Blog: Fighting Fraud Starts with Common Sense on the Front Lines

By Kate Fitzgerald, Emerging Payments Editor

The torrent of major data breaches in the U.S. over the last few years has exposed the personal information of millions of consumers, and most of us realize the threat of fraud now lurks around every corner. I take precautions to safeguard my identity, financial information and passwords, and it’s gratifying to see how fast the payment card networks react when they suspect fraud, sending immediate notifications by text or telephone of suspicious transactions requiring verification. I thought banks were doing the same, using sophisticated algorithms to detect unusual patterns signaling fraudulent activity, poised to take swift action.

Some cybercriminals are geniuses, I’m sure, but my recent personal experience with fraud suggests there is a gaping chasm between the promises of high-tech fraud-prevention methods and the existing, low-tech reality. What’s the point of debating highly sophisticated biometrics for fighting fraud, when routine banking services still seem to be mired in old-fashioned, paper-based processes and flimsy identity verification methods?

Anatomy of a Low-Tech Crime

Imagine my surprise when I got a phone call at my home in Arizona last month from someone at the branch of my bank, some 2,000 miles away in the Great Lakes region, urging me to “check my bank accounts.” It was a poor phone connection and I was skeptical, but the man on the phone convinced me to log on and see if my bank accounts—specifically two savings accounts that I never touch—were in order.

To my horror, I discovered my savings were nearly wiped out. Over the previous two business days, a woman claiming to be me had used a fake photo ID to make five large, in-person cash withdrawals from different branches of my bank in two faraway states. The largest withdrawal was $4,800; the smallest was $2,400. Just moments earlier, the criminal had made a sixth attempt, filling out a paper cash withdrawal slip at a branch in yet another city—in a third state. But that time, the teller “felt suspicious” of the driver’s license the woman presented. Pressed to provide further identification, the criminal dashed out of the bank and escaped. That’s when a bank employee looked up my cell phone number—listed right there along with my address in another region of the U.S.—and called. I explained I was at home in the desert, not withdrawing large sums of cash in different Great Lakes states in rapid succession from two nearly dormant accounts.

I flew into action, calling the bank’s fraud department; freezing my accounts; filling out affidavits attesting these were all fraudulent withdrawals. I notified appropriate agencies, including police, and worried. Within 10 days, the bank restored my money (and I moved my funds to a different bank that promises to send me electronic notifications whenever I withdraw at least $500 in cash).

It ‘Felt’ Authentic

The crisis was resolved, but the mystery remains: Why was it so easy for a petty criminal to get away with so much cash? It doesn’t take many brains to understand that data breaches have created a thriving market for confidential financial information. And modern technology apparently provides the means to create authentic-looking fake IDs. I asked dozens of people at the bank: In such an environment, why would anyone authorize a series of unusual transactions, so jarringly out of pattern, far from the alleged account holder’s home? Why did no one call to verify the first-ever cash withdrawals from two nearly dormant accounts, in rapid succession, from different branches across the U.S.? I got no reasonable answers. In many of today’s bank branches, it seems in-person transactions still rely heavily on paper and trust. “If the teller feels that the person standing in front of them is indeed the customer, they’ll give out the cash,” several bank employees explained to me. Am I really to believe that with more tools available than ever to detect crime, a major bank relies on employees’ “feelings” to verify customers’ identities?

Mobile financial services can’t expand fast enough, in my opinion. Though nothing is foolproof, a mobile phone seems like a good starting point for verifying a customer’s identity and immediate physical location. And hopes are high for emerging biometric methods we’re reporting on lately—using consumers’ fingerprints, voices and facial expressions—as identity verification. Maybe the day is coming soon when these security methods become effective, affordable and convenient enough to stop fraud before it gets started. But before that happens, it seems we still have work to do. I’m not saying we shouldn’t invest in new fraud-fighting technologies, but we also have to remember how important  it is to use the most basic, low-tech control we have—common sense.

Kate Fitzgerald covers emerging payments at Paybefore. She can be reached at [email protected].

In Viewpoints, prepaid and emerging payment professionals share their perspectives on the industry. Paybefore endeavors to present many points of view to offer readers new insights and information. The opinions expressed in Viewpoints are not necessarily those of Paybefore.