While fraud soared over the last year, especially in government programs crafted to stem the damage of the global pandemic, there are lessons we can learn about how to combat financial crime going forward
Fake companies, fake salaries, and fake loans — those are just some of the ways criminals exploited the U.S. government’s Paycheck Protection Program (PPP), which ran from April 2020 to May 2021. Staggeringly, the amount of fraud could be as high as 15% of the total amount of PPP loans, or approximately $76 billion of the program’s $800 billion, according to a recent report.
The pandemic presented a multitude of challenges for financial institutions and financial technology firms (fintechs) that were given the task of dispersing government-guaranteed loans. We know that criminal enterprises are always looking for innovative ways to commit financial crimes, and the pandemic provided the perfect opportunity for them.
While trying to claw back a majority of that money from criminals is likely to prove difficult, if not impossible, there are ways we can use the pandemic as a learning experience, according to Jose Caldera, Chief Product Officer at Acuant, an identity verification, document authentication, and fraud prevention technology services provider.
“We are always going to be in an arms race with fraudsters,” Caldera says. “They present an evolving threat.” While identity verification technology is one available method, we must enhance our risk modeling and understand customer behaviors in order to better fight financial crimes and fraud, he adds.
Risk tolerance is always the key
First, an institution’s risk tolerance is a crucial part of the equation. Financial firms need to create the right user experience in conjunction with the technology available. “There are cases where you want higher assurances of transaction authenticity and will be willing to ‘throw the kitchen sink at the transaction’,” Caldera says, adding that to assess a their risk tolerance, financial firms need to be asking several questions, including i) What is our target use case? ii) Who is our target audience? iii) What are that audience’s demographics? Are they internet savvy, or do they prefer a more traditional bank experience?
Once a firm makes that determination, they can work with vendors that offer multiple blueprints and technologies to build adequate risk models for each use case and demographic.
Fraudsters’ ability to access banking services using stolen and synthetic identities has exploded over the past several years. Now, compound that with a robust government stimulus program and an emergency pandemic and you create a rapid breeding ground for fraud. So, what went wrong? Was the technology lacking? Are we unable to accurately verify potential customers’ real identities to prevent fraud? Are we at the mercy of fraud rings?
“No, by and large the technology exists to stop fraud,” Caldera says. “Yes, fraudsters are getting smarter, better, and faster, and [banks] need well-planned risk modeling and a risk strategy in addition to the technology.” The biggest issue isn’t that technology hasn’t evolved, he explains, it is that our use cases need to evolve to better reflect the context upon which fraudsters are abusing the system.
Leveling up banks’ use of data
Fintech firms received most of the criticism in this latest report for servicing some of these potentially fraudulent PPP loans. Yet, the large amount of data at their disposal, if used, can create more accurate risk modeling to capture the evolving fraud environment.
“Most banks already have the technology and the data, however. They may not be aware of how to leverage the two together,” Caldera notes. “You can take your own data and start using those models in a way that allows you to be more prepared in this changing landscape.” While he acknowledges there isn’t a “silver bullet” for fighting fraud, it’s neither as complex nor convoluted as many might think.
To come up with the right strategy, Caldera makes several suggestions, including:
Identify the threat landscape — Financial institutions and fintechs must identify the threat landscape. This will take an internal review of past challenges, like pandemic loan fraud, and then leverage available technologies, such as orchestration layers, which is a method to handle everything required for a payment throughout its lifecycle. “You actually put all the pieces together in a consistent manner, such that the where and how you are using the technology is configured to your threat landscape,” he says.
Conduct A/B Testing — Financial firms could also do A/B testing — a common user experience research methodology — to monitor customer’s behaviors and the performance of the technology tools. During the customer onboarding process, banks could try different identity verification methods, such as document verification, biometrics, or entity linking. From there, banks then would determine what works best for their specific demographic.
Balance between frictionless customer experience and security — In the payments world, there is the age-old debate on how you create a frictionless customer experience while also ensuring the transaction is legitimate. This is especially important as more banking transactions have gone online and customer onboarding is not always done in person. One way to balance payment processing and risk management is to adapt to the behaviors of your customers through data analysis.
This doesn’t just start and end at customer onboarding, however. “A bank is not just assessing the identity of an individual while they are on-boarded,” Caldera explains. “Banks have to have continuous monitoring to ensure they are dealing with the right person or business.” And once a bank understands its client’s behaviors and what is outlier behavior, it can then apply more technology or even change the technology upfront, like adding in biometrics to verify a purchase.
Bottom line: Fighting fraud is a multi-prong approach
In today’s more crowded and digitally connected world, fighting fraud takes a multi-pronged approach, leveraging the best and most prevalent technology available. Creating positive friction at the right time and under the right circumstances will be crucial in the future.
“This is a layered approach,” says Caldera. “The future of fighting fraud is based on a combination of the right technology, how it is used, and how the risk and compliance professionals understand the landscape to make it work the most efficiently.”
