Banks, customers and third-party providers have multiple avenues to prevent cyber fraud as such incidents are on the rise, said Federal Reserve Bank of Atlanta Payments Expert Nanci McKenzie and CSI Payments Strategist Matt Herren.
Herren and McKenzie were one of the opening breakout presenters on Sept. 24 during the first day of the Upper Midwest Automated Clearing House Association payments conference at The Heritage Center.
McKenzie said banks must consistently review their written risk management policies and ensure staff is diligent enough to prevent cyber fraud. Herren said the oversight in place for youth bank accounts could be valuable for elderly customers to prevent financial fraud. Telecommunications channels need to tighten their fraud controls as spoofing — criminals pretending to be someone the victim knows to steal their data — has become more common, he said.
Herren sees dot-bank domains “an interesting concept worth emulating,” and suggested informing customers that bank communications come from only one channel. Banks should understand that a perfect security environment is not possible while also striving to be more secure than their peers to become less of a target.
Not enough financial institutions are tightening their username and password requirements, Herren said. Databases with illicit repositories of passwords and usernames are prevalent. Credential stuffing — attackers using stolen passwords and usernames to access accounts across multiple services — is also on the rise.
“If it can be stolen, it will be stolen,” Herren noted. “If it can be reused, it will be reused.”
The hourlong presentation before a room of financial professionals came as 62 percent of institutions faced a rise in sophisticated fraud tactics, according to a recent survey from the Center for Payments, Nacha and Independent Community Bankers of America. Fraud attacks have jumped in check processing and debit card transactions, with 58 percent and 51 percent of institutions, respectively, reporting more frequent incidents.
Consumers reported losing $4.6 million to investment scams last year, up 21 percent from 2022. They lost $2.7 million to imposter scams, including bank transfers and cryptocurrency. McKenzie said victims include migrants who were blackmailed into becoming mules and perpetrators themselves.
McKenzie and Herren shared personal anecdotes of financial fraud. McKenzie noted one bank customer who fell victim to fraud feared she would be killed if she wasn’t allowed to open an account. Another looking to acquire a sports package was told to pay by acquiring several gift cards. Herren spoke of a family member who had fallen victim to financial fraud on numerous occasions.
“The IRS is never going to ask to be paid via iTunes gift cards,” Herren noted.
Herren expects U.S. banks will eventually be held to the same fraud prevention standard as the United Kingdom, where customers and financial institutions have partial liability. Herren’s comments come as lawmakers place more pressure on bank CEOs to prevent fraud.