Demystifying Modern Fraud Attacks in Banking

As fraudsters gain access to more resources that help them fine-tune their attacks, the scale of damage they can inflict on financial institutions is amplified exponentially. Particularly in the past 18 months, we’ve witnessed a shift to digital banking channels. Fraudsters tend to go wherever there’s plenty of opportunities, and they’re always ready to exploit any vulnerabilities that will support their illicit gains. 

Here’s what modern banks should be wary of and how you can stay proactive in the fight against fraud.

Popular Fraud Types in Banking

Banking fraud is evolving quickly, especially as customers (and fraudsters) are presented with more channels to carry out activities. Popular fraud types take many forms: 

Identity Theft

Fraudsters can use bureau data to figure out where we live, where we’ve worked, and other key points that help them to answer security questions and gain access to user accounts. In 2020, 155.8 million records were exposed. Identity theft accounts for more than $6 billion in losses each year, including 20% of charge-offs and 80% of credit fraud loss. 

Gamer Fraud

We’ve seen an uptick in groups of fraudsters coordinating their attacks on merchants to take advantage of generous sign-up bonuses. Group members collude using similar account details, phone numbers, emails, and more, then systematically apply for different cards or programs. 

Online Transaction Fraud

Card-not-present attacks are rising. Because attack patterns evolve faster than new models can be trained and deployed, the amount of CNP fraud continues to grow each year.

Check Fraud

Banks that are victims of check fraud may incur 2x the loss. For example, if a fraudster maxes out a credit card limit, then uses a fraudulent check to pay off the balance, the credit limit is restored and fraudsters can continue spending even though the check will never clear.

Bank Linking Fraud

This is a new type of fraud we’ve found, particularly during the pandemic. In this scenario, we see new bank accounts being opened. Then, after those accounts mature for a while, the user tries to link a victim’s account, which is verified through microdeposits. Once linked, the fraudster will try to take money out of the victim’s account through the ATM. 

Mobile Banking Fraud

Another new type of fraud we’ve seen is where fraudsters offer to enroll victims in mobile banking. Fraudsters register their own device instead of the account holder’s, which allows the fraudster to take money from the account undetected.

Why Attack Techniques Are Evolving

It used to be that banks only had to worry about their own website — a single-purpose site with limited functionality. Websites have now evolved into feature-rich platforms along with their own apps, social media channels, and more.

Attack techniques are also evolving and include SMS verification, cloud-hosted infrastructure, mobile device flashing, emulators, proxies, and VPNs. More options are available than ever before, and it’s easier for fraudsters to hide their activities from detection. It’s estimated that 20-45% of consumer traffic from cloud platforms is fraudulent, with malicious accounts being 8x more likely to use cloud services. 

DataVisor’s Proactive Approach to Fraud Detection

Because attack patterns, techniques, and technology evolve so quickly, only a proactive approach to fraud detection can protect banks. DataVisor’s comprehensive AI-powered fraud and risk platform is the only solution that combines complexity and precision in detecting new attacks.
Learn more about evolving attack techniques and proactive fraud detection in our new webinar “Fraud Forensics: Demystifying Modern Fraud Attacks in Banking.”