Fraud Monitoring: Definition, Importance & Defenses

Learn how User Migration with Okta reduced unexpected password resets and reduces helpdesk calls and support issues.
Read more
Okta
Updated: 05/26/2022 - 2:36
Time to read: 7 minutes

Fraud monitoring is a fraud prevention strategy that works by continuously monitoring digital actions to detect fraud, recognize risks, and stop and prevent fraud attacks. It is regularly used by financial institutions to protect both customers and banks alike. 

Using artificial intelligence (AI), fraud monitoring programs can sift through large amounts of data in a short time, learning along the way to recognize threats as they emerge.

In 2020, there were well over 2 million fraud reports made to the Federal Trade Commission (FTC), a number that continues to rise as people shift to an even bigger digital presence. Fraud monitoring can help to minimize the risks and losses related to digital threats.

What Is Fraud Monitoring?

Monitoring behaviors and activities can help to prevent and detect fraud by continuously analyzing all of the actions throughout an entire session. This goes beyond just a financial transaction and looks at the login, changes to account profiles, and any activities that are done on a customer’s behalf. 

Fraud monitoring can deal with current and evolving threats, as it looks at the whole picture to determine if something seems off. These anti-fraud systems can then react in real time to manage the threat and prevent losses to both company and customer. 

Fraud monitoring can:

  • Prevent fraud.
  • Flag suspicious behavior.
  • Detect fraud.
  • Recognize emerging threats.
  • Stop a threat in real time.

Types of Fraud Monitoring

Fraud monitoring looks for various types of fraud through detection and prevention measures. Continuous fraud monitoring looks at a typical user’s digital footprint (how they interact online) and continually watches for anomalies. Bad actors often use software bots to perpetuate fraud, and fraud monitoring systems can identify when there may not be a real person behind the actions being taken — when fraud is being committed. 

Continuous transaction monitoring looks at all of the user’s actions, from sensitive to non-sensitive ones. These anti-fraud programs will look at everything from start to finish to detect patterns of fraud. Fraud often follows specific patterns, and continuous monitoring can identify and flag these patterns as potentially fraudulent. 

Evolving Fraud Calls for Adaptive Methods

Standard methods of detecting fraud are not always enough, as bad actors are getting smarter and adapting to get around traditional measures. For instance, fraudsters are creating synthetic identities that can often pass a credit check and can go unnoticed as a legitimate customer is not being defrauded, which can be caught. 

Fraud detection and fraud monitoring tools need to constantly evolve to keep up with the bad actors. Ideally, they can stay one step ahead of them.

Detection of Fraud

Fraud detection prevents bad actors from making financial or other transactions through false means. It is an important aspect of fraud monitoring. 

One of the most basic forms of fraud detection is identity verification, which ensures that the user is who they say they are and actually a legitimate customer making the transaction.

Fraud can be perpetuated in a variety of ways, from taking over an account (identity theft) to stealing credit card information to embezzlement. Fraud detection methods must then also be dynamic and go beyond just verifying identity at the customer login. 

Fraud can impact many different industries and sectors, including these:

  • Banks
  • Health care
  • Insurance
  • Government
  • Retail establishments

Fraud monitoring programs can screen for fraud and fraudulent activities often by using analytical models that can identify predictors of fraud based on patterns and models that fraudsters have used in the past. Fraud often follows historical patterns, and fraud detection watches for these patterns to spot potential takeovers or hackers in the system.

Role of Machine Learning

AI, or machine learning, can read patterns and data, using analytics to distinguish between fraudulent behaviors and legitimate customer interactions

Machine learning is efficient and can read vast quantities of data quickly without human interaction. It can also adapt and “learn” patterns over time to aid in spotting new and evolving threats as they arise. Machine learning can also decrease the number of “false positives” that are flagged.

There are several components to machine learning for fraud detection and monitoring.

  • Behavioral profiles: Machine learning can learn and interpret the way that individuals, merchants, devices, and accounts act to recognize legitimate behaviors and users.
  • Supervised machine learning: There are many different types of fraud and fraud schemes that have already been tracked. With supervised learning, machines can be taught to recognize these familiar patterns as fraudulent behaviors. Machine learning can quickly filter through these massive amounts of data to find and flag relevant patterns.
  • Unsupervised machine learning: This is when the AI adapts to recognize anomalies that are not previously flagged patterns of fraud, but are still outside of the normal patterns of legitimate user behavior. This works to detect new patterns of fraud.
  • Adaptive analytics: Based on feedback from fraud analysts, machine learning models are continuously updated to reflect new patterns and to keep evolving as things change at a rapid pace.

What Happens When Fraud Is Discovered

When a fraud monitoring program suspects fraud, it does not immediately shut the transaction down. Instead, it increases the authentication security to determine if the user and actions are indeed legitimate. This is done to avoid interrupting the customer experience unless the risk is deemed too high. 

Fraud identification tools can flag a transaction for a number of reasons, such as:

  • Different location of login.
  • Unusual timing of transaction.
  • Higher dollar amount requested than usual.
  • Logging in from different platforms or devices.

When this happens, instead of rejecting or putting the transaction on hold, the anti-fraud system will initiate a step-up authentication challenge. The method used is designed to match the transaction’s level of risk. 

When step-up authentication challenges are triggered, they will ask for additional credentials to continue completing the transaction. This method helps to keep a balance between friction to the customer and risk.

Benefits of Fraud Monitoring for Customers

Fraud monitoring happens in the background and can create a more seamless customer experience. Fraud monitoring tools use authentication tools and processes based on risk, for example, and low-risk transactions are not generally impacted. Higher-risk transactions will require greater levels of authentication and fraud monitoring techniques.

With fraud monitoring tools working behind the scenes, the user’s experience is typically not interrupted. It can also limit the number of potential false positives to improve the customer experience. 

Fraud monitoring can prevent financial and property loss in the event of an account takeover by recognizing that a bad actor is in control and not the legitimate user. Fraud monitoring tools help to enhance customer satisfaction, loyalty, and confidence in an institution’s security measures to keep their identity and money safe.

Fraud Monitoring and Compliance

The Payment Card Industry Data Security Standard (PCI DSS) applies to any merchant that handles cardholder data. It lines out specific security measures that must be upheld to protect this data to be in compliance with the PCI Security Standards Council. It requires businesses to have firewalls, security measures, anti-virus programs, encryption, and basic fraud monitoring processes, including developing and maintaining a secure system as well as classifying and identifying risks.

The European Union (EU) has implemented an even stricter law called the Revised Payment Services Directive (PSD2) that requires financial institutions and all payment providers to adhere to. Institutions must use fraud monitoring tools to be in compliance. 

There are several main security criteria needed to be in compliance under the PSD2, which include:

  • Strong customer authentication. It must use at least a two-factor authentication, which can include passwords, PINs, biometrics, mobile devices or tokens.
  • Transaction monitoring and risk analysis. Fraud monitoring tools are to detect and prevent fraudulent transactions.
  • Dynamic linking of payment transactions. The authentication code needs to be dynamically linked to the payee and transaction amount.
  • Replication protection. Applications must have dedicated mobile-app cloning countermeasures in place.
  • Independent elements to minimize risk from compromised mobile devices. Security measures must be used.

The same strict open banking compliance rules do not yet exist in the United States; however, things are trending in this direction. Due to globalization and the fact that many companies and customers do business overseas, compliance with fraud monitoring is often necessary to complete these transactions. 

References

New Data Shows FTC Received 2.2 Million Fraud Reports from Consumers in 2020. (February 2021). Federal Trade Commission (FTC). 

Capturing These Three Data Types Can Transform Your Fraud Monitoring. (February 2021). American Bankers Association (ABA) Banking Journal.

Fraud: 5 Hot Scams in 2021, and How to Avoid Them. (April 2021). Forbes.

Fraud Detection. (2018). Handbook of Statistical Analysis and Data Mining Applications (Second Edition). 

5 Keys to Using AI and Machine Learning in Fraud Detection. (July 2018). FICO. 

Securing the Future of Payments Together. (2021). PCI Security Standards Council.

Payment Services (PSD 2) – Directive (EU) 2015/2366. European Commission.