Share
Looking back at the SVB shutdown over one year later, what have we learned?
Whenever a bank shuts down, other institutions see a rise in new account fraud.
In March 2023, Silicon Valley Bank became the second-largest financial institution (FI) to fail in the United States — the biggest since the 2008 financial crisis. Less than two months later, First Republic Bank had already pushed Silicon Valley Bank aside, taking its spot as the second-largest bank collapse in US history.
Banking failures have generally been uncommon in the US. (At least, that has been the case since the end of the great depression.) But 2023 saw one dramatic collapse after the other, ultimately making it the biggest year on record for banking failures.
Bad actors see chaotic atmospheres as windows of opportunity, as we learned when over $100 billion in pandemic relief funds was stolen by fraudsters in the US and £16 billion was stolen in the UK. And while findings from our 2024 State of Fraud Benchmark Report suggest the chaos is starting to settle down, we can assume it won't stay settled for long. Here’s how banks and fintechs can prepare for the next big influx in fraud:
What is new account fraud?
Whenever an FI shuts down, their customers open new banking accounts with new organizations. When that happens, it’s normal for other FIs and fintechs to experience an increase in fraudulent account sign-ups, too.
New account fraud is when someone opens a new bank account — usually with a stolen or synthetic identity — with the intention of defrauding a financial institution.
New accounts often present higher fraud risk than ‘old’ accounts because fraudsters tend to take advantage of the accounts very quickly after opening them (typically within the first 90 days). This trend is further compounded by the rise in mass data breaches in recent years, which means fraudsters now have easier access to stolen PII than ever before.
How to prevent new account fraud
Despite the increasing threat of new account fraud, many financial organizations are still not adequately prepared to prevent it. Alloy’s 2024 State of Fraud Benchmark Report found that 96% of fraud teams in the US and the UK conduct some form of real-time interdiction, yet only 42% conduct real-time interdiction on new applications.
Today, many banks still use a “Day 2” fraud review process, approving applications en masse upfront and screening them in batches the next day. While this approach may work during periods of low or average application flow, it becomes more and more problematic as volumes surge.
When banks experience a flood of new account applications, fraudsters seize the opportunity to slip through the cracks. That’s why it is paramount that financial organizations watch their front doors, especially during times of bank failures. By implementing real-time fraud detection at the point of application, banks can prevent losses, lower account closing costs, and reduce time wasted on fraudulent customers.
While you can’t get back time spent in service of a fraudulent customer, you can prevent crisis in moments of chaos. Take these steps to improve your fraud prevention across business and consumer accounts:
- Streamline your identity verification and business verification workflows to get a complete picture of the entity you’re onboarding. If you’re onboarding an incorporated business, such as an LLC or Ltd., you should run that business through your KYB workflows while simultaneously running any Beneficial Owners through your Know Your Customer (KYC) workflows. For sole proprietor and consumer accounts, identity verification should be run through your standard KYC workflow.
- Set up tracking and alerting to easily flag fraudulent users trying to open multiple accounts. We recommend flagging accounts that share identity elements, such as the same:
- National identity number/ national insurance number, such as the US Social Security Number (SSN)
- Phone number
- Email address
- Names
- Use device analytics in combination with other signals like behavioral analytics to detect risky behavior, such as foreign IP addresses or copying and pasting in personally identifiable information (PII).
- If your initial data sources yield inconclusive results, route these applicants to step-up verification/Enhanced Due Diligence (EDD) for further investigation. Leverage additional verification steps for applicants that surpass certain risk thresholds, such as document verification (IDV), selfie verification, and phone-based verification. Alloy works with step-up vendors who have tailored their experiences to maximize conversion.
- Analyze your data for trends in new accounts consistent with bad actors in your historical data. For example, if you see an influx in new applicants using Hotmail email accounts, and you have historically seen a higher rate of fraud among users with Hotmail accounts, you may want to send these applicants through an additional step-up/EDD ID verification check vs. straight through KYC database checks.
- Continue to monitor for fraud closely during the first few months of the customer lifecycle. Best practices include:
- Implementing alerts that detect unusual activity around inflows and outflows of that new bank account
- Leveraging AI-based models that take into account both onboarding data,account activity, and monetary patterns
- Validating any changes in contact information after account opening
You don’t have to build all this from scratch
Alloy’s Identity Risk Solution helps FIs and fintechs detect fraud at origination and throughout the customer lifecycle. Over the past nine years, over 600 companies have used Alloy’s API-based platform to connect to more than 200 data sources. We have leveraged our experience to offer battle-tested solutions and strategies for automating identity decisions.
At Alloy, we also leverage our deep industry connections to bring you better fraud prevention outcomes. Alloy’s broad network of data providers ensures that banks and fintech companies are set up to detect and prevent fraud in any scenario — including a spike in new applications. Remember: It’s not a matter of “if” new account fraud will happen but “when” and “how.”
OnboardingPlus by Alloy builds on our industry-leading solution to help you approve more customers during periods of high risk while preventing bad actors from gaining access.
Our goal is to help FIs and fintechs prevent fraud and stay compliant, which is why we never stop improving our Identity Risk Solution. Instead of rejecting risky applicants outright, OnboardingPlus flexes to help you move beyond the basic onboarding checks to address new account threats in real time as they emerge. We do this by monitoring high-risk account activity post onboarding, such as a contact detail changes, signer updates, or account linking- and re-screen the new information using third-party enrichment to determine the risk level so you can act accordingly.