Your fraud model is broken

Most fraud prevention models no longer keep up with current threats because they focus on transactions instead of identity

Fraud is one of the most pressing challenges the financial services industry is up against right now. In our State of Fraud Benchmark Report, 100% of fraud decision-makers at banks and fintechs reported that they experienced fraud in the last twelve months, 96% reported that they lost money to fraud over the previous year, and 70% said they lost over $500k to fraud during that time period.

Unlike data breaches which are reported publicly, fraud is more of a behind-the-scenes struggle for banks and fintechs. But while fraud may be less in the public eye, companies are spending more on fraud prevention technology than ever before. We are seeing the risk officers in companies move into C-suite roles as organizations recognize the importance of risk prevention to any good growth strategy.

And yet, despite the added investment, the fraud problem is one that many companies still struggle to keep pace with. There are a number of reasons why. Not the least of which is the level of sophistication that fraudsters now employ in their attacks, but one of the main reasons we see companies' fraud prevention strategies fail is that they focus on monitoring transactions rather than customer identity.

All fraud is identity fraud

In some ways, all fraud is identity fraud. If you think this is a provocative outlook, take FinCEN’s Acting Deputy Director Jimmy Kirby’s word for it instead, “Identity is fundamental to the effectiveness of every financial institution’s AML/CFT program regardless of whether customers are using traditional depository financial institutions, money services businesses, or emerging digital asset products.”

His take is not surprising given that in 2022 alone, FinCEN reported receiving more than 350,000 Suspicious Activity Reports (SARs) tied to identity theft and over 600,000 SARs reporting the use of false or fraudulent identification records.

There will always be an identity on the other end of a fraudulent transaction that benefits from it. When you think about different types of fraud — payments fraud, synthetic fraud, account takeover fraud, etc. — even if there is a bot executing it, there’s a person who will cash out.

At Alloy, we believe that if you can correctly answer the questions below, you will prevent most fraud.

• Is this person using a stolen identity?

• Is this person using a synthetic identity?

• Did they take over an account?

• Are they committing (or might they commit) fraud in their own name?

Today, identity decisioning is already a part of the onboarding process for banks and fintechs; it is core to meeting KYC, AML, and other critical regulatory requirements. The opportunity here is for those same organizations to continue looking at identity throughout the lifecycle of their customers.

People steal money

The financial services industry has historically framed fraud as “money being stolen.” This outlook leads to banks and fintechs looking at fraud on a transactional level: they are looking for transactions that are out of place, atypical or suspicious. This is a very narrow and reactive approach to risk management; wait to see what happens and respond accordingly.

Seeing fraud this way would be like if you hired someone without interviewing them first, without ever having meetings with them, and without reviewing how they are doing in their first 90 days. And instead, you hire them blindly and then solely assess them on their work outputs. If you did this, you’d probably end up with employees that aren’t a good fit. The interview, collaboration, and ongoing review processes are essential to determine who a person is, what they are capable of, and whether they are a good employee.

The bottom line is that you really have to get to know someone to understand if they will be a good fit and are adding value to your organization or not. You can say the same thing about fraud; getting to know as much as possible about your customers will help you understand who is committing fraud or might commit it in the future.

Contrary to popular belief, fraud isn’t about “money being stolen.” It’s actually about “people stealing money.” Moving from analyzing transactions to analyzing entities will not only prevent fraud, but also better predict who will commit fraud in the future.

So, how do you do that? Organizations need to invest in understanding an individual’s identity throughout their customer lifecycle to figure out who the people stealing money are. Identifying people who will or might steal money should be your first priority. Identifying money being stolen should be your second line of defense.

The path forward

The threat of fraud is preventing banks from delivering the user experiences their customers demand. Meanwhile, fintechs are hesitant to jump on growth opportunities for fear of letting in the wrong customers or cutting corners on compliance. As a result, people and businesses are limited from accessing the financial products they need and expect.

But it doesn’t have to be this way. Getting a handle on identity risk helps companies take a proactive approach to the financial services industry’s identity problem.