Financial Crime
February 17, 2025
Traditional online banking fraud prevention strategies focus on mitigating losses by targeting individual cases of fraud – for example by preventing a bad actor from creating a new account with stolen credentials.
Focusing on mitigation rather than total prevention means that whilst fraudsters constantly evolve and innovate, the fraudsters put in place solutions to stop them do so only partially, and inconsistently.
This is why the narrative around consumer safety in online banking and digital commerce has been evolving. Whilst it was once focused on simply preventing the direct losses that occur as a result of online fraud, it is beginning to adopt a far broader perspective, within which the notion of trust is fundamental.
Banks need to build up their own trust with their customers by ensuring that customers are who they say they are and have only legitimate intentions.
The only way in which to do this is through assessing their behavior on a granular level – the more specific a bank can be about each customer’s usual behavior, the less likely they are to stop or hold up legitimate transactions or let a bad actor slip through the net.
This will also help ensure legitimate customers’ online journeys and interactions are not unnecessarily slowed down or halted, maintaining the frictionless online experience users demand.
However, delivering a seamless experience needs to be balanced with security measures comprehensive enough to engender reciprocal customer trust in the bank itself.
Customers must also be able to trust their banks can keep their funds safe and identities secure.
Banks can do this by creating a secure online environment for customers so they need not fear becoming a victim of fraud at any point through the customer journey from easily setting up accounts, accessing funds or making payments.
Some types of fraud attacks don’t necessarily take place within the bank’s infrastructure. For example, a phishing or RAT-in-the-Browser attack could lead customers to counterfeit browser pages that mimic their bank’s branding.
Customers attacked in this manner may then attempt to login and in doing so accidentally pass on their credentials to fraudsters who can use them to perform an account takeover (ATO) on the actual website.
This is an example of why banks need to change their mindset from preventing direct losses from just preventing online banking fraud to establishing customer trust and safety.
Although banks might initially feel as though this falls outside of their jurisdiction, customers who fall victim to these kinds of fraud described here would think they were interacting with the bank.
When they find out what happened, it is the bank they lose faith in and they will easily make the decision to change banks as a fallout.
To instill trust, banks need to protect customers at all points of their online journey, but going too far with security measures can result in banks losing customers to organizations offering easier online banking processes.
It’s in this way that traditional fraud prevention can become the enemy of customer satisfaction and limit business growth.
Banks need to find a way to balance safety with frictionless user experiences.
This goal can be achieved by broadening anti-fraud horizons to encompass trust and safety, and working proactively to counteract online banking fraud, through investing in a solution which incorporates behavioral biometrics into its authentication processes.
Furthermore, this solution should analyze user behavior on an individual basis instead of comparing clusters of ‘good’ or ‘bad’ users and allowing fraudsters to fall through the net and customer trust to be affected.
Such a solution should seamlessly protect across the entire customer journey instead of only at one point of interaction.
Previously identified fraudster behavior needs to be front and center to secure against attacks, in order to pinpoint and weed out fraudsters from legitimate customers.
The bonus of using behavioral biometrics to establish trust and safety with banking customers, is that the behavioral analysis can occur constantly and invisibly to the user – throughout the customer journey – delivering a risk score to the bank from all interactions without administering additional, friction filled authentications.
Implementing a trust and safety mindset in an organization is by no means a niche trend – tech giants such as Google, Facebook and Airbnb have all invested in specific Trust and Safety departments – but it is a disruptive idea.
If banks plan holistically, utilizing a wealth of none personally identifiable information readily available from each user across their entire lifecycle, instead of at individual points, they can comprehensibly prevent fraud rather than simply mitigate its effects.
Mitigation cannot easily be scaled and can negatively impact business growth.
But if banks think proactively and create an anti-fraud strategy that deploys deep learning technology to analyze behavioral biometric data, and more they can utilize automated tools that scale and can adapt quickly to evolving threats helping banks remain agile in their fight against fraud.
Banks can then adapt and evolve as they encounter new fraud patterns in real time (and even detect fraud patterns before they have happened), while maintaining customers’ trust and delivering great user experiences.
The Payments Association
St Clement’s House
27 Clements Lane
London EC4N 7AE
© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.
Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
