Rising Fraud Scams Generate Focus on Bank Liability and Consumer Protections

Trace Fooshee is a Strategic Advisor in Aite-Novarica’s Fraud & AML practice, covering fraud and data security issues.  Trace will be speaking at NICE Actimize’s virtual customer event, ENGAGE, on June 9, on a panel titled “Evolving Fraud Strategy across the Customer Journey.” Click here to learn more and to register for this industry-leading financial crime event.

Several developments over the past year have placed financial institutions (FIs) between a regulatory rock and a market-risk hard place. First, fraud is roaring back to life; fraudsters, old and new, are looking to replace or supplement diminishing revenue from government stimulus programs as they terminate or come under tighter fraud controls. The count of FI customers targeted by scams has increased (in at least one case reported by a large U.S. FI) by a factor of three from the same period a year earlier. Regulators like the CFPB and even some legislators have taken note. As fraudsters return to targeting FIs and their customers, they appear to be leveraging the same kinds of scam and account takeover tactics they used to con state and federal officials out of an estimated US $100 billion, according to the head of the U.S. Secret Service.

Many FIs depend on policies embedded in their terms of use contracts to shield themselves from claim abuse. They now find themselves under significant pressure to adjust those policies. The net result of these conditions is that FIs are loosening restrictions on reimbursing claimants of unauthorized payment fraud. The good news is that these actions will likely attenuate the market risk posed by the alarming increase in the number of customers who will learn the hard way what the fine print says about their FIs’ reimbursement policies. The bad news is that this will lead to a substantial increase in net fraud losses and the growth of friendly fraud in the forms of collusion and claims abuse.

What are FIs to do about managing this dynamic? Several innovations are beginning to emerge in the marketplace, but the state-of-the-art, technologically oriented controls for scam detection are still relatively nascent. For example, suppose an FI is to deploy near-term countermeasures to mitigate scam losses. In that case, they will essentially be preventative measures such as more significant investment in proactive customer communications to raise awareness of fraud threats.

These countermeasures are necessary, but insufficient, layers in the control framework. Unfortunately, they have been underutilized, especially in markets outside the U.K., where significant resistance remains to spending marketing budget on honest discussions with customers about security policies. Proactive communication is valuable and essential, but it will not deter claim abuse. One could argue that they may amplify attacks by calling a would-be attacker’s attention to possible vulnerabilities.

For this reason, it’s important to view the issue of managing liability in a manner that seeks to strike a balance between protecting and honoring the claims of legitimate victims with the ability to detect, deter and prevent claims abuse. FIs must retain some degree of discretion when adjudicating whether or not a victim’s claim is legitimate.

Claim abuse has been and remains a legitimate threat to bottom-line revenue—one that will get amplified as a function of the degree to which regulators enforce adherence to more generous reimbursement policies. As a result, FIs adjusting to regulatory pressure by becoming less restrictive in their reimbursements will have to find ways to ferret out those who seek to abuse more generous policies in a delicate and complicated dance between an FI’s policies, its regulators, and its customers.