ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

The challenge of financial fraud detection two years into a pandemic

July 7, 2022
Reading Time: 4 mins read
The challenge of financial fraud detection two years into a pandemic

By Uriel Maimon

One of the biggest changes that came unexpectedly from the COVID-19 pandemic was more people swapping their city lives for an escape to the country. Employees were no longer going into offices, or taking advantage of the 24-hour city life. In response, many packed up and sold their condos or gave up apartment leases, replacing them with suburban homes and country living.

However, the effects of this “great pandemic migration” were far bigger than just updates to address books. In fact, banks came directly into the firing line, because the trend offered cyber criminals new avenues to deceive financial fraud models and to target banks with credential stuffing and account takeover attacks.

Deceiving fraud models through automated attacks

When the COVID-19 pandemic first broke, the first businesses to feel its impacts were brick and mortar organizations, forced to close their physical doors and start operating as online organizations.

For banks, this meant moving more services online and closing physical branches, while working with an almost entirely online customer base. Of course, this shift to online has been occurring for many years, but the pandemic gave a push to those last few customers who still preferred to do their banking only in person.

To continue serving customers, banks moved nearly their whole portfolios of services to digital platforms, catering to all their customers’ needs, with vastly reduced physical interaction.

As banks offered more of their services online, they opened new gateways for cybercriminals to target them. This, tied with the fact that so many people were moving homes, caused major problems as not only was the attack surface of banks growing, the accuracy of location-based customer authentication was significantly decreasing.

Cybercriminals saw the opportunity and flooded bank websites with credential stuffing and account takeover attacks.

Security versus convenience

Banks have always been the a top attack target for criminals. Today, the primary threat is automated bots that have been hired by criminals to hammer bank websites with rapid-fire log-in attempts into customer accounts. Once attackers have secured valid credentials and gained access to accounts, they can then carry out fraudulent transactions, transfer funds from accounts or initiate new credit applications.

The threat is costing banks millions. To put it into perspective, Aberdeen Group discovered that 84 percent of financial services companies have reported that a portion of their online users have experienced a successful account takeover in the last 12 months, while the average cost of an attack can be up to 6.4 percent of the revenue generated from their monthly active users.

This means preventing these credentials stuffing attacks must be a high priority for all banks.

The traditional ways for banks to prevent these automated and fraudulent login attempts was through the location of customers to identify if they were genuine. If a customer typically connects to a bank from Manhattan, but suddenly her account sees a login from Dubai, this will raise alarm bells and will result in queries being raised. Banks will contact the customer directly to confirm identity before committing to a transaction. However, with many people moving addresses, this has affected the accuracy of fraud models and made it difficult to determine which customers had moved and which had stayed put.

The most obvious solution to counter this threat is for banks is to delay transactions until customers are physically contacted to verify them. But this adds additional security layers, delaying important transactions and ultimately causing customer friction—risks banks want to avoid.

The alternative solution can be down to banks enforcing the use of multi-factor authentication and user verifications such as captcha. But these can also frustrate customers who want easy access to their banking information. While both security measures reduce the risk of credential stuffing, MFA and captcha can create user friction, increasing abandonment and negatively impacting the customer experience.

Behavior-based analytics

Today, the most sophisticated and user-friendly method for blocking credential stuffing attacks is to use behavior-based detection and blocking. This goes beyond just signature-based approaches, and it uses advanced machine learning techniques and iterative feedback loops to build predictive models, which can proactively block a wide range of automated attacks that would pass through signature detection.

Behavior-based approaches go beyond the “declarative” identifiers. They look for patterns in network data, client-side device and user data (screen resolution, rendering engines) and user interaction events to spot qualitative and quantitative differences between bots and live human users, to name a handful of data types. Behavior-based detection can factor in hundreds of elements and see patterns where human operators would not. Accurate real-time behavior-based detection can learn on the fly, constantly updating its models. This allows banks to automatically reject the overwhelming influx of traffic from unauthorized bots.

Traditional detection methods through location-based authentication have taken a hit as a result of the pandemic, while MFA can cause friction in the customer experience that can damage relationships and result in banks losing clients to competitors.

As a result, advanced bot detection and mitigation solutions that leverage machine learning and behavioral analysis are important and contemporary ways to reduce the effectiveness of automated credential stuffing and account takeover attacks. Thus, allowing banks to put behind them worrying about account fraud as they instead prioritize innovating and delivering value to their customers.

Uriel Maimon is senior director of emerging technologies at PerimeterX, a provider of solutions that detect and stop the abuse of identity and account information on the web.

ADVERTISEMENT
Tags: COVID-19FraudMachine learning
ShareTweetPin

Related Posts

ABA donates to Texas flood relief efforts, urges bankers to contribute

FDIC issues regulatory relief guidance for Texas

Compliance and Risk
July 11, 2025

The FDIC released guidance with steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Texas recently affected by severe storms and flooding.

BIS drafts guidance for central banks on AI adoption

BIS releases report on connections between banks and nonbanks

Compliance and Risk
July 11, 2025

Differences between regulations for banks and those for nonbank financial intermediaries may have created incentives to shift business activities to the NBFI sector, so bank supervisors should apply “close scrutiny” to such interactions, according to the report.

Regulators take issue with discrimination definition in proposed appraisal standards

HUD reverses Biden-era policies on appraisal review

Compliance and Risk
July 11, 2025

HUD eliminated several of the core policies adopted by the Property Appraisal and Valuation Equity task force, an interagency group of 13 federal agencies formed during the Biden administration to address alleged discrimination in the appraisal process.

Fed releases agenda for upcoming conference on large bank capital requirements

Fed seeks public input on large bank rating system revision

Compliance and Risk
July 10, 2025

The Federal Reserve requested comment on a proposal to revise its supervisory rating framework for large bank holding companies to address the "well managed" status of the firms.

FinCEN, IRS-CI launch series to help banks combat fentanyl trafficking

FinCEN extends compliance dates for fentanyl orders

Compliance and Risk
July 9, 2025

FinCEN has extended by more than a month the effective dates for orders involving three Mexico-based financial institutions with alleged ties to fentanyl trafficking, according to an agency statement.

ABA Regulatory Policy and Compliance Inbox: Must banks disclose all co-branding relationships?

ABA Regulatory Policy and Compliance Inbox: Just what is reportable under CRA?

Compliance and Risk
July 9, 2025

What about refinances and renewals for small business, small farm and community development loans? And: Understanding risk-based pricing notices.

NEWSBYTES

ABA, associations seek clarity about Fannie, Freddie credit scoring change

July 11, 2025

ABA DataBank: Copper prices rise on tariff announcement

July 11, 2025

FDIC issues regulatory relief guidance for Texas

July 11, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

Breaking down the bank-related provisions in the big budget bill

July 10, 2025

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.