A bank makes a decision to take on risk every time it opens a customer account. This is not to be considered a negative, as the ability to effectively manage risk is fundamental to the value proposition that has made banking an indispensable part of society for centuries. Nevertheless, I believe it’s important to step back and assess this dynamic as both the nature of trust and the tactics behind fraud continually evolve.
Over the course of several installments, I’d like to explore the various aspects of fraud, its impact on a wide array of stakeholders, from financial institutions, consumers and businesses, and regulatory authorities, as well as how new techniques like machine learning can alter the equation. Let’s begin at a natural starting point, the establishment of a new client relationship.
The “Transfer of Trust”
The first order of business for a bank or credit union is to decide “Should I trust this person? Is the applicant who they say they are? Are they appropriately representing a business?” This exercise has always been something of a challenge, but it has of course become more complex as requests increasingly arrive through remote channels.
Banks look for someone to vouch for these individuals, a “transfer of trust,” if you will. Credit history usually plays a central role followed by the credit agencies’ assessments of past financial behavior provide the requisite transfer of trust. This is done in conjunction with the basics of confirming the applicant’s identity against a government-issued photo ID.
There are increasing signs; however, that credit scores are no longer a silver bullet robust enough to dictate such decisions. For one thing they don’t incorporate certain key economic activities (rent payments, for instance) that could reflect creditworthiness. For another, an increasing share of Americans, up to 25%, by many estimates, are “thin file” and/or “underbanked.”
Banks risk creating a vicious cycle if they refuse to offer banking services to anyone in this group, given that new data-driven techniques exist to validate their status. Another risk is that fintech firms will spearhead the rollout of models to green light these applicants, depriving banks of a valuable avenue for growth.
The Party You Want to Attend (To)
There are two primary categories of payment fraud: first-party and third-party. The latter gets plenty of attention, for good reason. Since it involves an outside offender inflicting harm on a bank customer, there is even greater motivation to erect defenses to protect customer relationships and reassure clients that the institution is looking out for their best interests. Numerous studies show the financial impact of first party fraud is even greater, however, and is probably understated because such incidents can easily be misclassified as credit loss.
A particularly nefarious category that deserves extra attention is the fast-growing category of synthetic identity fraud. Technically I consider these a subset of first-party fraud, with the twist that no such first person exists. Armed with info collected from social media and the ongoing wave of data breaches, patient fraudsters create fictional personae, opening accounts and gradually building credit in their names until they amass enough trust to cash out with a large-dollar scam.
This tactic is often used for money laundering and can run undetected for extended periods. The legitimate credentials of infants and immigrants, those groups least likely to detect malfeasance performed in their name until much later, are frequently exploited as the building blocks for these personae, creating major headaches when they eventually discover the need to clear their names and establish true credit.
My next entry in this subject matter will dig further into third-party fraud and the various types of unauthorized draws against value. Until then, a key takeaway is that customer relationships should be continuously monitored for identity over time, not just at inception. Credit scores are a valuable part of this process but are insufficient in today’s environment absent additional analytics.
For more information, read our white paper on "Stopping Fraud With Predictive Analytics."