Ditch fraud at the doorstep: 3 tips for safer in-branch banking

Forget what you’ve heard about in-branch banking being on its way out. Believe it or not, research by the financial services nonprofit BAI shows that Gen Z is six times more likely to use in-branch services than their millennial or boomer counterparts. In-branch banking is here to stay — and with it, the vulnerabilities that often come up with in-branch fraud controls.

For some customers, the human touch of in-branch onboarding gives them a clearer understanding of the services available to them, their rights and responsibilities, and how to access their accounts. Others may believe that in-branch onboarding is the easiest way to achieve their banking goals. The problem is that more and more fraudsters think the exact same thing.

Much like sharks hone in on signs of prey, fraudsters will go wherever they can find systemic vulnerabilities in your risk controls. As banks have been hyper-focused on tightening up their digital controls over the past several years, fraudsters smell blood in the waters of in-branch banking, and are lining up for a chance at your organization’s assets.

How in-branch fraud works

In-branch fraud can take many forms. Here are the most prevalent types of fraud that happen in-branch:

• Falsifying identity

• Business fraud

• Check fraud

Falsifying identity

When fraudsters falsify their identity, it can be challenging for banks and credit unions to catch on. In-branch fraudsters falsify their identity using three key tactics: identity theft, account takeover fraud, and synthetic identity fraud.

• Identity theft
  
  Identity theft occurs when a fraudster steals a person’s personally identifiable information (PII) to open new accounts in that person’s name without their knowledge. Targets of identity theft often include vulnerable people who may not have an established credit history. Individuals who have passed away, children, people with disabilities, people who are incarcerated, those without a home, and other marginalized groups are especially attractive candidates for purveyors of identity theft. The idea is that the less likely a person is to notice that their identity has been stolen, the better for the fraudster.
  
  Still, identity theft doesn’t just impact vulnerable populations: It affects everyone. A fraudster who gets their hands on someone’s social security number can use it to take out a credit card at any retail store, rack up bills, and severely disrupt their life before anyone finds out.
  

• Account takeover
  
  Information stolen from checks, mobile devices, and credit cards can end up on the dark web, where bad actors can pay to gain access to a legitimate customer’s bank account. After an account has been taken over, a fraudster can transfer, withdraw, or spend money from the compromised account before the suspicious activity is reported.
  
  Once a fraudster is inside the account, they often change the real account holder’s personally identifiable information (PII), like their name, email address, phone number, or password. These non-monetary changes are considered a sign of account takeover (ATO), and make it challenging for the affected party to reenter the account.
  
  Sometimes, fraudsters skip changing PII altogether and simply head into a bank branch, impersonating the legitimate customer and requesting to transfer or withdraw funds before they disappear.
  
  No matter how an account takeover happens, the result is generally the same: a loss for the financial institution and a traumatic experience for the paying customer whose finances were roped into the fraudster’s plan.
  

• Synthetic identity fraud
  
  The Federal Reserve has called synthetic identity fraud “the fastest-growing type of financial crime in the U.S.” Synthetic identity fraud involves piecing bits of fake (and sometimes real) PII together in a Frankenstein-like configuration to create an entirely new fraudulent identity. Without proper safeguards, information exposed by weak passwords or data breaches, like names, social security numbers (SSN), and dates of birth, are all fair game for synthetic identity fraudsters.
  
  In the first half of 2023, 69% of data breaches exposed social security numbers, marking a 9% increase from the year prior. TransUnion reports that driver’s licenses and other forms of state identification were exposed in 31% of breaches, more than twice the 14% exposed last year. Checking and savings account numbers also saw their exposure double year-over-year.

Read our state of fraud benchmark report.

As digital security protocols grow more sophisticated, banks can leverage automated step-up verifications in their digital channels to protect against fraudulent behavior without creating customer friction. Meanwhile, in-branch protocols often rely on simpler protection methods.

Traditional ID scanners can check the validity of an ID but are generally not designed to perform identity verification by checking if the person presenting the ID is the legitimate owner. At the same time, many banks don’t even use ID scanners. Instead, they rely on manual ID checks, making them vulnerable to fakes made with the help of AI and other technologies. These gaps in the fraud controls of in-person channels compared to the more robust fraud controls of digital channels make it easier for bad actors to pass off fake IDs as legitimate ones in the branch.

Even if a fraudster doesn’t have a fake ID, their luck can still pay off in-branch. Depending on policy, banks may not verify a customer’s ID for certain transactions. This is especially true when faceless channels, like ATMs, are involved.

Business fraud

Another common form of in-branch fraud occurs when bad actors open fraudulent small business accounts. To do this, all a bad actor needs is to forge credentials, create and register a new business, or get a hold of information like a small business’ legally registered business identification number (EIN).

Unlike IDs, most business documents don’t require specialty printing, making the barrier to entry for this type of fraud low. Small businesses have a higher maximum loan amount than personal bank accounts, so this avenue of in-branch fraud potentially has higher rewards. On top of that, many banks and credit unions still do not offer business onboarding online at all, making fraudsters turn to in-branch channels to reap the rewards of business fraud.

As much as 80% of small businesses are owner-operated, meaning that they have no employees. These “microbusinesses” often have a limited footprint, making it difficult to validate ownership information. With over a quarter of small businesses lacking a website, banks have to cobble together context from disparate sources to really understand how risky it will be to transact with the person behind any given business.

Learn how to move trickier customer segments through the KYB process with our eBook

A fraudster who is talented at forging business documents can use them to apply for business loans. This gives them access to a broader pool of resources to steal from. During the COVID-19 pandemic, 17% of the Small Business Administration’s total disbursement for the Paycheck Protection Program (PPP) — over $200 billion in funding — was reportedly lost to fraudsters. With 5.1 million new business applications in 2022 (up 16% from 2020), there are more business entities for bad actors to impersonate now than ever.

How to stop small business banking fraud

Check fraud

Check fraud is a huge part of in-branch banking fraud and happens when a bank member deposits a check that has been stolen, counterfeited, altered, or forged.

One common form of check fraud happens after a new account has been opened in-branch using a fake ID or other false credentials. While the fraudulent check is being processed, the fraudster will request a debit card, which they use to withdraw the funds from the account, either from an ATM or in-branch. This form of financial fraud exploits the banking system's handling of checks, specifically the "float time" between a check's deposit in one bank and its clearance in another. Before the bank can detect the fraud scheme or the check bounces, the fraudster withdraws the money.

Banks are under pressure to make deposits available instantly (whether via mobile wallets or a direct withdrawal). As a result, check fraud tactics are experiencing a renaissance, with in-branch onboarding in a particularly susceptible position. Banks issued roughly 680,000 check fraud reports to the Financial Crimes Enforcement Network last year—just shy of double the reports recorded the year prior.

Review the most common types of financial fraud

Creating a holistic portrait of your in-branch customer

The costs of in-branch fraud run deep. Direct financial losses add up for banks and credit unions. And some types of fraud — like account takeover — also cause indirect losses. When bad actors are able to steal the account information of your legitimate customers to commit fraud successfully, it impacts the customer experience and erodes trust. Thankfully, simple procedural steps can get your in-branch fraud risk under control without increasing customer friction:

1. Unify your in-branch and digital data

Many banks shifted their fraud focus to digital during the pandemic. Now that you have made solid progress protecting your digital channels, it’s important to bring your in-branch channels up to par with your digital controls.

Banks train their tellers to meticulously review documents and checks, cross-referencing them with customers' transaction history to spot any irregularities. But an existing customer’s transaction history is just one lonely data point. With interest and mortgage rates rising while net household worth declines, banks must also face the fact that even loyal customers may commit fraud at some point in their lifecycle.

Connecting in-branch and online activities allows banks to consolidate their decision-making criteria. This unification process, known as data orchestration, allows banks to view a customer’s financial activity and digital footprint data in a centralized dashboard.

With Alloy’s Identity Risk Solution for in-branch onboarding, financial institutions can build out their customers’ identity and risk profiles from day one. Our platform unites over 190 data points across digital and physical channels to give you a comprehensive view of the person or business entity who is onboarding. Plus, Alloy can help you avoid insider fraud by supporting risk based controls so employees only have access to what is needed. Alloy’s interdiction capabilities and robust ongoing monitoring tools help you identify, track, and act on risk even after onboarding.

2. Standardize your in-branch and digital fraud processes for omnichannel banking

In digital onboarding, banks collect everything from phone numbers, to biometrics, and even social accounts. These requirements can be cross-referenced with other information for successful identity verification, like an applicant’s photo ID.

Despite this being the norm online, date orchestration processes are heavily under-implemented in-branch. Informational silos can mean that in-branch customers are held to different standards than their online counterparts, often with less reliable information checks.

It is important for banks to invest in providing their branch employees with equipment, technology, and training to verify applicants in person to the exact same standard as those who are opening an account online.

Not only is this uniformity good for customer experience, but omnichannel onboarding also ensures that accidental silos are not causing good customers — including legitimate leads who you have painstakingly courted through marketing — to be rejected by your system.

How to approve more good customers

3. Automate your decision-making — no code necessary

There’s a lot of pressure on bank employees to safeguard a financial institution’s assets. While front-line workers will make good calls to the best of their ability, the reality is that in-branch fraud detection requires an immense degree of knowledge and vigilance.

The more on-the-spot decision-making that gets delegated to a bank’s tellers and relationship managers, the harder it is for them to keep making risk-assessment decisions effectively throughout the day. This is especially true as labor shortages continue post-pandemic. In 2022, banks saw a turnover rate of nearly 25% — a whopping 10% increase from 2021. At the same time, any time a branch employee is making a decision on a customer, their human bias can affect the end result.

With a 95% reduction in manual reviews of consumer onboarding data and a 30% increase in “good” customer conversion, Alloy automates the basics so banks can delegate more meaningful work to their tellers and relationship managers. By upskilling employees to bring in more revenue, banks can set themselves up to cut hiring and onboarding costs while increasing revenue.

Alloy automates your bank’s workflow in minutes, not days. We run multiple data providers simultaneously, reducing needless document requests and manual reviews. Plus, you can fast-track ID verification, step-up verification, and decision-making processes by setting automation rules to your exact specifications — for a smoother customer onboarding process, without the hassle of coding.

In-branch fraud is a widespread, but controllable risk to manage

Fraudsters have identified a lack of focus on in-branch fraud controls and are using this to their advantage. While banking transactions can tell a compelling story, real-time identity decisions should be central to any bank or fintech that’s committed to stopping fraud in its tracks.

Everyone has to eat — especially predators. When fraudsters can’t outsmart your financial institution, they are forced to swim toward more inviting waters. Plugging up in-branch vulnerabilities sends a clear message to individuals and organizations with fraudulent intent. It safeguards your customers’ finances, shows a commitment to your internal processes, and prevents large-scale fraud from happening at home base.