Fraud has long been a constant in the financial services industry—for the same reason the notorious bank robber Willie Sutton targeted it: “That’s where the money is.” Yet many financial institutions remain reluctant to invest in the kinds of solutions that can truly counter these threats.
As technology continues to evolve—both for banks and for criminals—the key to combating fraud lies in taking a holistic, intelligent, and sustained approach. Criminals will not stop refining their methods, and financial institutions must respond in kind or risk losing not only money but also the trust and loyalty of their customers.
Where Things Stand
Credit and debit card fraud remain the top concerns for most financial institutions. However, identity fraud may pose an even greater threat going forward. Javelin Strategy & Research reported a sharp rise in identity fraud in 2024, with total losses in the U.S. reaching $27.2 billion, up from $22.8 billion in 2023.
Within this category, account takeover (ATO) fraud may represent the biggest threat on the horizon. Annual losses from ATO are currently estimated at nearly $16 billion, according to Javelin, affecting roughly 5 million consumers each year. Criminals are targeting a wide range of accounts—including checking and credit accounts, email, digital wallets, mobile phones, and social media. Weak authentication measures, such as optional multi-factor authentication and lenient password policies, have exacerbated the problem.
“People continue to use and reuse their login credentials across multiple accounts, both financial and nonfinancial,” said Suzanne Sando, Lead Analyst of Fraud Management at Javelin Strategy & Research. “That’s not the victim’s fault, but it is an opportunity for banks to look into their account takeover protections and make better decisions based on some of the account actions that criminals are taking.
“With ATO, criminals don’t have to go through the Know Your Customer and identity verification that they do for new account fraud,” she said. “All they have to do is crack the credentials, change a few pieces of critical information, and then they’re pretty much able to evade detection until the customer notices they’ve been locked out of their account.”
Current Defenses Are Not Strong Enough
The growing losses from fraudulent attacks suggest that current prevention methods are not strong enough. Nearly half of the financial institutions surveyed allocated less than $50,000 to fraud, authentication, and identity verification solutions. Javelin’s research reveals that many FIs not only lack the necessary tools to fight fraud but also, in large numbers, have no plans to increase their investment in this area.
For example, in 2023, fewer than a third of organizations used an authorized push payment fraud solution, and only 18% planned to adopt one in the future. Tools designed to address synthetic ID fraud, chargeback fraud, and peer-to-peer fraud are used by even fewer organizations. Additionally, three-quarters of organizations aren’t using decision engine tools—critical systems for combating fraud effectively and at scale.
“A decision engine takes in a bunch of different signals and behaviors and data points, and it spits out a decision on whether or not you should allow a transaction or a particular account action to happen,” Sando said. “For example, it can use inputs like behavioral biometrics, which are the way you type, the way you hold your phone, device intelligence. ‘Is this normally Suzanne’s iPhone, and is she using the same operating system?’”
The Solutions Are Available
Effective fraud-fighting tools are available to financial institutions, even those with restrictive budgets. The key is to be strategic. Many of the most innovative fraud prevention tools perform best when seamlessly integrated, rather than operating in the siloed environments that FIs often fall back on.
Fraud detection and prevention technology operates on multiple levels. When these tools work in tandem, they can provide a comprehensive view of a user and a real-time assessment of their risk profile.
Risk-based decision engines that draw on multiple data sources are far better equipped to manage complex processes than relying on a single internal system. These engines work dynamically with data—such as biometrics—to automate decisions related to detecting attacks. That capability provides FIs with greater confidence in the actions they take regarding individual users and transactions.
This is truly an area where there is strength in numbers. Shared industry data, compiled from many sources, enables more accurate identification of suspicious behaviors. By contrast, when FIs rely solely on their internal data, their view of a consumer’s risk level is severely limited.
Data privacy must always be handled with the utmost care and consideration, which is why many FIs prefer to keep information internal. However, a secure data consortium can reveal critical fraud intelligence, granting FIs access to a wealth of information that ultimately supports better-informed decisions. In a rapidly changing fraud landscape, this level of industry collaboration is essential.
The Growing Role of AI
Artificial intelligence is already enhancing these capabilities. AI-powered solutions can sift through vast amounts of data to identify telling patterns, while machine learning handles much of the heavy lifting in trend and data analysis—supporting a risk management and decision-making process that stays both relevant and up to date.
“AI is a more precise way of looking for some of these patterns and behaviors that the human eye cannot detect,” said Sando. “We can only do so much as we look through someone’s transactions. Let’s say there’s a bot attack. You may notice some characteristics of that that are in line with fraud, but AI can recognize patterns in a way that we cannot.”
What FIs Need from their Partners
It’s critical that fraud detection partners are able to meet financial institutions where they are. Most financial institutions already have complex, highly customized tech stacks, so any fraud prevention solutions need to work with the existing technology. This requires a fraud partner who is flexible and can adapt to each FI’s unique needs.
FIs also need partners who are visible and accessible. Javelin’s research found that quality face time with experts is crucial, with more than three-quarters of respondents saying they want knowledgeable and trustworthy collaborators. These institutions place high value on in-person interactions with vendors before adopting new technology.
Javelin also found that the top priority for businesses concerned about financial fraud is protecting their brand. Since customers are willing to switch providers if they fall victim to fraud, a bank’s reputation can be its most important asset.
“You are more likely to read a bad review about someone than a good review,” Sando said. “If one fraud victim has a bad experience and they start publicizing it, that’s something a bank wants to prevent. Trust is such a basic part of the foundation of a relationship between a customer and a bank. If you don’t have that trust, that person can walk at any time. And we’re seeing growing numbers of fraud victims growing who are willing to close their accounts and move somewhere else.”
