aba deposit account fraud survey - indiana bankers · aba deposit account fraud survey ... the 2015...
TRANSCRIPT
1© 2016 by the American Bankers Association, Washington, D.C.
ABA Deposit Account Fraud SurveyPresented by:Doug Johnson, SVP & Chief Advisor – Payments and Cybersecurity Policy, American Bankers Association
aba.com 1-800-BANKERS
2© 2016 by the American Bankers Association, Washington, D.C.
2015 ABA Survey Methodology
The 2015 Deposit Account Fraud Survey is the 11th biennial industry study conducted by the ABA.
Scope of Survey: • First and third party fraud against deposit accounts at banks• DDA fraud loss vs. loss avoidance due to banks’ prevention measures• Banks’ resources devoted to prevention, detection, investigation,
and prosecution of deposit account fraud
• Conducted between May and August 2015 to collect data for calendar year 2014
• Sample frame: commercial and savings banks• Two versions of the questionnaire were used:
Banks with less than $500 million in assets completed an abridged version of the section on fraud losses and loss avoidance
• Standard version: 139 questionsAbridged version: 111 questions
3© 2016 by the American Bankers Association, Washington, D.C.
2015 Survey Methodology
Transaction Account ― A deposit account that allows a customer to deposit and/or withdraw funds upon demand. Include consumer and business accounts (i.e., large corporation, middle-market, and small business). Report the number of transaction accounts to include demand deposits, savings accounts, NOW accounts, sweep accounts, and money market accounts, but exclude time accounts such as CDs, IRAs, and brokerage accounts. The number of transaction accounts is commonly reported by corporate controllers or the DDA systems support team.
Channels covered by the survey ― Check, debit card, online banking (billpay, ACH, wire), wire not originated online, mobile apps, and telephone banking/call centers
4© 2016 by the American Bankers Association, Washington, D.C.
In total, 101 banks participated in the 2015 survey
Small community (Less than $500M)
38%
Large community ($500M–$999M)
14%
Mid-sized ($1B–$9.9B)
18%
Regional ($10B–$74.9B)
16%
Superregional/ money center ($75B
or more)14%
Distribution of Survey Participants by Bank Asset Size
5© 2016 by the American Bankers Association, Washington, D.C.
Telephone banking/call centers, 2%
Remote deposit capture (RDC), 7%
ACH fraud (not initiated online), 8%
Wire fraud (not initiated online), 11%
Online banking, 14%
Mobile banking apps, 24%
Check, 60%
Debit card, 94%
Industry(weighted
percentage)
Percentage of banks that experienced deposit account fraud losses in 2014:
2014 leading loss category: debit card fraud
6© 2016 by the American Bankers Association, Washington, D.C.
$2,601
$6,146
$2,203
$1,264
$615 $31
Debit Card Fraud Check Fraud Online Banking Fraud(billpay, ACH, wire combined)
Loss Avoidance Loss to Bank
2014 Industry loss and loss avoidance due to DDA fraud (in $ millions)
7© 2016 by the American Bankers Association, Washington, D.C.
Industry DDA fraud trend: 2014 vs. 2012
$1,744
$1,910
$943
$1,264
$648 $615
$153 $31
2012 2014
Fraud Losses in $ Millions
Total
Debit Card
Check
OnlineBanking*
$13
$11
$5
$3
$7
$6
$1
$2
2012 2014
Loss Avoidance in $ Billions
* Online billpay, wire, and ACH combined.
8© 2016 by the American Bankers Association, Washington, D.C.
$176 $332 $1,087 $1,592 $1,621
$9,563
$37,194
Signature debit PIN debit Check fraud Billpay online ACH online Wire online Wireorigination (not
initiatedonline)
2014 Fraud Losses per Case(median values)
Debit Card Fraud:
High Frequency/Low Severity
Wire Fraud:
High Severity/Low Frequency
9© 2016 by the American Bankers Association, Washington, D.C.
Primary drivers of increased fraud losses in 2014 compared to 2013
Increase in mergers/acquisitions/sys. conversions, 12%
Lack of funding for fraud controls/analysts, 14%
Higher trans. limits for withdrawals (e.g., ACH, POS, ATM, Wire), 14%
Regulatory requirements re: funds availability, 15%
Increase in deposit accounts, 20%
New channel/product offerings, 25%
Move toward cust. friendly responses, 32%
Increase in fraud attempts, 74%
Percentage of Respondents
10© 2016 by the American Bankers Association, Washington, D.C.
How fraudsters moved funds out of bank accounts
Small Community
Large Community
Mid-Sized RegionalSuperregional/Money Center
All Respondents
% Based on dollar amount
Over-the-counter 14.2 29.1 36.7 16.4 14.5 19.8
ATM proprietary 0.0 1.4 3.2 11.2 19.0 2.8
ATM non-proprietary 5.8 0.0 0.8 12.8 0.0 4.8
Online banking, including mobile online (Billpay, ACH, and Wire, P2P or B2B)
0.4 0.0 0.0 18.0 9.0 2.6
Mobile banking apps 0.0 2.1 0.0 1.0 9.0 0.8
Wire (not initiated online) 0.8 0.0 8.3 1.0 0.0 1.7
ACH (not initiated online) 0.0 0.0 0.0 0.0 0.0 0.0
In-clearing/on-us and internal transfers
2.9 5.4 13.0 4.4 0.0 4.7
Point-of-sale (POS) 74.5 61.9 37.2 35.2 45.0 61.9
Other 1.3 0.0 0.8 0.0 3.5 1.0
% of 2014 DDA Fraud Losses by Funds Withdrawal Channel
11© 2016 by the American Bankers Association, Washington, D.C.
Check fraud against bank accounts
$1,091
$2,200
$4,337
$5,509
$12,208$11,365
$11,016
$7,695
$6,760
$512
$679 $698 $677$969
$1,024$893 $648 $615
1997 1999 2001 2003 2006 2008 2010 2012 2014
Loss Avoidance +Actual Losses
Actual Losses
Industry Losses in $ Millions
• Leading check fraud categories: Counterfeit and Return Deposited Items (RDIs)
• Losses per case: $1,087 ($1,367 in 2012)
• Consumer accounts’ share of fraud losses: 69%; small businesses’ share: 14%
Over-the-counter
66%
ATM15%
RDC–business
3%
RDC–consumer
9%
Other7%
Losses by Deposit Channel
12© 2016 by the American Bankers Association, Washington, D.C.
Banks having losses from remote deposit capture (percentage of respondents)
8%
41%
11%17%
2012 2014
Consumer Accounts Business Accounts
Linear (Consumer Accounts) Linear (Business Accounts)
13© 2016 by the American Bankers Association, Washington, D.C.
Debit card fraud losses at banks
$788$916 $943
$1,264
2008 2010 2012 2014
Loss Amounts (in $ millions)
4.24.9
5.3
9.9
2008 2010 2012 2014
Loss Cases (in millions)
Signature: Counterfeit, Card not Present
PIN: Counterfeit, Lost or Stolen card
Leading Fraud Categories
14© 2016 by the American Bankers Association, Washington, D.C.
Data breaches and skimming (percentage of respondents)
80%
92%100% 100% 100%
69%
92% 88%93%
100%
Small Community Large Community Mid-Sized Regional Superregional/Money Center
Experienced fraud attempts Incurred a loss
BANKS THAT HAD DEBIT CARD RELATED FRAUD DUE TO DATA BREACHES(by institution size, 2014)
63%
31%
44%
85%
100%
38%
23%31%
77%
100%
Small Community Large Community Mid-Sized Regional Superregional/Money Center
Experienced fraud attempts Incurred a lossBANKS THAT HAD DEBIT CARD RELATED FRAUD DUE TO SKIMMING(by institution size, 2014)
15© 2016 by the American Bankers Association, Washington, D.C.
Perceived pros and cons in migrating to EMV/chip cards
• Reduction in counterfeits
• Liability shift
• Fraud moving online/card not present
• High cost to issue the cards
• Customer education and potential dissatisfaction with the change
• Merchant technology
• Other thoughts?
16© 2016 by the American Bankers Association, Washington, D.C.
36%42%
32%22%
36% 36%
2012 2014
Billpay
Wire
ACH
SOURCE OF ONLINE BANKING FRAUD LOSSES, 2014 vs. 2012(percentage of total losses)
66%
85%
10%
7%18%
3%5% 6%
2012 2014
Large corporation
Middle market
Small business
Consumer
ONLINE BANKING LOSSES BY CUSTOMER TYPE, 2014 vs. 2012(percentage of total losses)
Online Banking: Respondents reported preventing more
than 90 percent of online banking fraud in 2014
17© 2016 by the American Bankers Association, Washington, D.C.
44%
31%
50%
86%
100%
22%15%
44%
86%
100%
Small Community Large Community Mid-Sized Regional Superregional/Money Center
Percentage of Respondents
Experienced fraud attemptsIncurred a loss
Mobile banking apps fraud in 2014
19© 2016 by the American Bankers Association, Washington, D.C.
-0.20
-0.12
-0.04
-0.01
0.00
0.01
0.02
0.05
0.06
0.09
0.10
0.10
0.11
0.12
0.14
0.17
0.22
0.23
0.27
0.35
0.54
Debit card (signature-based)
Online banking fraud (including mobile online)
Account takeover
Remote deposit capture by businesses
Remotely created checks (RCC)
Debit card (PIN-based)
ACH fraud, originations
Check fraud (paper-based), withdrawal
Organized ring attempts
Customer victimization scams (e.g., fake checks)
Cross-channel fraud
True name fraud
Check fraud (paper-based), deposit
Wire fraud, originations
Remote deposit capture by individuals
New account fraud
Check fraud, on-us
Reclamations
Wire fraud, receiving
ACH fraud, receiving
Social engineering Changes in perceived threat levels: 2015 average over 2013 average
Changes in perceived threat to the industry in the next 12 months, 2015 compared to 2013
20© 2016 by the American Bankers Association, Washington, D.C.
Potential weak links
• Onboarding of new customers
• Authentication
• Monitoring and controls
• Funds availability
• Middle market/small business customers
• Call centers/contact centers
• Internal fraud
• Others thoughts?
21© 2016 by the American Bankers Association, Washington, D.C.
Reported effective tools for fraud prevention
Check RDC Debit Card Wire
• Behavior (anomaly)-based and rules-based detection software
• KYC• Positive Pay• Call-back verification• Employee education• New account
screening• On-us fraud software
• Compare check images/check data from all channels to detect duplicate presentment
• Run RDC items thru deposit fraud filters
• Restrict type of RDC items
• Have daily transaction or item level dollar limits
• Fraud monitoring system
• Neural network analysis
• Block and reissue exposed cards
• Block transactions from high risk countries
• Rules-based transaction blocking
• Call back verifications• Authentication
procedures• Wire transactions are
for existing customers only
• Dual controls• Staff training• KYC
22© 2016 by the American Bankers Association, Washington, D.C.
Reported effective tools for fraud prevention
Mobile Banking Apps Telephone Spoofing ACH
• Transaction anomaly detection
• Fraud detection software • Limits on mobile deposits • Biometric profiling • Facial recognition • User behavior-based
anomaly detection software (e.g., the angle at which a person holds the smart phone or tablet and voice print)
• Use Increased customer verification procedures
• Use suspicious activity reports to detect and prevent telephone spoofing
ODFI• ACH positive pay• Call back procedures• Multi-factor authentication• Fraud detection software• Dual control procedures• Prefunding
RDFI• Positive pay• ACH blocks
23© 2016 by the American Bankers Association, Washington, D.C.
Tools used by banks to monitor and detect cross-channel fraud
16%
27%
46%
51%
65%
73%
78%
84%
Fraud detection link analysis
Fraud detection software—enterprise view
Third-party monitoring
Fraud detection software—by channel/silo
Out-of-pattern detection
Call back procedures
Transaction monitoring
Manual review
Percentage of Respondents
24© 2016 by the American Bankers Association, Washington, D.C.
Tools used by banks to identify and detect account takeover
69%
59%
71%
69%
66%
69%
75%
63%
70%
74%
66%
72%
55%
53%
50%
81%
63%
77%
47%
25%
42%
For business accounts
For privatebanking/wealth
accounts
For consumer accounts
Percentage of RespondentsThird-partymonitoring
Transactionmonitoring
IP addressmonitoring
Out-of-patterndetection
Call backprocedures
Fraud detectionsoftware
Manual review
25© 2016 by the American Bankers Association, Washington, D.C.
Authentication methods used by banks for selected digital banking products
4%
4%
17%
27%
5%
44%
43%
31%
29%
37%
42%
37%
59%
56%
34%
99%
99%
97%
92%
98%
Mobile online (remote deposit, access account, fundtransfers, etc.)
Mobile banking apps (remote deposit, accessaccount, fund transfers, etc.)
ACH (any electronic debit via online banking thatmoves funds outside of the bank; exclude debit card
transactions)
Wire (wire transfer of funds outside of the bank viaonline banking)
Billpay (any payment that is originated through thebank's online billpay service)
Percentage of Respondents
Login (e.g., username/password) Out-of-band authentication Out-of-wallet questions Other