The network approach to fighting fraud

“We are all leaning into the web3 revolution. And it's interesting, because none of us really know exactly what to make of it. Except the fraudsters,” said Visa’s Mike Lemberger, Regional Risk Officer, North America, who spoke at Tearsheet’s recent The Power of Payments conference.

As technology evolves, so does fraud. But some techniques from the past have persisted. In May this year, the Department of Justice (DOJ) sentenced Leroy Holmes to five years in federal prison due to his affiliation with counterfeit card encoding scams. Holmes is connected to the creation of 600 credit, debit, and gift cards which resulted in the loss of at least $212,000 to FIs, businesses and cardholders. 

According to the courts, Holmes used financial information to create counterfeit cards, which he then used to purchase gas at stations in Pennsylvania and Maryland, and then sold this fuel to truckers for payments in cash.

Although it is currently unknown as to how Holmes obtained the financial information needed to create counterfeit cards, methods like obtaining financial information from the dark web or skimming card information from POS have already been widely used by bad actors before. 

The scale

36% of all banking customers in the United States report experiencing some form of financial fraud in the past 12 months, according to J.D. Power. Tactics like skimming cards at POS have also been used on electronics benefit transfer cards to steal $38.9 million in funds from low-income card holders. In March, 15 individuals were arrested for this kind of fraudulent activity.

Customers can look out for card skimmers by looking for damage on the equipment, noticing whether the machine is convex, or wiggling the card reader before payment – nearly all of these methods are impractical in the real world. Customers are generally in a hurry when they pay at supermarkets and can't afford to fiddle with the machinery, partly because it is inaccessible and also because it may seem disorderly.

In this scenario, the only guardrail against this kind of fraud is checking bank account activity. This is perhaps why 64% of customers report that they view being alerted about suspicious activity as a sign of their bank’s care towards its customers. However, only 31% report receiving alerts about suspicious transactions.

Moreover, there are ways to steal financial information without needing to skim cards. An Ohio based woman who was employed by a third-party srvice to work as a customer service representative for the U.S. Bank was accused of stealing $1.1 million from customers by gaining access to their banking information, according to federal prosecutors. These kinds of crimes not only weigh heavily on the customers but cast doubts on a bank’s reputation as well as channels of help and communication.

Preventing and identifying fraud

Novel technologies like AI can make identifying fraud even more difficult. To combat these evolving and persisting methodologies, players in the payment space are undertaking more holistic approaches:

• Early Warning Services (EWS), the fintech behind the payments system Zelle, compiles data from FIs across the country to determine an applicant’s risk of fraud. Last year it also launched Verify Identity which detects synthetic identity fraud, which is expected to cost the industry $2.42 billion by 2023.
• Plaid just launched Beacon, where participating financial institutions and fintechs can report via API instances of fraud like stolen and synthetic identities as well as account takeovers. They can also use the Beacon network to detect if a specific identity has been associated with fraudulent activity at other institutions working with Plaid.
• Visa monitors its network to identify the people that are trying to infiltrate it. Rather than limiting its line of sight to the traditional internet, Visa has also started to monitor the deep web, in order to identify stolen identities and other financial information that can be used for carrying out fraud, early in the process.
• Stripe is using GPT-4 to identify and flag posts that are trying to pry critical information about its networks and clients on its forums. By using syntax analysis, GPT-4 can highlight suspicious posts for Stripe’s fraud team which can then follow up on the post. Stripe also launched its Enhanced Issuer Network, where card issuers can incorporate Stripe’s Radar fraud scores into their own authorization and decisioning workflows. Banks like Capital One have already signed up and use the Radar fraud scores in the Enhanced Decisioning Data API.

A common thread among these launches is the network approach. While Visa is moving towards a top down view of all of its networks, Plaid is sharing the information it has on suspicious accounts and identities with all of its clients through Beacon. Similarly, Stripe is using its connections to multiple payment networks and passing on that information to its clients like Discover and Capital One. All of these efforts considerably widen the fraud detection aperture that FIs have and allow them to access information about fraudulent activities that would otherwise be locked within separate organizations.

This approach also highlights the position that network providers and payment processors have in the industry. Firms like Stripe and Plaid have become the connective tissue of the modern financial ecosystem. As such they can enable knowledge and information transfer, without the need for explicit partnerships between competing FIs.