arrow left facebook twitter linkedin medium menu play circle

Live Webinar on Feb 28: Authorized Push Payments (APP) Fraud: Trends, Risks, and Your Defense Playbook

March 23, 2023 - Greg Oprendek

4 Major Digital Bank Frauds and How to Stop Them

“It is not the strongest of the species that survives, not the most intelligent. It is the one that is the most adaptable to change.” Though Charles Darwin said this about our natural world, he could describe the modern financial industry quite accurately—especially banking.

Not just since the dawn of the internet, but even in the last few years, digital banking has gone through a revolution. New technologies made customers’ experience smoother. Disruptors splintered operations off the big banks to offer specific services faster. Digital banks have even started offering debit and credit cards without requiring you ever set foot in a branch (not that you could.)

The rise of digital banking fraud

Just as the banking industry itself adapted to serve the needs of modern customers, so too did digital banking fraud. Fraudsters have access to new technology as well, and they’re using it to put a new spin on classic methods to commit financial fraud in fintech. In the wake of their attacks, trust eroded in digital banking. Some users found they were even blocked from using digital bank cards by retailers as the industry scrambled to find out what to do.

In the end, digital banking fraud shares many similarities with other bank fraud types. In fact, many common types of digital banking fraud fall under the same scheme umbrella — account fraud.

Stamping out fraudsters before they attack digital banks is possible. It simply requires knowing their tactics and setting up the right prevention and detection tools. Let’s dissect the top 4 types of digital bank account fraud and then explore how adaptive institutions prevent them.

Types of digital bank account fraud

1. Fake accounts

Fraudsters target the onboarding process using tools to bypass traditional prevention methods like CAPTCHA and ID verification. Once they have the system fooled, they leverage bots to create hundreds, even thousands of fake accounts. Sometimes these accounts are used in coordination to exploit promotions—a common crypto-targeted scheme. Other times, they’re used to launder money. In many cases, fraudsters rely on the sprawl created by their fake account army to hide a small handful of accounts committing the actual financial fraud.

Fraudsters can get around traditional ID methods by using stolen information they’ve purchased on the dark web. When a digital bank asks for an SSN, an experienced fraudster can provide a real one with relative ease.

The key to detecting these fake accounts is to spot them early. Of course, that’s easier said than done. One of the best solutions available is unsupervised machine learning (UML). UML looks at the digital footprint of new account owners in the context of all the traffic experienced by a digital bank to find correlations between events (e.g. shared addresses, behavioral patterns, and common email domains) that are invisible to the human eye. .

In one UML success story, a leading fintech detected 92% of fraudulent account openings before the fraudsters could even claim a new-signup promotion.

2. Account takeovers

You know the emails and calls. “We need you to log into your account to update your billing method.” “We have a special offer for you, just log in here to claim it!” Fraudsters phish by email, text, and phone hoping to convince you they’re a legitimate entity. Once they have your password, it’s added to a database of hundreds of millions of other stolen passwords that they pass around inside crime ring circles.

Today, these schemes are even more sophisticated thanks to tools like Chat GPT that will write a perfectly convincing phishing email for a fraudster in seconds. Once a fraudster gets control of a digital bank account, they can drain it, use it for money laundering, or simply sell the information to the highest bidder.

account takeover

Data leaks are another goldmine for fraudsters. Lists of compromised credentials are passed around, giving them access to countless customers’ accounts. When combined with the fake account smokescreen, a fraudster can do serious damage to a good user without ever being noticed.

These are just a couple of the many ways cyber scammers can take over accounts. You can read more about their methods if you’re interested. The key to stopping them is a more delicate process. Because traditional methods of customer authentication, including multi-factor solutions, have a dire effect on customer experiences, smarter solutions look for financial fraud in the background. They strategically flag the actions of bad users without disrupting good traffic, which is of paramount importance.

3. Money mules

A money mule is defined by the FBI as any entity that transfers illegally acquired funds on behalf of someone else. Sometimes a money mule is another fraudster in on the scam and sharing the profit—common in money laundering schemes. Other times, and more frequently nowadays, a money mule is an unknowing victim. Romance scams fool an account holder into sending money to a fraudster disguised as a long-distance lover. Hopeful employees can be tricked into accepting and sending illegal payments to a fraudster thinking they are only doing what’s needed to land a job.

However they’re put in place, fraudsters rely on money mules to add a layer of distance between their victims and themselves. Mules also disguise the money trail, making it harder for investigators to trace an online banking fraud scheme.

Spotting a money mule requires a tool that detects suspicious activity between a network of seemingly unconnected accounts. This is another area where machine learning plays a critical role, which we’ll dive into later.

4. Authorized and Unauthorized Transactions

The ACH, or Automated Clearing House, is where a huge proportion of electronic fund transfers (EFTs) takes place in the U.S. Fraudsters can siphon funds from accounts that have been taken over (unauthorized transfers), or convince unsuspecting victims to send over money using social engineering techniques (scams). Venmo, Paypal, and Zelle transfers are also often used by criminals for these schemes.

ACH fraud is appealing to fraudsters because it’s relatively easy to commit. All they need is a checking account number and routing number. Then they’ll use ACH fraud tactics to:

  • Move fraudulent funds back and forth between accounts to hide its true source
  • Divert a legitimate payment and cover it up with other payments
  • Use stolen credentials to steal money via ACH
  • Trick an actual account holder into providing their credentials, opening the account for fraud

Outside of ACH blocks, catching this type of fraud requires constant monitoring to spot malicious behavior patterns. The best way to accomplish that, and the method most banks are turning to, is machine learning.

How to catch digital bank account fraud

Where traditional ID verification and fraud prevention methods aren’t enough, digital banks can catch fraudsters with a robust tech stack. The components that each digital bank needs will vary based on the fraud they face the most. However, a few solutions fit ideally to counter account fraud and prevent it before it happens.

ID graphing

Data is the best tool a fraud fighter has to stop bad actors. ID graphing aggregates information from millions of data points and relationships to provide insight into account behavior. Once a fraud fighter has this graph-based visualization, they can decide which accounts appear to truly be fraudulent and which are good users. The graphing model is critical to help fraud teams spot patterns of abuse, massive fake account networks, and compromised accounts, even in real-time.

Device Intelligence

Another core piece of machine learning digital fraud prevention, device intelligence uses device fingerprinting to uniquely identify the background of an account. This is extremely useful when both verifying good users and spotting accounts that fraudsters took over or created altogether. In the case of DataVisor’s device intelligence solution, fraud fighters can leverage it to protect against emulator attacks, botnets, hijacked accounts, app cloners, and more. It also delivers accurate signals and device IDs to boost detection.

datavisor device intelligence

DataVisor

DataVisor’s complete fraud prevention solution leverages both ID graphing and device intelligence along with decisioning tools like Decision Flow to first spot fraud, then help digital banks make the right decision on eliminating fraud accounts while preserving the smooth experience for good users. It’s chosen by leading digital banks, multinational apps, respected financial institutions, and celebrated fintech companies alike. To explore how DataVisor’s best-in-class fraud prevention platform can help you stop digital banking fraud, talk with one of our experts and explore it for yourself.

about Greg Oprendek
Greg is a passionate digital marketer, avid basketball fan, aspiring fraud expert, and Content Marketing Manager at DataVisor.
about Greg Oprendek
Greg is a passionate digital marketer, avid basketball fan, aspiring fraud expert, and Content Marketing Manager at DataVisor.