Case Studies

How Social Media “Influencers” Are Taking Financial Fraud Viral—and How CEOs, CIOs, & CROs Can Fight Back

Location:
United States

Financial fraud is going viral, overwhelming the capabilities of banks and credit unions. Getting ahead of the curve requires rapid standardization of investigation activities, automation to handle the volume, and data analytics to reduce subjective decision-making

A CEO-level problem: How to regain control of fraud and manage the volume

All across the United States, banks and credit unions are facing an unprecedented influx of fraud cases. Just one statistic: according to the Federal Trade Commission, in the last five years, U.S. fraud losses due to bank transfers or payments has grown sevenfold—from less than $2.5 billion in 2019 to more than $17.5 billion in 2023.

It feels like bank fraud is going viral… Because it is.

Influencers are selling “how-to-scam” classes on social media sites and profiting from teaching hundreds of thousands of tech-savvy scammers how to skim cards, write fraudulent checks—and scam banks, credit unions and their customers/members.

But the same automation technology that’s enabling these scammers to defraud banks and credit unions also provides a scalable solution for combating the fraud. You can’t manage the influx of fraud simply by throwing more people at the problem. You need automation, and for that, you need standardization. This article explains how.

A brief note about The Lab Consulting before getting into the details:
For more than three decades, The Lab Consulting has routinely resolved “urgent business problems” and transformed processes for banks, credit unions, their executives, and boards. By applying our patented Knowledge Work Standardization® methodology, we improve operations and efficiency, rapidly enabling digital technologies such as robotic process automation (RPA) and artificial intelligence.

For example, at the height of the COVID pandemic, we helped our clients automate hundreds of thousands of PPP loan applications with RPA bots when no other automated solution was available—in less than 72 hours. And we’ve implemented hundreds of fraud-processing bots for banks and credit unions—the subject of this article—to help scale processing capacity in the back office to handle the sheer volume of fraud.

Why Bank/Credit Union Fraud Is on the Rise
  • Social media bank fraud “influencers”
  • Bots, AI
  • Lowered technology barriers to entry
  • Hacked fraud data marketplaces 

Why Bank/Credit Union Fraud Is on the Rise

Yes, there are actually social media bank-fraud “influencers”

Just as there are social media “influencers” for fashion and music, there are influencers for scam and fraud, too, with hundreds of thousands of followers online. They bolster their reputations—and their following—by posting classes and guides that teach their “scam students,” step by step, how to commit wire fraud and other financial crimes.

There’s even a sub-genre of rap music, “Scam Rap,” with videos on YouTube that teach impressionable viewers how to commit bank fraud for fast money. These scam rappers flash jewelry, expensive cars and million-dollar homes (presumably rented) to boost their credibility in front of their followers. Their posts quickly go viral, educating massive numbers of other fraudsters how to replicate their actions. If you read the comment sections of these posts, you’ll even see followers further coaching each other.

Such videos get millions of views on YouTube before they are taken down. A well-known (and somehow highly admired) scam rapper, “Punchmade Dev,” has a song on social media platforms, called “Wire Fraud Tutorial.” It details how to get account numbers from the dark web and use a VPN to, in his own words, “show y’all how to hit a bank… this a quick way to jug in any state.” Although the original version was taken down—after millions of views—you can still find newer uploads of it here: Viral Video: “Wire Fraud Tutorial” 

Bots, AI, and their contribution to the explosion of fraud

There is certainly a lot of hype in the media about how artificial intelligence, or AI, has contributed to the recent rise of bank fraud. That’s certainly true, but it’s only one part of the problem. Focusing solely on AI misses the hiding-in-plain-sight threat (and opportunity) posed by a subset of AI, specifically “intelligent automation,” commonly referred to as “bots.” We are seeing more and more use of bots as the delivery system for massive and overwhelming attacks against our regional and community bank and credit union clients.

You may have heard of people using bots to cut shopping lines on the internet to gobble up high-value tennis or basketball shoes. That same methodology is being used to attempt the creation of fraudulent bank accounts. These bots simultaneously send hundreds of applications to digital account-opening systems—yours and scores of other banks—20- to 30-times faster than a human could. It’s a numbers game, hoping that one account will hit. In fact, The Lab has observed that as many as 80% of new deposit account requests received by digital account opening systems are fraudulent. Each one of these must be manually reviewed and processed by back-office staff.

Lowered technology barriers to entry for bank/credit union fraudsters

The recent “democratization” of bots has exacerbated the challenge: barriers to entry, both technical skill and cost, have effectively evaporated. To give you an idea of just how democratized this technology has become, automation capabilities that used to require tens of thousands of dollars in annual licensing fees and an in-depth understanding of programming and machine language can now be purchased via a basic Microsoft Power Automate license for about 15 dollars a month.

Consequently, bad actors are now deploying combinations of low-cost or free robotic process automation, intelligent automation, and Python code (collectively referred to as “bots”) to launch fraudulent, AI-generated materials (such as fake check scans and credit applications) in overwhelming numbers. These attacks are reminiscent of a “denial-of-service” attack, except instead of overwhelming a website these attacks overwhelm back-office staff in banks and credit unions. Staff should be weeding out a small minority of fraud cases from a huge majority of legitimate input. Instead, the situation is reversed, with workers struggling to cope with a flood of fraudulent transactions. It’s putting tremendous stress on risk organizations across the banking industry.

Scam influencers have online stores and marketplaces where their followers can buy:

Credentials for bank accounts with certain dollar amounts in them to hack

One time password hacking bots – for $80, this enables scammers to intercept SMS and email codes from oblivious victims, aiding in the takeover of mobile phones and email addresses through 2FA codes.

Linkable credit card numbers with $7-10k in available credit that attach to Cashapp, PayPal and Apple Pay

The multiple challenges of fraud at banks and credit unions

Exploding fraud volumes generate the obvious risk of both financial and reputational loss. But there’s also a pressing need to address fraud to remain compliant with regulations such as KYC (Know Your Customer), AML (Anti-Money Laundering), BSA (Bank Secrecy Act), Reg. E (which requires prompt response to customer claims of unauthorized electronic fund transfers), and others. These all require investigation, preparation, and submission of reams of paperwork, including Reg. E letters, Suspicious Activity Reports (SARs), Currency Transaction Reports (CTRs), and others. The back-office work for each fraud instance is astounding (teaser—a large amount of that work is also automatable).

Today’s fraud overload poses three major challenges to banks and credit unions:

Fraud is a customer service challenge.

No one wants to see a fraudulent ACH or check withdrawal on their account. So, when victims of fraud call their bank or credit union—your bank or credit union—their hair is understandably on fire. They demand it be fixed ASAP. And no matter how well your bank or credit union does in response—even if you fix it immediately—it’s literally thankless work.

Fraud is an operational challenge.

BSA and fraud employees are burning out and quitting in droves. You can’t hire your way out of exploding fraud volumes. That’s not a scalable solution.

Fraud is also a technology challenge.

Fraud detection technology doesn’t have a quick solution. Systems like Verafin and Abrigo are currently under- automated. These systems might notify you of a “suspicious transaction,” but the processing work is all on your team. And the workflow automation upgrades needed to handle the current volumes are “three to five years out” according to the vendor.

The consequences are very real for banks and credit unions, as well as their customers and members. Overwhelmed workers cannot respond by the deadlines stipulated in regulations such as Reg. E or BSA/AML. In fact, some of The Lab’s smaller bank and credit union clients had decided to pay the fines for noncompliance—$100 to $1,000 per violation—rather than try to keep up with human workers.

increased Fraud volume poses three challenges to financial institutions leaders:
  • Customer service challenge
  • Operation challenge
  • Technology challenge

The human cost of fraud to bank and credit union teams

The increasing volume of fraud cases is proportionally affecting banks and credit unions of all sizes. BSA and fraud teams are overwhelmed. They’re burned out. They’re turning over. They can’t achieve internal service level targets, let alone those of regulators.

The recruiting problem is exacerbated by generational retirement of older, experienced workers. Gen Z and Millennials just don’t stick around to do this work. It’s not that these younger workers are lazy. It’s simply that the “Amazon Generation” is not willing to perform “stare-and-compare” activities, such as reconciling line-item entries between banking systems that don’t talk to each other.

These younger workers rightly have a reasonable expectation that technology can—and should—do this drudge work for them. Consequently, there’s a looming lack of human resources willing to backfill the gaps left by those now retiring. It’s putting a squeeze on smaller financial institutions, which are forced to draw from a shallower, local talent pool—with the need only increasing and the talent gap only widening.

Understanding operational variance as a component of bank fraud control and improvement

As mentioned above, The Lab’s approach to managing fraud has three components: standardization, automation, and advanced analytics. Standardization may be a much bigger component of an effective fraud response than you imagine.

But the numbers from The Lab’s engagements and vast database bear this out. When we work with risk officers, they’re astounded and terrified when they see the variance in their own teams—the subjectivity in the research and results of individual fraud investigators. For example, some team members classify “scenario X” as fraud; others don’t. It’s completely un-standardized, increasing the risk for the bank/credit union and the customer/member.

The limitation of fraud-detection systems

Many fraud-investigation teams cite “tools and technology” as their biggest hurdle—yet the true underlying causes are poor data quality and under-standardized processes.

What about cutting-edge fraud-detection and management systems such as Verafin, Abrigo, Jack Henry Yellow Hammer, and NICE Actimize? Although powerful, these systems act chiefly as central repositories for fraud detection, where CTR reports are managed, and SARs are saved. Automation functionality doesn’t yet exist in them and may not for three to five years or more. These systems, moreover, lack effective, automated reporting capability—any data in the system must be extracted, reviewed, manipulated, and populated manually.

Consequently, about two-thirds of fraud-team members routinely create their own tools for tasks such as case prioritization, SWIFT action forms, conversions, and more. These are typically created in Excel and reside at the desk level of each user. Each fraud investigator doing things differently, in different formats, saved on their own desktops. That’s a huge amount of unacceptable process variance.

Statistics from various client fraud process discoveries by The Lab:
  • 30 percent of investigators are responsible for 70 percent of all transaction-monitoring QA errors.
  • Nearly half of SAR writing activities are entirely manual.
  • The average SAR requires about 3 hours of work but takes 26 days to resolve.
  • One-third of the SAR work effort consists of rework, manual data transfers, and avoidable handoffs.

Solutions: Standardizing and automating your bank or credit union’s approach to fraud with bots – the “fight fire with fire” approach

Bank and credit union C-suites share one major objective for resolving fraud: Increase automation to help teams handle the overwhelming increase in fraud cases.

But automating your response to fraud requires first standardizing data, business rules, and investigation procedures. Today, these processes are tribal knowledge, highly subjective decisions left to individual investigators—a situation ripe for costly variance. That’s why The Lab helps bank and credit-union fraud departments standardize activities like compiling data for alert processing, pre-populating fraud reporting templates with data from the core, and even distinguishing true fraud cases from false positives.

How we standardize fraud operations to improve processes and enable automation:

First, we map the existing business processes to document the current state. Next, we identify the improvements using our proven intellectual property (IP) assets—including KPIs, benchmarks, best practices, job descriptions, work activities, automation use-cases, and more. These improvements are then packaged into discrete “modules” for implementation to achieve the best-practice, standardized, automated future state. This approach not only reduces operational variance, it also recoups meaningful operational capacity—20% to 30% or more.

Automating your bank or credit union to get control of fraud

The Lab has developed hundreds of proven bank and credit-union robotic process automation or RPA bots, with scores of them dedicated solely to managing fraud and related compliance challenges.

The Lab’s bots analyze, detect, and stop fraudulent check images and credit applications by validating data against verified internal information (e.g., core-system data) and trusted external sources (e.g., credit-reporting agencies and fraud-dispute platforms).

We created automations that not only stop the incoming fraud in its tracks but also help overwhelmed banks and credit unions remain compliant.

Real-life Robotic process automation videos: Automating your bank or credit union to get control of frauD

You can view some of The Lab’s most popular fraud/BSA/AML automation use-cases we implement:

“Super KPIs” and Advanced Analytics to Monitor and Mitigate Fraud

With standardization and automation helping to recoup capacity from overloaded teams, it’s time to add the executive and management layers of automated reporting.

Most fraud and risk teams are effectively flying blind, without clearly defined and measured key performance indicators. Most reporting is typically one-off, manually compiled in Excel, rarely stored centrally, and frequently recreated.

The Lab routinely helps bank and credit-union executive sponsors by deploying Microsoft Power BI (typically with their institutions’ existing licenses) to leverage our proven “Super KPIs.” These represent the fraud- and risk-related KPIs that matter the most for the business.

 

Don’t led fraud overwhelm your bank or credit union

The Lab has helped bank and credit-union C-suite executives, technology and business unit leads, and internal improvement teams to overcome the headwinds of today’s fraud landscape.

We can help you, too.

To book your 30-minute screensharing demo, simply call (201) 526-1200 or email info@thelabconsulting.com

Examples from The Lab’s comprehensive Bank & Credit Union KPI Handbook include:

Cost KPIs

  • AML Spending as a Percentage of Compliance Expense

Organizational KPIs

  • Anti-Money Laundering (AML) Headcount Ratio
  • Fraud Prevention Employee Headcount Ratio

Productivity KPIs

  • Chargebacks Processed per Credit/Debit Card Support Employee

Quality KPIs

  • Card Chargeback Rate
  • Percentage of Cards with Fraud Loss to Bank
  • Suspicious Activity Reports by Product Type
  • Suspicious Activity Reports by Transaction Type Service KPI
  • BSA/AML Investigation Cycle Time

Volume KPIs

  • Number of BSA Alerts
  • Number of CTRs Completed
  • Number of SARs Submitted

Schedule a call

5 beliefs that erode your earnings
learn more