Banks continue to lose more money to fraud as cybercriminals utilize security lapses in digital banking, according to a LexisNexis Risk Solutions study of risk executives at more than 500 U.S. and Canadian financial institutions.
The report, taken from May to July, found that every $1 lost to fraud cost $4.36 in related legal fees and recovery costs. For U.S. financial institutions, that cost was $4.23, a 16.2 percent increase since a similar survey in 2020. Fraud was especially prevalent on mobile devices, according to the report, as such transactions grew by 57 and 64 percent for U.S. investment firms and credit lenders, respectively.
The report stated that criminals continue using either fake or stolen identities to open new accounts. More than half of U.S. banks and credit lenders say the new account creation stage is most susceptible to fraud. Scams using phishing, people moving money gathered illegally, and wire transfers drove an increase in digital identity verification challenges, according to LexisNexis.
“Scams are contributing to increased fraud costs and particularly creating more risk at the new account creation stage of the customer journey,” LexisNexis stated. “They are impacting fraud detection across the customer journey by heightening challenges with digital identity verification, distinguishing bots from legitimate customers and balancing fraud detection with customer friction.”
To prevent fraud, more FIs are investing in assessing and verifying customer emails and phone numbers and establishing two-factor authentication. According to the report, banks should use data attributes such as any customer logins from multiple devices, channels and locations, to help identify risk.
“Financial services and lending organizations can mitigate fraud … by protecting endpoints and using digital identity solutions and behavioral analytics that assess risk while minimizing friction,” the report stated. “Financial institutions should consider using technologies that recognize their customers, determine their point of access and distinguish them from fraudsters and malicious bots.”