Four bank fraud trends particular to Europe
Whether it’s rogue relationship managers in private banking, professional cyber criminals from Eastern Europe or banks’ inability to spot contactless fraud, Europe has its own specific set of challenges, writes Julien Loisy
European markets have worked hard to combat the growth of fraud; particularly plastic fraud, where criminals use cloned bank cards to steal funds. In France and the UK, for example, plastic fraud fell by six per cent and eight per cent respectively in 2017.
But success in one country and in one medium sometimes seems only to push the problem of fraud into other jurisdictions and the fraudsters towards other scams. Across Europe, three distinct fraud trends are showing signs of growth.
Europe has a long tradition of offering highly personal, concierge-type services to wealthy bank customers. These services demand that relationship managers forge close links with customers, while the wealth of the customer often means large sums are regularly moved around. This has created opportunities for internal fraud.
Many banks have controls in place to protect customers, such as withdrawal limits above which a second level of approval is required. These limits are typically between €10,000 and €100,000. But rogue relationship managers can exploit both the type of service they are expected to deliver and their knowledge of in-house controls to steal millions. In one recent case that came to court, a manager was found guilty of stealing several millions of Swiss Francs over a number of years from one client’s account, taking less than the control trigger amount each time.
There are a number of similar cases going through the courts now, and we know these are only the tip of the iceberg. Just looking at the rising number of private banking fraud cases mentioned in press shows it is a significant problem.
The industrialization of fraud
A number of media reports have highlighted how fraud has become big business in some parts of Europe, particularly with cybercrime gangs coming from Eastern Europe and Russia. The size of the potential spoils has encouraged criminals to industrialize their operations, notably those concerning cyber crime.
These criminals offer the tools to help access people’s bank accounts via phishing exercises or device takeover. One recent case involved 20 hackers arrested in Romania and Italy for sending emails as if from tax agencies, asking for customers’ credentials. Others ask email recipients to install software that includes hidden programs to record key strokes and the criminals get passwords that way.
The criminals often start by stealing small amounts and gradually increase the sums until they are detected and stopped. Meanwhile, many thousands could have disappeared.
Manual and fixed controls are proving ineffective in stopping these fraudsters and, again, banks are increasingly turning to technology that includes artificial intelligence (AI) and machine-learning to provide an extra layer of defence. This is because AI, for example, helps the bank to build a 360-degree picture of the client so it can more easily and quickly spot suspicious behaviour – such as an unusual series of transactions or transactions initiated from a new device.
Europe has some of the highest use-rates of contactless payment in the world. While many people enjoy the convenience contactless offers, its popularity has opened the door to fraudsters, who capture the card details while they are being read, clone the card and go on a contactless spending spree. In the UK this type of fraud has overtaken the cheque scam for the first time.
The problem has become so prevalent that some jurisdictions, such as the UK, are considering capping the number of consecutive contactless transactions in an effort to curb this type of fraud. This is only a partial solution – the fraudsters will still have an open field until they reach the cap – and unless banks install technology that can spot irregular patterns and suspicious behaviour, contactless will remain a rich seam for fraudsters. Nor would such a ban stop criminals from capturing customer card data, which they use to clone the cards and then crack PINs. They then use the cards at ATMs to withdraw cash and empty customers’ accounts.
But it’s not just individuals that are targeted. Research published at the start of 2018 revealed the enormous scale of invoice fraud affecting companies. In the UK alone, the research showed that SMEs lose more than £9bn a year in invoice fraud, with more being stolen year on year.
According to the authors, a big contributing factor is the vast array of formats in which invoices arrive at business – paper, electronic, PDF, uploads, downloads. Their number make it hard for companies to monitor and provide multiple ways in for the fraudsters.
Even we at NetGuardians were targeted in what appears to have been a sophisticated and well-thought-out fraud attempt. It was only the vigilance of the marketing manager that spotted a fake invoice for a bogus fintech directory entry.
With fraud on the rise across Europe, the traditional fraud mitigation measures of static rules and sampling used by banks in the region are proving ineffective. This is driving new demand for technology that includes AI and machine-learning that can spot and stop fraudulent activity quickly and effectively. It’s a battle that is constantly evolving but one that technology promises to, if not win, at least keep within manageable limits.