Top 4 themes from Alloy’s ‘2024 State of Fraud Report’
Sara Seguin, Alloy’s Principal Advisor of Fraud & Identity Risk, shares top takeaways from Alloy’s annual fraud report and reacts to some of the surprising data
There’s never a dull moment in the world of fraud, and 2023 was no exception. Last week, Alloy came out with their second annual State of Fraud Benchmark Report, a survey of over 400 fraud and risk decision-makers at financial services companies throughout the US and UK.
The report — which outlined how fraud affected banks, fintechs, and credit unions over the past year and what organizations are doing to fight back against fraudsters — is a great read for any fraud professional, but quite dense.
Don’t have time to sift through all the data? I’ve highlighted some top themes from the report below and shared my gut reactions to the (sometimes surprising) data.
Theme 1: Fraud leaders have invested time and resources in fighting back — and it’s paying off.
The report found that 98% of respondents had experienced fraud in 2023, but surprisingly, only 57% reported an increase in fraud attacks compared to the previous year. This is down significantly from last year’s report, where 91% of respondents indicated they saw an increase in fraud attacks YoY. The respondents also shared that the frequency of fraud attacks is occurring at a slower rate than in prior years.
Based on conversations with fraud leaders across the industry, fraud threats continue to be a top concern. So why the decrease?
I believe a few possibilities could be contributing to the reported decrease.
If a bank or fintech experienced a fraud attack in 2022, they would (or should) have implemented a control to fix the vulnerability being exposed. If fraudsters attempt to use the same methodology, then, in theory, they would be stopped.
The report's data shows that investments in new fraud platforms are paying off and contributing to the reported decrease — sectors that reported investing in new fraud tools at higher rates were more likely to report a decrease in fraud and manual reviews. If fraud tools are automatically declining fraud, it could be that fraud professionals are less aware of the unsuccessful fraud attempts their new tools are catching because they aren’t seeing them directly.
A change in the customer experience upstream could also lead to a decrease in reported numbers. If additional friction was added in the form of step-up authentication, then the fraudsters could be abandoning the process as they are unsuccessful. The right level of customer friction can still make it easy for clients to do business, while causing just enough friction for the fraudsters to be unsuccessful in their attempt. Thus perhaps causing a volume that may not be counted as an attack.
On a pessimistic note, fraudsters are becoming more sophisticated in their approach. It could also be possible that FIs and fintechs don't even know there are more fraudsters in their system that haven't cashed out yet or are defrauding small amounts that are being written off.
Theme 2: Perspectives on how good organizations are at handling fraud vary throughout the org chart, but protecting the organization’s bottom line is the top priority across the board.
When asked how organizations are preventing fraud, a whopping 96% responded that their organization can handle increasing fraud threats, which is excellent news! However, the respondents’ role within the organization appears to directly influence how confident they are that their organization can combat fraud threats. The more senior their role, the less likely they were to strongly agree their organization was equipped to deal with fraud threats.
68% of C-level executives responded they only somewhat agree they can handle the threats, followed closely by 61% of VP-level respondents. Meanwhile, the reverse seems to be true for those in a manager role, 56% of manager-level respondents strongly agreed that they can handle growing threats.
Does this mean the more senior to the role, the more skeptical you are? Or, as a manager, are you closer to the everyday threats and have more visibility into how your teams are handling the growing threats?
Either could certainly be true, but it does show there is a different point of view on fraud threats across the org chart. It is imperative to have transparency and be on the same page about where the controls are lacking so that when a firm is faced with an attack, all levels in the organization are able to understand what needs to be done and take action quickly.
When C-suite executives were polled on how they viewed the consequences of fraud in 2022, they indicated reputational damage as their top concern. However, in 2023, C-suite executives cited direct financial losses as their top concern. In fact, all roles surveyed ranked direct financial losses as the number one consequence of fraud in 2023.
Surely, there are always multiple consequences, including loss of clients and reputational damage, but goodwill credit loss came in at a close second as respondents’ top concern. This data shows that the two highest responses (direct financial losses and goodwill credit loss) — totaling 58% — were related to a financial loss to the organization.
Many organizations are looking to increase their efficiency ratio and strategically cut costs amid somewhat volatile macroeconomic conditions. So, it’s not surprising that the focus has shifted to minimizing financial losses because they directly impact an organization’s bottom line.
Theme 3: Categorizing fraud can be challenging, but it’s critical to fraud prevention.
Respondents reported authorized push payment (APP) fraud and bust-out fraud as the leading types of fraud contributing to case volume. They also reported that these two categories cause the highest losses for their organization.
Categorization continues to be a challenge in 2023 because many of the types overlap with each other, thus making it hard to track cases across multiple categories, which could lead to an influence on the volume of fraud by case type. As an example, if deposit fraud occurs on a newly opened account and it is a case of identity theft, then an organization may only be tracking it consistently as deposit fraud. In this case, the organization is tracking the method of execution (deposit fraud) instead of the actual type of fraud that occurred (identity theft). Tracking both the method/channel of execution and the type of fraud that occurs is critically important to be able to stop fraud in the future.
Another interesting call-out is that when you view the 10 categories respondents could choose from, it was a tight race for which types were most common. APP fraud leads with 22% of cases, followed closely by bust-out fraud at 18%, and the next is account takeover (ATO) fraud at 15%. The list goes on, but as you can see, several types of fraud are plaguing the industry, and I expect those to ebb and flow over the course of a year.
Theme 4: Identity is at the core of fraud prevention.
One of the responses I found the most encouraging was that 75% of banks, fintechs, and credit unions are planning to invest in an Identity Risk Solution in the next 12 months to combat fraud. This data point signals that banks have identified they need to enhance their identity detection and have the ability to be agile.
Controls are not one-size-fits-all; what may work for one bank or your digital channel may be very different for another firm or channel of the branch. Investing in an identity platform provides visibility into the identity behind any potentially fraudulent transactions. An identity risk solution breaks down the barrier of the old siloed approach of identity and transactions, and brings all the data into one view, equipping FIs and fintechs with the ability to review their customers’ identities holistically throughout the entire customer lifecycle as they make transactions and other financial activities.
These themes are really just the tip of the iceberg. Alloy’s State of Fraud Benchmark Report has a lot of other interesting insights around fraud and identity risk. We’ll be talking about these themes and more in our upcoming webinar, Fraud in Focus: 2024 Fraud Trends.
Get more insights from our State of Fraud Report.
Sara Seguin is a principal advisor on fraud and identity risk at Alloy. Sara has over 16 years of experience in financial crimes within enterprise banks, including fraud, payments, risk, and identity.
