taking advantage of the confusion to slip by undetected.
Banks will need to step up their fraud prevention measures to curb fraud growth during the pandemic. No one solution will be sufficient, however, meaning FIs must harness both human intuition and automated tools to reduce financial crime risks.
Tapping Human Intelligence and AI
Education is a key weapon in banks’ arsenals to protect their customers from COVID-19-related scams. Customers and employees trained to spot fraud, especially social engineering methods like phishing, are far less likely to fall prey to it.
Several banks in the UK. — including Barclays, HSBC, Lloyds Banking Group and Royal Bank of Scotland — have launched social media campaigns to educate customers about warning signs like unexpected password or personal banking information requests. One bank in the UK. noted that spelling mistakes in emails asking for financial assistance are common and sometimes even intentional, with some fraudsters impersonating bank employees conveying such urgency that they mistyped their requests for money. American banks — including Citizens Bank, Fifth Third Bank and Northwest Bank — are also issuing warnings on social media to help customers spot fraud, imploring customers to be wary of emails from suspicious domain names and to verify senders’ companies with the BBB before clicking on links.
These steps can prevent fraudsters from exploiting customers and employees to access bank accounts, but technological solutions are required to counter advanced techniques like botnets or malware. Banks are experiencing success with solutions that harness artificial intelligence (AI) to detect suspicious activity, such as customers suddenly withdrawing large sums when they typically deposit or withdraw smaller amounts. Such activity could be a sign that hackers have taken over accounts and are draining them, but this would be impossible for human analysts to spot amid the thousands of transactions a bank processes daily.
FIs have seen AI- and ML-enhanced solutions improve fraud detection rates by 90 percent and decrease investigation times by 70 percent. They can also reduce the number of transactions that require manual reviews, which are estimated to account for 25 percent of all fraud-fighting expenses. AI applications are becoming the norm in the banking industry, too, with 87.5 percent of FIs with more than $100 billion in assets deploying them.
The COVID-19 pandemic will eventually pass, but the new techniques fraudsters have learned — like posing as public health agencies or employees working from home — will likely remain. Failing to protect against these new schemes could result in untold sums being stolen from banks and their customers as fraudsters fine-tune their processes. FIs will therefore need to be ready to counter these and other methods for the foreseeable future.