Have you ever wondered how crooks steal money from banks? It’s not so much via armed robbery these days, but rather it is from cybercrime. At this very moment, there are numerous of people sitting all over the globe, trying to figure out how to take the money you have in your bank account.
How big of a problem is fraud and criminal activity in financial services? I have read a lot of white-papers on this topic and the number seems to be about 2% of revenue, which is very large when you consider the hit this is to profitability. Two excellent sources of data on this topic are the LexisNexis True Cost of Fraud Study and the Crown UK LLP’s 2018 Fraud Report.
According to the LexisNexis 2017 True Cost of Fraud Study
· U.S. FIs have seen the average cost of fraud rise 9.3% from 2016 to 2017. For every dollar of fraud, financial services companies now spend $2.92, compared to $2.67, one year ago*.
· “Based on self-reported figures for average monthly transactions and fraud attempts, it is possible that up to one third of monthly transactions are fraudulent.” Note: Financial Services = 31%, Online Lending = 36%
According to UK audit firm Crowne UK LLP’s 2018 Fraud Report**
· Fraud costs as a percent of revenues are 2.39% in FS & 1.61% in Lending
· Fraud costs globally have been $4.48 Trillion USD from 1997 to 2017.
As industry moves away from physical locations to conduct business, and more to online, the threat of fraud only grows, yet the means to prevent this are not as robust as they could be. Let’s examine one common approach to thievery.
A common security measure used to protect you from a nefarious character taking your money is the micro deposit. The micro deposit comes into play when you want to transfer money to a new account, from your existing account. Say for example you open an account at Online Bank XYZ, and want to transfer in funds from your account at Brick and Mortar Bank ABC. Online Bank XYZ will want to ensure that you are the owner of the account at Bank ABC, and might have implemented micro deposits to ensure this. Bank XYZ sends two small ACH pushes of money, in small amounts of perhaps $.10 and $.13 for example to Bank ABC. When the deposits show up, you confirm the amounts in XYZ’s mobile app or website.
Here’s where the problem starts. What if someone has your online credentials for Bank ABC(user name and password)? To protect you from this, Bank ABC may block all devices that are used by known bad guys or from geographies outside the country known to be criminal hubs. Thus that IP address in Ethiopia is going to get shut down immediately at any of Bank ABC’s online properties. However, is this the only place your account can be queried to get these micro deposit amounts? No it isn’t. There are aggregation services provided by technology and fintech companies that can be accessed with the credentials of your account at Bank ABC and the criminals know this. It doesn’t matter where they get the info on these micro deposits, only that they get it and enter these amounts in the new account or transfer set up process at XYZ. Once these amounts are confirmed, they have a “license to transfer funds”.
Since data is now available in many online destinations, is this micro deposit approach really secure? What is better? What is better is proof of account ownership by producing a verified statement from the account in question, a statement that has been encoded to be verified, and verified in an automated fashion, in real time. A statement that can only be accessed from ABC’s site, walled off from aggregations, which blocks connections from previously mentioned nefarious devices and locations.
Imagine if your bank account statements could be encoded, only by Bank ABC, using a trusted third party like Verified By Quin? If this statement generation capability was only available within ABC’s protective shield, and if verification of the statement could only be performed by a company like Quin, via their API or mobile app, we would in effect create a protective loop of verification that is secure yet verifiable by all. See example below.
In summary, by incorporating encoded statements into a bank’s defense arsenal, we can provide a better means of verifying account ownership, while performing the verification in real time, not waiting for micro deposits or other slow verification processes such as the commonly used “Verification of Deposits” by banks in the USA. For more information visit www.verifiedbyquin.com .
* The lost value of the transaction, plus fees and interest incurred during applications/underwriting/processing stages, labor costs for fraud investigation, fines and legal fees, as well as external recovery expenses are the main costs of fraud for financial institutions according to the study.