Fraud in Financial Services

13 March 2024

Fraud is now the most frequently reported crime in the UK, representing 41% of offences reported to police. Adding to the challenge, only around 1% of fraud cases result in prosecution. UK Finance, the collective voice for the banking and finance industry, reported in its annual fraud report that £1.2 bn was stolen through fraud in 2022. Figures obtained by RSM UK under a freedom of information request also show a 10% rise in reported cases of fraud committed by employees against their employers. Banks and building societies are natural targets for fraud-related crimes, as there’s a lot of money and sensitive data at play. Therefore, it’s crucial for them to understand the fraud risks associated with their operations in order to best prevent future attacks.

Fraud risks in finance

The table below explores various types of risks, in addition to employee fraud, that banks and building societies face. 

Type of fraud Mitigation
Change of bank account fraud 
Involves fraudsters attempting to change the bank account details for payments or direct debits, redirecting payments to their own accounts or money mule accounts. 
  • Verify any change of account requests through secondary channels.
  • Confirm key details, ensuring they match existing account details.
  • Require in-person verification or signature for major account changes where appropriate.
  • Alert customers of changes to account details for verification.
Identity theft and account takeover fraud
Involves fraudsters stealing personal information or using impersonation techniques to open new accounts or take over existing accounts. 
  • Use multi-factor authentication when opening new accounts or accessing existing accounts.
  • Require additional verification beyond usernames and passwords.
  • Use behavioural analytics and monitoring to detect suspicious or anomalous activity that may indicate fraud.
  • Educate customers on protecting personal information and recognising fraud.
Application fraud 
Involves providing false information on applications for loans, accounts or services.
  • Verify application information against credit reports, employment data, and public records to identify discrepancies.
  • Employ rules-based systems to flag applications with characteristics that match known fraud patterns.
  • Contact the applicant directly to confirm application details.
Payment/transaction fraud 
Involves using stolen payment card data to make unauthorised purchases or transferring funds without permission.
  • Employ machine learning on transaction data to detect out-of-pattern spending behaviour. 
  • Use multi-factor authentication for large transactions or money transfers.
Insider fraud 
Involves internal employees misusing their system access to steal money or data.
  • Limit employee access to sensitive customer data or monetary functions and ensure clear separation of duties.
  • Require strong passwords that need to be frequently updated.
  • Use behaviour analytics tools to detect suspicious employee activity.
  • Conduct background checks on new hires.

Increased fraud threat through hybrid working 

Since the pandemic, there has been a rapid shift to extensive hybrid working, bringing significant benefits for the workforces of banks and building societies. In fact, our People Perspectives survey identified hybrid working as the top benefit offered to attract or retain employees at 41%. Meanwhile, 57% of respondents had already begun, or were considering, upskilling managers to better manage a hybrid workforce. A recent survey has also found that UK employees are working from home more than workers in other European countries, doing so for an average of 1.5 days a week. However, these agile working patterns present an increased exposure to fraud risks, including heightened cyber security vulnerabilities, weaker preventative controls, misuse of sensitive data, increased insider collusion opportunities, and new avenues for social engineering attacks.

It’s key for banks and building societies to balance the benefits of agile working with strong preventative measures, auditing, and oversight controls. Ongoing risk assessments and fraud prevention training for the workforce are also critical.

Conclusion

As the landscape of agile working evolves and technologies including generative artificial intelligence develop, banks and building societies are faced with an increased fraud risk. To counteract this, they find themselves needing to bolster their fraud defences. Just as importantly, there is an increasing need to foster an ethical and risk-aware culture. This can be achieved through frequent and bespoke workforce education on fraud red flags and effective security habits, applicable to both remote and in-branch work. Leadership must clearly communicate expectations around information security, data privacy and fraud prevention in an agile environment.

As well as a continuous assessment of current obligations to prevent financial crime, banks and building societies will need to ensure that they consider the ‘failure to prevent’ offence, introduced by the Economic Crime and Corporate Transparency Bill in October 2023.