Share this post

In recent years, online banking and financial fraud have grown into a massive industry for cyber-criminals – as it continues to prove a low-risk, high-reward endeavor. Fraud teams at banks and other financial institutions are overwhelmed by the sheer number of fraud alerts they receive.

A situation only made worse by the many false positives and negatives that arise from implementing traditional anti-fraud solutions. A new approach is urgently needed to save time and money.

When inundated with fraud alerts, analysts have to prioritize them based on the risk level of each and then decide how to act. This process is naturally time-consuming since analysts must first determine which threats to escalate and what actions to take against these threats.

Whilst this is happening, fraudsters are often free to continue jumping from victim to victim. Thus, financial institutions can often find themselves sucked into a constant game of cat-and-mouse.

This lengthy process is also expensive – resulting in high operational costs, in addition to any fraud losses along with possible brand damage. Reducing false negatives and false positives and automating alert processing can take the burden off fraud teams.


Reducing false positives and negatives

One of the main causes of high fraud operational costs is fraud teams having to deal with many false negatives and false positives. These types of alerts can occur for several reasons. One example is Friendly Account Takeover when a friend or family member uses the owner’s legitimate account. With the ongoing rise in the adoption of online banking services by less tech-savvy users, this can be a common occurrence.

While the perpetrator of this so-called ‘friendly fraud’ may have the account’s legitimate security details, some anti-fraud systems will pick up that the user is not the owner of the account.

Fraud teams are often overwhelmed with alerts regarding this circumstance, despite no actual malicious activity occurring – whilst their time and resources are needed for genuine threats.

Financial institutions, therefore, need to invest in a solution that treats anomalies detected when friends or family are helping account owners as low risk – thereby avoiding the friction that false positives can cause, and freeing up fraud analysts to focus on high-risk threats.


‘Know Your User’

Another reason for the high volume of false positives and negatives is how traditional online fraud prevention methods approach looking for bad actors. Typical approaches profile users into ‘clusters’ of good or bad actors.

This type of profiling requires fraud prevention solutions to comb through massive databases containing millions of bad actor or good actor attributes to find a match. This process can also classify a lot of new users as unclassified – neither good nor bad. And it is unclassified bad actors who are in fact, responsible for the majority of online fraud. Instead of using this profiling approach, a new way to analyze users examines each user on an individual, more granular level, including analyzing their current behavior compared with their past behavior.

This revolutionary Know Your User’ (KYU) approach analyses the risk of every user interaction by continuously examining their behavior combined with device and network assessments and allows financial institutions to build ‘cyber profiles’ for every user.

These BionicIDs are unique to each user – a bit like a digital fingerprint – and are created using continuous behavioral biometric analysis, which occurs ‘behind-the-scenes’ and thus does not disrupt the user experience.

A focus on recognizing each user and building their BionicID again greatly reduces the number of false positives and negatives. It thus dramatically reduces both fraud losses and the costs of online fraud prevention operations.


Automating fraud response

Fraud teams would be better served with tools that allow them to be proactive in their fight against fraud – instead of relying on just detection and alerting processes. The most efficient way to prevent fraud losses is to allow fraud teams to configure automated responses that prevent attacks and block known bad actors – thus minimizing the workload of fraud analysts whilst stopping fraud in its tracks.

More importantly, fraud teams can adjust the level of response depending on the risk, maintaining complete control over the online fraud prevention process.

For example, a team could configure lower-risk fraud alerts to result in an automatic step-up in authentication, such as sending an OTP to the user’s phone.

In fact, financial institutions can implement a proactive mindset to prevent fraud across the board through a strategy centered around an Active Defense to take the pressure off their fraud teams. In cybersecurity, ‘active defense’ refers to deploying actions that make it more complex and costly for cyber adversaries to carry out their attacks.

These actions aim to confuse attackers with traps and advanced forensics and often provide an automated incident response to increase the work required for the attackers and decrease the work for the defenders.

Using an Active Defense to fight online fraud is a game-changer. Automating the handling of most types of alerts can automatically and proactively prevent fraud losses, allowing fraud teams to focus on the more complicated and most crucial investigations.


The banks and financial institutions of today can often feel as if they are stuck between a rock and a hard place: with, on the one hand, online fraud ever-increasing in scope, sophistication, and frequency, and, on the other, fraud teams that are in short supply and overworked – inundated with a never-ending flood of fraud alerts and notifications.

Fortunately, the modern technological advances which have helped online attackers can also benefit the defenders. With the advent of new tools specifically designed to support fraud teams, through methods such as automation, behavioral biometrics, and Know Your User, fraud analysts will now be well-equipped to effectively and efficiently deal with the ever-evolving landscape of online banking and financial fraud.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?