aba deposit account fraud survey - indiana bankers · aba deposit account fraud survey ... the 2015...

1© 2016 by the American Bankers Association, Washington, D.C.

ABA Deposit Account Fraud SurveyPresented by:Doug Johnson, SVP & Chief Advisor – Payments and Cybersecurity Policy, American Bankers Association

aba.com 1-800-BANKERS


2015 ABA Survey Methodology

The 2015 Deposit Account Fraud Survey is the 11th biennial industry study conducted by the ABA.

Scope of Survey: • First and third party fraud against deposit accounts at banks• DDA fraud loss vs. loss avoidance due to banks’ prevention measures• Banks’ resources devoted to prevention, detection, investigation,

and prosecution of deposit account fraud

• Conducted between May and August 2015 to collect data for calendar year 2014

• Sample frame: commercial and savings banks• Two versions of the questionnaire were used:

Banks with less than $500 million in assets completed an abridged version of the section on fraud losses and loss avoidance

• Standard version: 139 questionsAbridged version: 111 questions


2015 Survey Methodology

Transaction Account ― A deposit account that allows a customer to deposit and/or withdraw funds upon demand. Include consumer and business accounts (i.e., large corporation, middle-market, and small business). Report the number of transaction accounts to include demand deposits, savings accounts, NOW accounts, sweep accounts, and money market accounts, but exclude time accounts such as CDs, IRAs, and brokerage accounts. The number of transaction accounts is commonly reported by corporate controllers or the DDA systems support team.

Channels covered by the survey ― Check, debit card, online banking (billpay, ACH, wire), wire not originated online, mobile apps, and telephone banking/call centers


In total, 101 banks participated in the 2015 survey

Small community (Less than $500M)

38%

Large community ($500M–$999M)

14%

Mid-sized ($1B–$9.9B)

18%

Regional ($10B–$74.9B)

16%

Superregional/ money center ($75B

or more)14%

Distribution of Survey Participants by Bank Asset Size


Telephone banking/call centers, 2%

Remote deposit capture (RDC), 7%

ACH fraud (not initiated online), 8%

Wire fraud (not initiated online), 11%

Online banking, 14%

Mobile banking apps, 24%

Check, 60%

Debit card, 94%

Industry(weighted

percentage)

Percentage of banks that experienced deposit account fraud losses in 2014:

2014 leading loss category: debit card fraud


$2,601

$6,146

$2,203

$1,264

$615 $31

Debit Card Fraud Check Fraud Online Banking Fraud(billpay, ACH, wire combined)

Loss Avoidance Loss to Bank

2014 Industry loss and loss avoidance due to DDA fraud (in $ millions)


Industry DDA fraud trend: 2014 vs. 2012

$1,744

$1,910

$943

$1,264

$648 $615

$153 $31

2012 2014

Fraud Losses in $ Millions

Total

Debit Card

Check

OnlineBanking*

$13

$11

$5

$3

$7

$6

$1

$2

2012 2014

Loss Avoidance in $ Billions

* Online billpay, wire, and ACH combined.


$176 $332 $1,087 $1,592 $1,621

$9,563

$37,194

Signature debit PIN debit Check fraud Billpay online ACH online Wire online Wireorigination (not

initiatedonline)

2014 Fraud Losses per Case(median values)

Debit Card Fraud:

High Frequency/Low Severity

Wire Fraud:

High Severity/Low Frequency


Primary drivers of increased fraud losses in 2014 compared to 2013

Increase in mergers/acquisitions/sys. conversions, 12%

Lack of funding for fraud controls/analysts, 14%

Higher trans. limits for withdrawals (e.g., ACH, POS, ATM, Wire), 14%

Regulatory requirements re: funds availability, 15%

Increase in deposit accounts, 20%

New channel/product offerings, 25%

Move toward cust. friendly responses, 32%

Increase in fraud attempts, 74%

Percentage of Respondents


How fraudsters moved funds out of bank accounts

Small Community

Large Community

Mid-Sized RegionalSuperregional/Money Center

All Respondents

% Based on dollar amount

Over-the-counter 14.2 29.1 36.7 16.4 14.5 19.8

ATM proprietary 0.0 1.4 3.2 11.2 19.0 2.8

ATM non-proprietary 5.8 0.0 0.8 12.8 0.0 4.8

Online banking, including mobile online (Billpay, ACH, and Wire, P2P or B2B)

0.4 0.0 0.0 18.0 9.0 2.6

Mobile banking apps 0.0 2.1 0.0 1.0 9.0 0.8

Wire (not initiated online) 0.8 0.0 8.3 1.0 0.0 1.7

ACH (not initiated online) 0.0 0.0 0.0 0.0 0.0 0.0

In-clearing/on-us and internal transfers

2.9 5.4 13.0 4.4 0.0 4.7

Point-of-sale (POS) 74.5 61.9 37.2 35.2 45.0 61.9

Other 1.3 0.0 0.8 0.0 3.5 1.0

% of 2014 DDA Fraud Losses by Funds Withdrawal Channel


Check fraud against bank accounts

$1,091

$2,200

$4,337

$5,509

$12,208$11,365

$11,016

$7,695

$6,760

$512

$679 $698 $677$969

$1,024$893 $648 $615

1997 1999 2001 2003 2006 2008 2010 2012 2014

Loss Avoidance +Actual Losses

Actual Losses

Industry Losses in $ Millions

• Leading check fraud categories: Counterfeit and Return Deposited Items (RDIs)

• Losses per case: $1,087 ($1,367 in 2012)

• Consumer accounts’ share of fraud losses: 69%; small businesses’ share: 14%

Over-the-counter

66%

ATM15%

RDC–business

3%

RDC–consumer

9%

Other7%

Losses by Deposit Channel


Banks having losses from remote deposit capture (percentage of respondents)

8%

41%

11%17%

2012 2014

Consumer Accounts Business Accounts

Linear (Consumer Accounts) Linear (Business Accounts)


Debit card fraud losses at banks

$788$916 $943

$1,264

2008 2010 2012 2014

Loss Amounts (in $ millions)

4.24.9

5.3

9.9

2008 2010 2012 2014

Loss Cases (in millions)

Signature: Counterfeit, Card not Present

PIN: Counterfeit, Lost or Stolen card

Leading Fraud Categories


Data breaches and skimming (percentage of respondents)

80%

92%100% 100% 100%

69%

92% 88%93%

100%

Small Community Large Community Mid-Sized Regional Superregional/Money Center

Experienced fraud attempts Incurred a loss

BANKS THAT HAD DEBIT CARD RELATED FRAUD DUE TO DATA BREACHES(by institution size, 2014)

63%

31%

44%

85%

100%

38%

23%31%

77%

100%


Experienced fraud attempts Incurred a lossBANKS THAT HAD DEBIT CARD RELATED FRAUD DUE TO SKIMMING(by institution size, 2014)


Perceived pros and cons in migrating to EMV/chip cards

• Reduction in counterfeits

• Liability shift

• Fraud moving online/card not present

• High cost to issue the cards

• Customer education and potential dissatisfaction with the change

• Merchant technology

• Other thoughts?


36%42%

32%22%

36% 36%

2012 2014

Billpay

Wire

ACH

SOURCE OF ONLINE BANKING FRAUD LOSSES, 2014 vs. 2012(percentage of total losses)

66%

85%

10%

7%18%

3%5% 6%

2012 2014

Large corporation

Middle market

Small business

Consumer

ONLINE BANKING LOSSES BY CUSTOMER TYPE, 2014 vs. 2012(percentage of total losses)

Online Banking: Respondents reported preventing more

than 90 percent of online banking fraud in 2014


44%

31%

50%

86%

100%

22%15%

44%

86%

100%



Experienced fraud attemptsIncurred a loss

Mobile banking apps fraud in 2014


Deposit Account Fraud Prevention


-0.20

-0.12

-0.04

-0.01

0.00

0.01

0.02

0.05

0.06

0.09

0.10

0.10

0.11

0.12

0.14

0.17

0.22

0.23

0.27

0.35

0.54

Debit card (signature-based)

Online banking fraud (including mobile online)

Account takeover

Remote deposit capture by businesses

Remotely created checks (RCC)

Debit card (PIN-based)

ACH fraud, originations

Check fraud (paper-based), withdrawal

Organized ring attempts

Customer victimization scams (e.g., fake checks)

Cross-channel fraud

True name fraud

Check fraud (paper-based), deposit

Wire fraud, originations

Remote deposit capture by individuals

New account fraud

Check fraud, on-us

Reclamations

Wire fraud, receiving

ACH fraud, receiving

Social engineering Changes in perceived threat levels: 2015 average over 2013 average

Changes in perceived threat to the industry in the next 12 months, 2015 compared to 2013


Potential weak links

• Onboarding of new customers

• Authentication

• Monitoring and controls

• Funds availability

• Middle market/small business customers

• Call centers/contact centers

• Internal fraud

• Others thoughts?


Reported effective tools for fraud prevention

Check RDC Debit Card Wire

• Behavior (anomaly)-based and rules-based detection software

• KYC• Positive Pay• Call-back verification• Employee education• New account

screening• On-us fraud software

• Compare check images/check data from all channels to detect duplicate presentment

• Run RDC items thru deposit fraud filters

• Restrict type of RDC items

• Have daily transaction or item level dollar limits

• Fraud monitoring system

• Neural network analysis

• Block and reissue exposed cards

• Block transactions from high risk countries

• Rules-based transaction blocking

• Call back verifications• Authentication

procedures• Wire transactions are

for existing customers only

• Dual controls• Staff training• KYC


Reported effective tools for fraud prevention

Mobile Banking Apps Telephone Spoofing ACH

• Transaction anomaly detection

• Fraud detection software • Limits on mobile deposits • Biometric profiling • Facial recognition • User behavior-based

anomaly detection software (e.g., the angle at which a person holds the smart phone or tablet and voice print)

• Use Increased customer verification procedures

• Use suspicious activity reports to detect and prevent telephone spoofing

ODFI• ACH positive pay• Call back procedures• Multi-factor authentication• Fraud detection software• Dual control procedures• Prefunding

RDFI• Positive pay• ACH blocks


Tools used by banks to monitor and detect cross-channel fraud

16%

27%

46%

51%

65%

73%

78%

84%

Fraud detection link analysis

Fraud detection software—enterprise view

Third-party monitoring

Fraud detection software—by channel/silo

Out-of-pattern detection

Call back procedures

Transaction monitoring

Manual review



Tools used by banks to identify and detect account takeover

69%

59%

71%

69%

66%

69%

75%

63%

70%

74%

66%

72%

55%

53%

50%

81%

63%

77%

47%

25%

42%

For business accounts

For privatebanking/wealth

accounts

For consumer accounts

Percentage of RespondentsThird-partymonitoring

Transactionmonitoring

IP addressmonitoring

Out-of-patterndetection

Call backprocedures

Fraud detectionsoftware

Manual review


Authentication methods used by banks for selected digital banking products

4%

4%

17%

27%

5%

44%

43%

31%

29%

37%

42%

37%

59%

56%

34%

99%

99%

97%

92%

98%

Mobile online (remote deposit, access account, fundtransfers, etc.)

Mobile banking apps (remote deposit, accessaccount, fund transfers, etc.)

ACH (any electronic debit via online banking thatmoves funds outside of the bank; exclude debit card

transactions)

Wire (wire transfer of funds outside of the bank viaonline banking)

Billpay (any payment that is originated through thebank's online billpay service)


Login (e.g., username/password) Out-of-band authentication Out-of-wallet questions Other


Questions?

aba deposit account fraud survey - indiana bankers · aba deposit account fraud survey ... the 2015...

Documents