ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Compliance and Risk

The challenge of financial fraud detection two years into a pandemic

July 7, 2022
Reading Time: 4 mins read
The challenge of financial fraud detection two years into a pandemic

By Uriel Maimon

One of the biggest changes that came unexpectedly from the COVID-19 pandemic was more people swapping their city lives for an escape to the country. Employees were no longer going into offices, or taking advantage of the 24-hour city life. In response, many packed up and sold their condos or gave up apartment leases, replacing them with suburban homes and country living.

However, the effects of this “great pandemic migration” were far bigger than just updates to address books. In fact, banks came directly into the firing line, because the trend offered cyber criminals new avenues to deceive financial fraud models and to target banks with credential stuffing and account takeover attacks.

Deceiving fraud models through automated attacks

When the COVID-19 pandemic first broke, the first businesses to feel its impacts were brick and mortar organizations, forced to close their physical doors and start operating as online organizations.

For banks, this meant moving more services online and closing physical branches, while working with an almost entirely online customer base. Of course, this shift to online has been occurring for many years, but the pandemic gave a push to those last few customers who still preferred to do their banking only in person.

To continue serving customers, banks moved nearly their whole portfolios of services to digital platforms, catering to all their customers’ needs, with vastly reduced physical interaction.

As banks offered more of their services online, they opened new gateways for cybercriminals to target them. This, tied with the fact that so many people were moving homes, caused major problems as not only was the attack surface of banks growing, the accuracy of location-based customer authentication was significantly decreasing.

Cybercriminals saw the opportunity and flooded bank websites with credential stuffing and account takeover attacks.

Security versus convenience

Banks have always been the a top attack target for criminals. Today, the primary threat is automated bots that have been hired by criminals to hammer bank websites with rapid-fire log-in attempts into customer accounts. Once attackers have secured valid credentials and gained access to accounts, they can then carry out fraudulent transactions, transfer funds from accounts or initiate new credit applications.

The threat is costing banks millions. To put it into perspective, Aberdeen Group discovered that 84 percent of financial services companies have reported that a portion of their online users have experienced a successful account takeover in the last 12 months, while the average cost of an attack can be up to 6.4 percent of the revenue generated from their monthly active users.

This means preventing these credentials stuffing attacks must be a high priority for all banks.

The traditional ways for banks to prevent these automated and fraudulent login attempts was through the location of customers to identify if they were genuine. If a customer typically connects to a bank from Manhattan, but suddenly her account sees a login from Dubai, this will raise alarm bells and will result in queries being raised. Banks will contact the customer directly to confirm identity before committing to a transaction. However, with many people moving addresses, this has affected the accuracy of fraud models and made it difficult to determine which customers had moved and which had stayed put.

The most obvious solution to counter this threat is for banks is to delay transactions until customers are physically contacted to verify them. But this adds additional security layers, delaying important transactions and ultimately causing customer friction—risks banks want to avoid.

The alternative solution can be down to banks enforcing the use of multi-factor authentication and user verifications such as captcha. But these can also frustrate customers who want easy access to their banking information. While both security measures reduce the risk of credential stuffing, MFA and captcha can create user friction, increasing abandonment and negatively impacting the customer experience.

Behavior-based analytics

Today, the most sophisticated and user-friendly method for blocking credential stuffing attacks is to use behavior-based detection and blocking. This goes beyond just signature-based approaches, and it uses advanced machine learning techniques and iterative feedback loops to build predictive models, which can proactively block a wide range of automated attacks that would pass through signature detection.

Behavior-based approaches go beyond the “declarative” identifiers. They look for patterns in network data, client-side device and user data (screen resolution, rendering engines) and user interaction events to spot qualitative and quantitative differences between bots and live human users, to name a handful of data types. Behavior-based detection can factor in hundreds of elements and see patterns where human operators would not. Accurate real-time behavior-based detection can learn on the fly, constantly updating its models. This allows banks to automatically reject the overwhelming influx of traffic from unauthorized bots.

Traditional detection methods through location-based authentication have taken a hit as a result of the pandemic, while MFA can cause friction in the customer experience that can damage relationships and result in banks losing clients to competitors.

As a result, advanced bot detection and mitigation solutions that leverage machine learning and behavioral analysis are important and contemporary ways to reduce the effectiveness of automated credential stuffing and account takeover attacks. Thus, allowing banks to put behind them worrying about account fraud as they instead prioritize innovating and delivering value to their customers.

Uriel Maimon is senior director of emerging technologies at PerimeterX, a provider of solutions that detect and stop the abuse of identity and account information on the web.

Tags: COVID-19FraudMachine learning
ShareTweetPin

Related Posts

ABA, BPI support proposed process to create drone no-fly zones

ABA, BPI support proposed process to create drone no-fly zones

Cybersecurity
July 7, 2026

In a joint letter to the FAA, ABA and BPI said that unauthorized unmanned aircraft activity near financial institution sites can create “obvious and legitimate risk” to physical security as well as cybersecurity, as the technology can be...

How to Talk About Your Bank’s Fintech Collaborations

The trust dividend

Technology
July 7, 2026

How regulatory and consumer expectations are shifting how partner banks compete for fintech deposits.

FCC grants ABA-requested extension of ‘revoke all’ rule’s effective date

ABA joins with consumer rights group to protect fraud alerts

Compliance and Risk
July 1, 2026

ABA joined with the National Consumer Law Center and ACA International in proposing to the FCC a rewrite of the “revoke all” rule. The rule is set to take effect on January 31, 2027, but the FCC is...

A close call with fraud

ABA Fraudcast: Defending customers from wire fraud

Compliance and Risk
July 1, 2026

'It's asking questions like: Have you been coached? Is someone telling you to do this? Is this going into an account that you opened or authorized to be opened?'

Republican lawmakers urge Trump officials to preserve CDFI Fund

House committee advances ABA-backed bills on fair credit liability, check fraud

Compliance and Risk
June 30, 2026

The House Financial Services Committee advanced legislation that would align Fair Credit Reporting Act liability with other financial consumer protection laws, reform the Securities and Exchange Commission and give banks more time to verify suspicious checks. The three...

FinCEN issues alert on oil smuggling schemes along southwest border

FinCEN issues alert on fuel smuggling schemes linked to Mexican cartels

Compliance and Risk
June 30, 2026

FinCEN issued a supplemental alert for financial institutions on suspicious activity connected to Cartel de Jalisco Nueva Generacion and other Mexico-based transnational criminal organizations smuggling fuel from the U.S. into Mexico in schemes involving Mexican tax evasion known...

NEWSBYTES

Fed seeks comments on changes to AML program rules, aligns with other agencies

July 8, 2026

CFPB releases its Fall 2025 Unified Agenda of Regulatory and Deregulatory Actions

July 7, 2026

ABA, BPI support proposed process to create drone no-fly zones

July 7, 2026

SPONSORED CONTENT

Why Your Systems Keep Slowing Down — and What to Do About It

Examiners Are Now Looking at Your Non-Core Systems

June 11, 2026
Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

June 1, 2026
A Modern Blueprint for Serving High-Net-Worth Families

A Modern Blueprint for Serving High-Net-Worth Families

May 28, 2026
Why Your Systems Keep Slowing Down — and What to Do About It

AI Is in Your Bank. Is Your Cloud Contract Governing It?

May 20, 2026

PODCASTS

Podcast: Financing America’s independence

June 29, 2026

Podcast: Talent and innovation in community banking

June 18, 2026

Podcast: Understanding bank regulators’ guidance on illegal immigration

June 11, 2026

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2026 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2026 American Bankers Association. All rights reserved.