$68 trillion will transfer over the next decade to a digitally native population. Are you ready for the next generation of wealth?
The truth is, most banks have been slow to react. According to a 2020 finding by Statista, banks’ technology spend will hit nearly $300 billion this year alone. However, these investments primarily focus on the front-end interactions with consumers. On the back-end, some banks are still operating the same way they did 20 years ago in a very manual and analog environment. This leaves even the highest-asset banks susceptible to high-level fraud attacks. The differentiator lies in the ability to orchestrate real-time decisioning and risk mitigation seamlessly within a user-friendly digital customer experience.
Many banks have taken the “if it ain’t broke, don’t fix it” approach and relied heavily on the branch model. In 2020, the branch model broke. A decade of digital adoption was condensed into a matter of months.
Fraud Trends
How can financial institutions digitize in a modern banking framework while automating and improving their fraud and verification processes? Our team at Amount has issued over $7.5 billion in digital originations and have learned a few things over the years. Let’s dive deeper into the fraud trends shaping the banking industry in 2020 and beyond.
Application Fraud Rate
Application fraud rate is the number of fraud attempts as a percentage of application volume. Broadly, the blended application fraud rate is between 1% and 2%, but we’ve seen rates as high as 5% across our bank partners over the last year. While these numbers may seem insignificant, it’s enough to inundate an unprepared digital lending program without proper fraud mitigation. Fraudulent actors often present themselves as motivated customers that will do whatever it takes to secure the funds. To understand the true impact of this application fraud, it’s important to see how this fraud manifests itself over time.
Wolves at the door: fraud vs. time
Financial institutions must be ready to confront fraudulent actors on day one. For example, the consistency and relentlessness of fraudulent actors attempting to defraud our bank partners went down over time with implementation of automated fraud and verification (figure 1), but still varied heavily by partner (figure 2).

So what really drives the difference in application fraud rate across these financial institutions?
While there are a few key factors, we found that fraud rates vary greatly by channel mix. Coordinated fraud overwhelmingly favors organic traffic, whereas family fraud is twice as likely via direct mail or paid advertising channels. Other leading indicators include the bank’s lending footprint itself and the regions in which they lend money.
You have to understand the problem before you can come up with solutions. You need to be identifying the types of fraud and systematically understanding the signs and symptoms of each. It also means differentiating credit losses and fraud losses.
Types of Fraud in the Banking Industry
Identifying the various approaches used by these fraudulent actors as well as their prevalence determines how to prioritize solutions based on their financial impact. Let’s break down what we have seen across different categories of fraud.

The opportunistic looter
Broadly described as one-off crimes of desperation that are not very planned out, these types of fraud attacks are easily thwarted with traditional authentication tactics.
Family fraud
This type of fraud represents cases of family dysfunction and can include acts of revenge, elder abuse, and more. These fraudulent actors usually take advantage of the access they have to their family member’s personally identifiable information (PII). These are slightly more challenging to prevent because these fraudulent actors have deeper access to the victim, including access to email, phone, bank account, and enough knowledge to thwart knowledge-based authentication (KBA) tactics.
Coordinated fraud
These are crimes of opportunity, wherein criminals have access to a large pool of identities and probe for weaknesses in fraud mitigation strategy until they ultimately find a loophole and exploit it at-scale.
These highly-sophisticated fraudsters are essentially attempting to crack a safe over a long period of time — months, if not years. We have seen evidence of these criminals essentially “A/B testing” different combinations of inputs to a given lending program — such as loan amount, income amount, employment status, or loan purpose — to find the loophole.
Synthetic fraud
Synthetic fraud is an emerging fraud trend and one that is among the most challenging to detect. It differentiates itself from the aforementioned identity theft patterns because synthetic fraud is technically a “victimless” crime. Synthetic identities are not real people. They are exploitations of the identity gaps in how the credit bureaus operate, new credit files are created against any observed combination of identity elements and do not directly correlate to a true identity.
Because these aren’t real people, these crimes will never be reported. There are two primary types of synthetic fraud:
- First-party: Based on the real identity of the applicant with limited changes being made to the SSN or other identity elements. These are often used by individuals to hide a previous history and gain access to credit and credit repair.
- Third-party: Identities invented out of thin air that have no correlation to the true underlying identity of the criminal. This type of synthetic fraud is used purely to steal funds.
As we studied each category, we found one major theme: fraudulent actors are individualistic and their tactics are often unpredictable.
Fraud Case Studies
Fraudsters are often counterintuitive. 73% of fraud cases actually made their first loan payment, concealing the crime for a period of time to make the most of the opportunity later. Secondly, 63% of cases took out less than the maximum loan amount they were approved for, a behavior highly indicative of the “safe-cracking” pattern of coordinated fraudsters.
Case study #1
Our first case study is of a coordinated identity fraud attack that was conducted against a financial institution in the UK.
What happened?
Amount observed a sharp increase in first payment defaults month-over-month. An investigation uncovered a coordinated fraud attack that affected more than 500 accounts.
Fraud ring tactics
Some of the interesting tactics we discovered upon investigation echo the same safe-cracking behaviors outlined previously:
- 95% of these fraudulent accounts claimed to make £2,500 monthly net income, falling just below a threshold in the partner’s policy that would have required additional diligence.
- This fraud ring passed KBA at a rate of 98% versus the normal population which passes at a rate of 80%, rendering this authentication tool useless.
- The fraudsters eluded device fingerprinting flags by swapping their PC card and wiping their cookies repeatedly.
- The coup-de-gras involved sophisticated fake bank statements that contained overlaid modifying text upon legitimate bank statements to make it appear that the applicant owned the bank account.
Lessons learned
This fraud case study shows that old risk screening tools (device fingerprinting and KBA) proved to be insufficient in isolating the fraud. We also learned that it was critical to have the type of sophistication in document screening processes that could detect fraudulent modifications of original documents imperceptible to the human eye. Finally, we learned that it was extremely important to invest in velocity based alerting that could begin to flag some of the commonalities of these coordinated cases (loan amount, passwords, etc.).
Case study #2
Our second case study showcases a coordinated multi-layer identity fraud attack that was conducted against a leading bank.
What happened?
Amount received a tip on two accounts and leveraged this intel to identify several hundred additional fraudulent accounts that didn’t initially appear to be suspicious at a money center bank.
Fraud ring tactics
The tactics we discovered upon investigation show a highly complex layered fraud that utilized multiple tactics:
- Virtual machines to make it appear they were applying from a different location.
- Voice over Internet Protocol (VOIP) to impersonate customers and newly created emails.
- All accounts were making payments and were able to contact the bank to freeze assets on accounts.
- Accounts were funded due to fraudulent internal bank documents.
Lessons learned
Fraud rings are becoming increasingly sophisticated, complex, and organized, and relaxed fraud checks for opening deposit accounts have become a gateway for future fraud. Qualitative insights must be combined with quantitative analysis to identify highly sophisticated fraud attacks.
Frausters never sleep. Neither should your technology.
If one thing is clear, the fraud trends impacting the banking industry are vast. These fraud rings are constantly employing new tactics and finding ways to slip through the legacy system gaps that are present in many banks. Based on Amount’s observations, the fraud learning curve is 2-3 years long and extremely unforgiving. The drumbeat of fraudulent attempts is consistent and diverse. The tactics of criminals are as diverse as the individuals committing the crimes. As these criminals continue to evolve, so do we. The fight against fraud and minimizing loss rates never sleeps.
Stop losses. Bring your bank’s fraud and verification processes up-to-speed with Amount 360. Amount 360 seamlessly integrates into your existing origination process via a single lightweight API, and allows you to tailor a fraud and verification policy to best fit your business needs.
