Published: 29 May 2024
Contributors: Gregg Lindemulder, Matt Kosinski
Fraud detection is the process of identifying suspicious activity that indicates criminal theft of money, data or resources might be underway. It is commonly performed by fraud detection software that monitors transactions, applications, APIs and user behavior.
From credit card theft to investment scams, account takeovers and money laundering, fraud is a widespread problem. The Association of Certified Fraud Examiners (ACFE) estimates that US businesses lose an average of 5% of their gross annual revenues to fraud.1 The Federal Trade Commission (FTC) found that US consumers lost more than USD 10 billion to fraudsters in 2023.2
Because of fraud’s significant impact on individuals and the economy, fraud detection is considered an essential capability in transaction-intensive industries such as e-commerce, banking, insurance, government and healthcare.
Get essential insights to help your security and IT teams better manage risk and limit potential losses.
Fraud detection is important because of the costs and consequences businesses face without it. In addition to financial losses, fraudulent activities can cause reputational damage, business interruptions and lost productivity. Firms that don’t provide fraud protection also risk negative customer experiences that can affect loyalty and lead to turnover.
Beyond the business benefits, fraud detection may also be required by law. Insurance providers, financial institutions and others can face regulatory mandates to detect and prevent fraud. Noncompliance could bring penalties and fines. For example, US federal regulators fined the Bank of America USD 225 million for a faulty fraud detection system during the COVID-19 pandemic.3
Within the broader context of cybersecurity planning, fraud detection is often seen as an important component of fending off cybercrime.
Register for the X-Force® Threat Intelligence Index
Many organizations have a dedicated fraud prevention team. Before implementing a fraud detection system, this team often performs a risk management assessment. This assessment helps determine which functional areas of the business might be the targets for different types of fraud.
The fraud prevention team assigns risk scores to each fraud risk to determine which pose the greatest threats and should be prioritized. Risk scores typically measure how likely a threat is to occur and how much damage it might do.
The team then evaluates the fraud prevention measures and fraud detection solutions that it can use to address fraud threats based on their type and severity. The most common fraud detection techniques include transaction monitoring, statistical data analysis and artificial intelligence.
Transaction monitoring
For many businesses, the most obvious place to search for potential fraud is among financial transactions. Transaction monitoring tools automate the process of fraud detection by monitoring and analyzing transaction data workflows in real time. These tools can perform identity verification and account authentication to interrupt fraudulent transactions as they happen.
Transaction monitoring tools might also use anomaly detection to uncover unusual patterns or behaviors that require further investigation. Variables such as purchase frequencies, number of transactions, geographic locations of users and the monetary value of transactions help distinguish normal activity from potentially fraudulent behavior.
Statistical data analysis
Fraud detection doesn’t always take place in real time. Statistical data analysis can uncover fraud long after it has taken place through the auditing of historical data.
Fraud investigators use techniques such as data mining, regression analysis and data analytics to identify and isolate fraud patterns in large datasets. Probability distributions and data matching can help investigators determine where and when fraud has already happened or will likely take place in the future.
By adding fraud metrics and data points to charts, graphs and other visualizations, investigators can help even nontechnical users understand fraud threats across their organizations.
Artificial intelligence
Many organizations now use artificial intelligence and machine learning to accelerate and improve their fraud detection capabilities.
A neural network, which is a type of machine learning model, can monitor transactions, analyze data and detect (or predict) fraudulent behavior faster and more efficiently than traditional fraud detection techniques.
In addition, machine learning algorithms can stay on top of evolving fraud trends by continuously learning from new data. One study estimates that the number of organizations that use these technologies to fight fraud will nearly triple by 2026.4
Credit card fraud: One of the most common use cases for fraud detection. Credit card fraud occurs when an unauthorized user obtains someone else’s credit card information and uses it to purchase goods or services or withdraw funds. Often, the authorized card user discovers the theft and is issued a chargeback. The merchant loses both the product or service and the purchase cost, and the issuing bank might levy a chargeback fee.
Account takeovers: This type of fraud can be the result of identity theft, hacking or a successful phishing email. A criminal obtains the login credentials of a user account and uses that account to make fraudulent transactions. Targets include bank accounts, online merchants, payment vendors, government services and online gambling sites.
Payment fraud: An umbrella term for fraudulent transactions that were conducted by using stolen or counterfeit payment information. Fraudsters might use fake checks, hijacked electronic fund transfers, stolen credit card information or fake user accounts to commit payment fraud.
Money laundering: Money laundering is the process of “washing” illegally obtained funds so they can be used for legitimate purposes, with no way to trace the funds back to their criminal source. Fraudsters often use money laundering to conceal the money they have stolen from fraudulent transactions.
Insider fraud: Anyone within an organization that is familiar with its IT systems, processes, data and security protocols could be an insider threat. Employees, contractors, business partners and vendors might commit insider fraud for monetary gain or intellectual property theft.
Generative AI
Generative AI tools can provide fraudsters with convincing content to deceive fraud detection software and fraud investigators. Criminals can use gen AI to produce business documents, emails, voicemails, videos, account applications, texts and other content that appears legitimate.
As generative AI fraud expands, organizations will need to develop new strategies to defend against this threat.
False positives
Fraud detection systems that generate excessive false positives can create negative business consequences. Legitimate customers who are flagged for potential fraud might take their business elsewhere.
False positives can slow normal operations, increase fraud investigation costs and tax limited resources. Optimizing fraud management tools and processes to address vulnerabilities without impacting productivity or revenue can be challenging.
Complex transactions
Online apps and other tools that simplify complex transactions can also make it easier for fraud to slip through.
Digital credit card applications, loan approvals, currency trading and other financial services transactions might have multiple points of vulnerability that can be exploited by fraudsters. It can be difficult to balance the need to make things easy for customers with the enforcement of safeguards on backend processes.
A changing threat landscape
Fraudsters continually learn from their mistakes and adapt their methods to overcome even the most sophisticated fraud detection systems. In some cases, fraud groups are funded by multi-national criminal organizations that recruit highly skilled hackers.
In 2024, the China-based fraud ring BogusBazaar created 75,000 fraudulent e-commerce websites that collected nearly USD 50 million in bogus orders. The fraudsters also stole the credit card information of more than 850,000 people.5
Effective fraud detection requires the ability to stay current with evolving fraud tactics and threat actors.
Data privacy regulations
If an organization collects personally identifying information (PII) from its customers, that data will likely become a target for cybercriminals who want to use it to commit fraud.
At the same time, data privacy laws can put certain limitations on accessing this data. These mandates could put an organization at a disadvantage if it needs to use that personal data to detect fraudulent behavior.
Simplify fraud prevention and create a positive user experience with frictionless, continuous authentication.
Protect data across hybrid clouds, simplify regulatory compliance and enforce security policies and access controls in real time.
Authenticate customers, detect fraud and protect against malicious users across all channels.
Learn why KuppingerCole named IBM Security Trusteer an overall leader, product leader, innovation leader and market leader in the fraud reduction intelligence platform space.
Phishing attacks use fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data, downloading malware or otherwise exposing themselves to cybercrime.
Scareware is a type of social engineering scam that uses fear to trick people into downloading malware, losing money or handing over personal data.
Footnotes
All links reside outside ibm.com
1 ACFE Report to the Nations: Organizations Lost an Average of More Than USD 1.5 Million Per Fraud Case. Association of Certified Fraud Examiners. 20 March 2024.
2 As Nationwide Fraud Losses Top USD 10 Billion in 2023, FTC Steps Up Efforts to Protect the Public. Federal Trade Commission. 9 February 2024.
3 Federal Regulators Fine Bank of America USD 225 Million Over Botched Disbursement of State Unemployment Benefits at Height of Pandemic. Consumer Financial Protection Bureau. 14 July 2022.
4 2024 Anti-Fraud Technology Benchmarking Report. Association of Certified Fraud Examiners.
5 Nearly a million victims hit by massive BogusBazaar campaign. TechRadar. 9 May 2024.