ABA Deposit Account Fraud Survey

Similar documents
FFIEC CONSUMER GUIDANCE

EFT Industry and BSA/AML Dan Altman

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

FFIEC BUSINESS ACCOUNT GUIDANCE

2014 Payments Fraud Survey

FFIEC CONSUMER GUIDANCE

ACI Response to FFIEC Guidance

ACH Training. Automated Clearing House

2014 Payments Fraud Survey Summary of Results

Emerging ACH Issues. Florida Bankers Association 30 th Annual Consumer Compliance Seminar Orlando, Florida April 29- May 1, 2015

Payments Fraud: It's Not Fun & Games

Banking Solutions for Nonprofits 101. Four Money Saving Strategies for Nonprofits with Bank Products

Online Account Takeover. Roger Nettie

ACH Welcome Kit. Rev. 10/2014. Member FDIC Page 1 of 8

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC.

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

Are All High-Risk Transactions Created Equal?

Transforming the Customer Experience When Fraud Attacks

Networks, Processors, and Issuers Payments Surveys (NPIPS)

Introductions 1 min 4

Conversion at a Glance. Important Dates and Information. Legend

Overall, which types of fraud has your organisation experienced in the past year?

Business Banking Accounts and Products

Internet Banking Authentication Guidance is Out

Fraud Protection, You and Your Bank

PAYROLL CARD FREQUENTLY ASKED QUESTIONS

Mobile Deposit Policy

Payments Fraud Best Practices

Payment Fraud Statistics

Payments Transformation - EMV comes to the US

FICO Falcon Fraud Manager for Retail Banking

Federal Financial Institutions Examination Council FFIEC. Retail Payment Systems RPS. February 2010 IT EXAMINATION HANDBOOK

Government Crime Prevention Regulations. Richard Fraher VP & Counsel to the Retail Payments Office Federal Reserve Bank of Atlanta

ACH Internal Control Questionnaire

2014 AFP Payments Fraud and Control Survey

A Cautionary Tale Plus Cross-Channel Risk

Online Banking Risks efraud: Hands off my Account!

O OCC BULLETIN OCC Automated Clearing House Activities. Risk Management Guidance

u.s. bank focus card Frequently Asked Questions The Focus Card What is the Focus Card? How does the Focus Card work?

Torn Identity: Preventing New Forms of Corporate Identity Theft

Internet Banking Agreement and Disclosure

OC Business Council Cybersecurity Task Force Meeting Online Fraud Update. April 2015

Top Authentication & Identification Methods to Protect Your Credit Union

Electronic Fraud Awareness Advisory

ReliaCard THE RELIACARD FREQUENTLY ASKED QUESTIONS

FFIEC Supplemental Guidance to Authentication in an Internet Banking Environment. Robert Farmer Senior Technology Compliance Manager

one admin. one tool. Providing instant access to hundreds of industry leading verification tools.

Alternatives for Managing Commercial Payments Risk

Target Security Breach

An Oracle White Paper November Fraud Fight: Enterprise-wide Strategy Sets the Stage for Victory

Securing the Payments System. The facts about fraud prevention

American Bankers Association

Questions You Should be Asking NOW to Protect Your Business!

CUSTOMER SECURITY AWARENESS: A Key Defense Against Corporate Account Takeover & Cyber Fraud

Chargebacks: Another Payment Card Acceptance Cost for Merchants

ACH GUIDE ACH PARTICIPATION

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Peter Hill, Oracle Reveleus & Mantas

Deception scams drive increase in financial fraud

Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008

Payment Fraud and Risk Management

Online Cash Manager Security Guide

Online Cash Management Security: Beyond the User Login

Switch to Peoples Exchange Bank

Business Banking Accounts and Products

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Bill Payment and Electronic Funds Transfer Service Agreement

Identifying Key Risk Indicator

Treasury Management Services Product Terms and Conditions

ELECTRONIC FUND TRANSFER AGREEMENT AND DISCLOSURE PERSONAL CHECK and/or ATM CARD

IT Security Risks & Trends

ATM Card Application

ELECTRONIC AUTHENTICATION. Understanding the New. Multi-factor authentication and layered security are

Best Practices: Reducing the Risks of Corporate Account Takeovers

Supplement to Authentication in an Internet Banking Environment

Top Fraud Trends Facing Financial Institutions

TOP TRUMPS Comparisons of how to pay for goods and services online

DEBIT MASTERCARD AGREEMENT Revision

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

IMPORTANT ACCOUNT INFORMATION FOR OUR CUSTOMERS from. State Bank 25 North Chestnut Ave New Hampton, IA (319)

Business Online Banking Quick Users Guide

Electronic Funds Transfer

IMPORTANT ACCOUNT INFORMATION FOR OUR CUSTOMERS from. The Roscoe State Bank 117 Cypress St. Roscoe, TX (325)

Know Your Rights and Responsibilities Electronic Funds Transfer Disclosure

ELECTRONIC FUND TRANSFER AGREEMENT AND DISCLOSURE

Best Practices Guide to Electronic Banking

Product. Opencheck A Comprehensive Check Payments Solution to Meet the Demands of Financial Institutions in Today s Automated Environment

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

HOW ARE BANKS FIGHTING THE WAR ON FRAUD? To answer that question, Neustar asked the industry.

NBT Bank Personal and Business Mobile Banking Terms and Conditions

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Automated Clearing House

Operational Means to Fraud Mitigation and BSA/AML Compliance

Securing Online Payments in ACH Client and Remote Deposit Express

Securing corporate assets with two factor authentication

Signature Advantage Checking. $25,000 or more None $24, or less $25.00

Mobile Banking Adoption: Where Is the Revenue for Financial Institutions? Understanding the Value of Engaging Consumers in the Mobile Channel

NEWS BULLETIN

Transcription:

ABA Deposit Account Fraud Survey Presented by: Steve Kenneally, Vice President, Payments & Cybersecurity Policy Jane Yao, Senior Vice President, Benchmarking & Survey Research aba.com 1-800-BANKERS 1

2015 ABA Survey Methodology The 2015 Deposit Account Fraud Survey is the 11 th biennial industry study conducted by the ABA. Scope of Survey: First and third party fraud against deposit accounts at banks DDA fraud loss vs. loss avoidance due to banks prevention measures Banks resources devoted to prevention, detection, investigation, and prosecution of deposit account fraud Conducted between May and August 2015 to collect data for calendar year 2014 Sample frame: commercial and savings banks Two versions of the questionnaire were used: Banks with less than $500 million in assets completed an abridged version of the section on fraud losses and loss avoidance Standard version: 139 questions Abridged version: 111 questions 2

2015 Survey Methodology Transaction Account A deposit account that allows a customer to deposit and/or withdraw funds upon demand. Include consumer and business accounts (i.e., large corporation, middle-market, and small business). Report the number of transaction accounts to include demand deposits, savings accounts, NOW accounts, sweep accounts, and money market accounts, but exclude time accounts such as CDs, IRAs, and brokerage accounts. The number of transaction accounts is commonly reported by corporate controllers or the DDA systems support team. Channels covered by the survey Check, debit card, online banking (billpay, ACH, wire), wire not originated online, mobile apps, and telephone banking/call centers 3

In total, 101 banks participated in the 2015 survey Distribution of Survey Participants by Bank Asset Size Superregional/ money center ($75B or more) 14% Regional ($10B $74.9B) 16% Small community (Less than $500M) 38% Mid-sized ($1B $9.9B) 18% Large community ($500M $999M) 14% 4

2014 leading loss category: debit card fraud Percentage of banks that experienced deposit account fraud losses in 2014: Debit card, 94% Mobile banking apps, 24% Check, 60% Industry (weighted percentage) Online banking, 14% Wire fraud (not initiated online), 11% ACH fraud (not initiated online), 8% Remote deposit capture (RDC), 7% Telephone banking/call centers, 2% 5

Fraud loss experience by bank asset size Telephone banking/call centers Remote deposit capture (RDC) ACH fraud (not initiated online) Wire fraud (not initiated online) Online banking Mobile banking apps Check Debit card 0% 3% 6% 6% 11% 0% 9% 8% 15% 10% 15% 7% 12% PERCENTAGE OF RESPONDENTS 22% 52% 24% 29% 35% 44% 57% 67% 67% 92% 83% 87% 79% 75% 86% 93% 90% 90% 89% 100% 100% 100% 100% 100% 100% 100% 100% Small Community Large Community Mid-Sized Regional Superregional/ Money Center 6

2014 Industry loss and loss avoidance due to DDA fraud (in $ millions) Loss Avoidance Loss to Bank $6,146 $2,601 $2,203 $1,264 $615 $31 Debit Card Fraud Check Fraud Online Banking Fraud (billpay, ACH, wire combined) 7

2014 Industry loss and loss avoidance due to DDA fraud, by channel Estimated Loss Amount: $1.91 Billion Estimated Loss Avoidance Amount: $10.95 Billion Check Fraud $615M 32% Online banking $31M 2% Online banking $2B 20% Debit Card Fraud $3B 24% Debit Card Fraud $1.3B 66% Check Fraud $6B 56% 8

Industry DDA fraud trend: 2014 vs. 2012 Fraud Losses in $ Millions Loss Avoidance in $ Billions $1,744 $1,910 Total $13 $11 $1,264 Debit Card $943 Check $7 $6 $648 $615 $153 $31 Online Banking* $5 $1 $3 $2 2012 2014 2012 2014 * Online billpay, wire, and ACH combined. 9

Primary drivers of increased fraud losses in 2014 compared to 2013 Increase in deposit accounts, 20% Regulatory requirements re: funds availability, 15% Higher trans. limits for withdrawals (e.g., ACH, POS, ATM, Wire), 14% Lack of funding for fraud controls/analysts, 14% Increase in mergers/acquisitions/sys. conversions, 12% Percentage of Respondents Move toward cust. friendly responses, 32% New channel/product offerings, 25% Increase in fraud attempts, 74% 10

How fraudsters moved funds out of bank accounts % of 2014 DDA Fraud Losses by Funds Withdrawal Channel Small Community Large Community Mid-Sized Regional Superregional/ Money Center All Respondents % Based on dollar amount Over-the-counter 14.2 29.1 36.7 16.4 14.5 19.8 ATM proprietary 0.0 1.4 3.2 11.2 19.0 2.8 ATM non-proprietary 5.8 0.0 0.8 12.8 0.0 4.8 Online banking, including mobile online (Billpay, ACH, and Wire, P2P or B2B) 0.4 0.0 0.0 18.0 9.0 2.6 Mobile banking apps 0.0 2.1 0.0 1.0 9.0 0.8 Wire (not initiated online) 0.8 0.0 8.3 1.0 0.0 1.7 ACH (not initiated online) 0.0 0.0 0.0 0.0 0.0 0.0 In-clearing/on-us and internal transfers 2.9 5.4 13.0 4.4 0.0 4.7 Point-of-sale (POS) 74.5 61.9 37.2 35.2 45.0 61.9 Other 1.3 0.0 0.8 0.0 3.5 1.0 11

Check fraud against bank accounts Leading check fraud categories: Counterfeit and Return Deposited Items (RDIs) Losses per case: $1,087 ($1,367 in 2012) Consumer accounts share of fraud losses: 69%; small businesses share: 14% Industry Losses in $ Millions Losses by Deposit Channel Loss Avoidance + Actual Losses Actual Losses $12,208 $11,365 $11,016 RDC consumer 9% Other 7% $5,509 $7,695 $6,760 RDC business 3% $4,337 $1,091 $512 $2,200 $679 $698 $677 $969 $1,024 $893 $648 $615 ATM 15% Over-thecounter 66% 1997 1999 2001 2003 2006 2008 2010 2012 2014 12

Banks having losses from remote deposit capture (percentage of respondents) Consumer Accounts Linear (Consumer Accounts) Business Accounts Linear (Business Accounts) 41% 8% 11% 17% 2012 2014 13

Debit card fraud losses at banks Leading Fraud Categories Signature: PIN: Counterfeit, Card not present Counterfeit, Lost or stolen card Loss Amounts (in $ millions) $1,264 Loss Cases (in millions) 9.9 $788 $916 $943 4.2 4.9 5.3 2008 2010 2012 2014 2008 2010 2012 2014 14

Data breaches and skimming (percentage of respondents) BANKS THAT HAD DEBIT CARD RELATED FRAUD DUE TO DATA BREACHES (by institution size, 2014) 80% 69% Experienced fraud attempts 92% Incurred a loss 100% 100% 100% 92% 93% 88% Small Community Large Community Mid-Sized Regional Superregional/ Money Center 100% BANKS THAT HAD DEBIT CARD RELATED FRAUD DUE TO SKIMMING (by institution size, 2014) 63% 38% Experienced fraud attempts 31% 23% 44% 31% Incurred a loss Small Community Large Community Mid-Sized Regional Superregional/ Money Center 85% 77% 100% 100% 15

Perceived pros and cons in migrating to EMV/chip cards Reduction in counterfeits Liability shift Fraud moving online/card not present High cost to issue the cards Customer education and potential dissatisfaction with the change Merchant technology Other thoughts? 16

Online Banking: Respondents reported preventing more than 90 percent of online banking fraud in 2014 SOURCE OF ONLINE BANKING FRAUD LOSSES, 2014 vs. 2012 (percentage of total losses) ONLINE BANKING LOSSES BY CUSTOMER TYPE, 2014 vs. 2012 (percentage of total losses) 36% 36% Billpay Wire ACH 5% 6% 3% 18% 7% 10% Large corporation Middle market Small business Consumer 32% 22% 85% 66% 36% 42% 2012 2014 2012 2014 17

ACH Fraud: 2014 experience, online vs. offline and by customer type (percentage of respondents) Online Offline (call center, branch, fax, email) Consumer Accounts Consumer Accounts Experienced fraud attempts Incurred a loss 73% 67% 90% 90% Experienced fraud attempts 53% Incurred a loss 79% 57% 90% 90% 18% 4% 8% 8% 40% 0% 32% 25% 6% 8% 6% Small Community Large Community Mid-Sized Regional Superregional/ Money Center Small Community Large Community Mid-Sized Regional Superregional/ Money Center Business Accounts Experienced fraud attempts Incurred a loss Business Accounts Experienced fraud attempts Incurred a loss 83% 78% 67% 67% 53% 86% 77% 69% 72% 17% 23% 33% 7% 8% 7% 22% 23% 0% 8% 12% Small Community Large Community Mid-Sized Regional Superregional/ Money Center Small Community Large Community Mid-Sized Regional Superregional/ Money Center 18

Banks reported experiencing an increase in ACH fraud attempts in 2014 compared to 2013 (percentage of respondents) All Respondents Money Center/Superregional Respondents Moderate increase Significant increase Moderate increase Significant increase RDFI: Money mule activity 11% 5% RDFI: Money mule activity 36% 9% RDFI: Business customers (tax preparers) receiving fraudulent tax refunds 6% 2% RDFI: Business customers (tax preparers) receiving fraudulent tax refunds 18% RDFI: Retail customers receiving fraudulent tax refunds 11% 4% RDFI: Retail customers receiving fraudulent tax refunds 36% Account takeover 10% 3% Account takeover 27% 18% ODFI: Third-party sender client fraud 1% 2% ODFI: Third-party sender client fraud 9% 9% ODFI: Business customer internal fraud 8% 1% ODFI: Business customer internal fraud 18% 9% 19

Mobile banking apps fraud in 2014 Percentage of Respondents Experienced fraud attempts Incurred a loss 86% 86% 100% 100% 44% 50% 44% 22% 31% 15% Small Community Large Community Mid-Sized Regional Superregional/ Money Center 20

Deposit Account Fraud Prevention 21

Changes in perceived threat to the industry in the next 12 months, 2015 compared to 2013 Social engineering ACH fraud, receiving Wire fraud, receiving Reclamations Check fraud, on-us New account fraud Remote deposit capture by individuals Wire fraud, originations Check fraud (paper-based), deposit True name fraud Cross-channel fraud Customer victimization scams (e.g., fake checks) Organized ring attempts Check fraud (paper-based), withdrawal ACH fraud, originations Debit card (PIN-based) Remotely created checks (RCC) Remote deposit capture by businesses Account takeover Online banking fraud (including mobile online) Debit card (signature-based) -0.01-0.04-0.12-0.20 0.35 0.27 0.23 0.22 0.17 0.14 0.12 0.11 0.10 0.10 0.09 0.06 0.05 0.02 0.01 0.00 0.54 Changes in perceived threat levels: 2015 average over 2013 average 22

Potential weak links Onboarding of new customers Authentication Monitoring and controls Funds availability Middle market/small business customers Call centers/contact centers Internal fraud Others thoughts? 23

Reported effective tools for fraud prevention Check RDC Debit Card Wire Behavior (anomaly)- based and rulesbased detection software KYC Positive Pay Call-back verification Employee education New account screening On-us fraud software Compare check images/check data from all channels to detect duplicate presentment Run RDC items thru deposit fraud filters Restrict type of RDC items Have daily transaction or item level dollar limits Fraud monitoring system Neural network analysis Block and reissue exposed cards Block transactions from high risk countries Rules-based transaction blocking Call back verifications Authentication procedures Wire transactions are for existing customers only Dual controls Staff training KYC 24

Reported effective tools for fraud prevention Mobile Banking Apps Telephone Spoofing ACH Transaction anomaly detection Fraud detection software Limits on mobile deposits Biometric profiling Facial recognition User behavior-based anomaly detection software (e.g., the angle at which a person holds the smart phone or tablet and voice print) Use Increased customer verification procedures Use suspicious activity reports to detect and prevent telephone spoofing ODFI ACH positive pay Call back procedures Multi-factor authentication Fraud detection software Dual control procedures Prefunding RDFI Positive pay ACH blocks 25

Examples of ACH fraud prevention tools used by banks 75% Percentage of Respondents 71% 58% 52% 2014 2012 48% 44% 37% 30% 27% 13% 14% Maximum dollar limit on transactions ACH filters Rules-based fraud detection systems Anomaly detection* Maximum limit on the number of transactions Neural network *Not available for 2012. 26

Examples of ACH fraud prevention tools used by ODFIs 92% 91% 87% 82% Percentage of Respondents 2014 83% 75% 78% 2012 68% 67% 67% 64% 63% 62% 59% 61% 57% Exception approval process Identify & resolve recurring over-limit situations Prenotes Daily inhouse return reporting Requiring pre-funding Daily ACH operator return reporting Out of pattern origination review Out of band transaction authorization 27

Examples of ACH fraud prevention tools used by RDFIs 67% 59% 55% Percentage of Respondents 2014 2012 49% 39% 36% 30% 29% 31% 23% 22% 22% ACH debit block ACH debit and credit block ACH debit positive pay: verify originator, account and dollar amount with review/decision Monitor files received from ODFIs for excessively large or out of pattern situations ACH debit positive pay: verify originator, account and dollar amount with auto return ACH debit positive pay: verify payee in addition to originator, account and dollar amount 28

Tools used by banks to monitor and detect cross-channel fraud Percentage of Respondents Manual review 84% Transaction monitoring 78% Call back procedures Out-of-pattern detection 65% 73% Fraud detection software by channel/silo Third-party monitoring 46% 51% Fraud detection software enterprise view 27% Fraud detection link analysis 16% 29

Tools used by banks to identify and detect account takeover For consumer accounts For private banking/wealth accounts Percentage of Respondents 42% 77% 50% 72% 70% 69% 71% 25% 63% 53% 66% 63% 66% 59% Third-party monitoring Transaction monitoring IP address monitoring Out-of-pattern detection Call back procedures For business accounts 47% 55% 81% 74% 75% 69% 69% Fraud detection software Manual review 30

Authentication methods used by banks for selected digital banking products Percentage of Respondents Login (e.g., username/password) Out-of-band authentication Out-of-wallet questions Other Billpay (any payment that is originated through the bank's online billpay service) 5% 34% 37% 98% Wire (wire transfer of funds outside of the bank via online banking) 29% 27% 56% 92% ACH (any electronic debit via online banking that moves funds outside of the bank; exclude debit card transactions) 17% 31% 59% 97% Mobile banking apps (remote deposit, access account, fund transfers, etc.) 4% 37% 43% 99% Mobile online (remote deposit, access account, fund transfers, etc.) 4% 42% 44% 99% 31

Fraud-related staffing levels per bank: community and mid-sized banks Fraud-Related FTEs per Bank Mean Median Open Transaction Accounts per Fraud-Related FTE Mean Median 6.1 6.0 15,377 16,318 4.6 3.5 3.0 3.0 10,193 8,643 5,817 2,124 Small Community Large Community Mid-Sized Small Community Large Community Mid-Sized 32

Fraud-related staffing levels per bank: regional and superregional/money center banks Fraud-Related FTEs per Bank Mean Median 320.5 Open Transaction Accounts per Fraud-Related FTE Mean Median 55,782 28,478 28,364 34,692 71.0 43.2 20.0 Regional Superregional/Money Center Regional Superregional/Money Center 33

Deposit account fraud-related expenses EXPENSES PER BANK (INTERNAL AND EXTERNAL) FOR PREVENTION, DETECTION, INVESTIGATION, AND PROSECUTION OF DEPOSIT ACCOUNT FRAUD (percentage of respondents, by asset size) Salary/staffing expenses Non-salary expenses Small Community Large Community Mid-Sized Regional Superregional/ Money Center Less than $5,000 7.7% 8.3% $5,000 $9,999 11.5% $10,000 $49,999 38.5% 33.3% 7.1% $50,000 $99,999 15.4% 25.0% $100,000 $249,999 15.4% 33.3% 35.7% $250,000 $499,999 3.8% 42.9% $500,000 $999,999 14.3% 30.8% $1 million $9.9 million 7.7% 61.5% 54.5% $10 million $19.9 million 7.7% 18.2% $20 million $29.9 million 9.1% $30 million or more 18.2% Less than $5,000 19.0% $5,000 $9,999 19.0% 41.7% 7.1% $10,000 $49,999 42.9% 41.7% 8.3% $50,000 $99,999 4.8% 8.3% 14.3% 8.3% $100,000 $249,999 9.5% 8.3% 21.4% $250,000 $499,999 35.7% 16.7% $500,000 $999,999 21.4% 16.7% 10.0% $1 million $9.9 million 4.8% 50.0% 50.0% $10 million $19.9 million 10.0% $30 million or more 30.0% 34

Questions? 35

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information