The inaugural KPMG Global Banking Fraud Survey has found 61 percent of banks have reported an increase in external fraud in value and volume over the past three years. The Survey questioned banking fraud risk, investigations and security professionals in 43 banks, including eight in Australia, on the fraud threats they faced between 2016–2018.
Banks across the world said that cyber-related fraud, often leveraging information obtained from data breaches, were their most significant fraud challenge; particularly due to the increasing proportion of bank customer interactions being conducted through digital channels.
Natalie Faulkner, KPMG global fraud lead, and KPMG Australia Partner, said: “All regions of the world reported an increase in cyber-attacks, scams, identity theft and ‘Cardholder Not Present’ (CNP) frauds. This is set in the context of a changing global banking landscape, where branch networks are shrinking, volumes of digital payments are increasing and there is less customer ‘face time’. Fraudsters are creatively finding new ways to steal from banks and their customers, increasingly switching from account takeover to scams – manipulating and coercing customers into providing access to their bank account or into making payments to the fraudsters.”
“We are seeing a disproportionately high volume of scam attempts on Australians – there were 177,000 scam reports here last year, costing almost half a billion dollars. This compared to around 85,000 scam reports in the US and UK, with far bigger populations. This covers a wide variety of scams – defined in our report as ‘social engineering’ frauds – including investment, romance, crypto-currency, false billing and tax office/government agency scams.”
“Further, it should be remembered that much fraud goes unreported.”
Key findings from the KPMG global bank fraud survey
- Over half of survey respondents globally experienced increases in both external fraud total value and volume. Increasing fraud typologies globally from 2015 to 2018 include identity theft and account takeover, cyber-attack, ‘card not present’ fraud and scams.
- The largest proportion of respondents globally said that the total cost, average cost and volume of internal employee fraud detected stayed the same or decreased. This may not, however, present a true picture of the cost of internal fraud with some external frauds originating from someone working inside the bank.
- Over half of respondents recover less than 25 percent of fraud losses; demonstrating that fraud prevention is key. Banks are investing in new technologies towards fraud prevention.
- In every region, and in Australia, banks surveyed considered the most significant challenge in fraud risk to be cyber-attacks. Fraudsters are obtaining customer data through hacking, in social engineering attempts where fraudsters manipulate individuals to divulge personal information, on the dark web and through criminal networks following data breaches.
- Customers are key in the prevention and detection of fraudulent activity on their accounts, particularly to reduce scam losses. More should be done to educate customers about fraud and scams.
- Open Banking is considered an emerging challenge in fraud risk, with banks across the globe getting ready to open their doors to third parties to access their customer data.
Australian banks are closely watching the UK, which launched a Contingent Reimbursement Model Code for Authorised Push Payments Scams on 28 May 2019 (the Code). Banks who have opted in to this code may reimburse scam victims in certain circumstances where the bank and the customer have met the conditions set out in the Code. As at 24 June 2019, eight UK banks have opted into the Code.
Natalie Faulkner said: “In terms of banking fraud, there are differences in how banks globally manage the risk of scams experienced by their customers, with some Australian banks setting up anti-scam departments in parallel with anti-fraud. More sophisticated fintech providers are emerging with capabilities to help Australian banks better identify, mitigate and manage risk.”
KPMG’s Global Banking Survey was conducted between November 2018 and February 2019 across 43 retail banks, 13 of which are in the Asia-Pacific, 5 in the Americas and 25 in Europe, the Middle East and Africa (EMA) region. 18 have annual revenues in excess of US$10 billion and 31 employ more than 10,000 people across the globe..
Respondents were asked about trends in fraud typologies, challenges they are facing in mitigating threats, security in a digital age and how they are structuring their teams and deploying resources to optimise their fraud risk management efforts.