The rising tide of fraud: How fintechs can fight back

Shahar Ronen
Product Manager

Shahar is a product leader who helps companies fight fraud and reduce risk with data and machine learning.

“Fintech devastated by fraud.” “Company announces customer data breach.” 

These headlines are all too familiar. Are they scary? Yes. Are they helpful to your business? Frankly, no. For risk leaders, the only constant is that fraudsters are always out there. Always changing. 

Having spent the last 5+ years helping companies fight fraud, I was curious to see what my fellow risk leaders are dealing with day to day—beyond direct monetary losses. To do that, we surveyed 250 senior risk leaders. Here’s a closer look at what we found. 

Today’s fraud is a moving target 

The rise of fraud rings, new tactics, and abuse of AI are all giving fraudsters an edge. So it’s not surprising that the majority of risk leaders say three things are on the rise:

1. Volume of attacks

2. Variety of attacks 

3. Sophistication of attacks 

The usual (fraud) suspects…

While the variety and sophistication of attacks are increasing, risk leaders are still tackling familiar forms of fraud. First-party fraud, identity theft, and payment fraud are the most common types of fraud risk leaders encounter. 

These are followed by account takeovers and synthetic identity fraud. However, we estimate that synthetic identity fraud is much more prevalent than reported because an estimated 95% of synthetic identities aren’t detected during onboarding. 

Too much of a good thing 

It’s not just fraudsters contributing to complexity. Many risk leaders have overflowing tech stacks: nearly half (42%) use four or more vendors. More tools means more work to go around, from analyzing findings to ongoing maintenance. 

Disparate tools can also make getting a bird’s eye view of fraud challenging. A third (29%) of risk leaders find it hard to access shared insights across tools, which can create data silos and security gaps over time. 

So risk teams have a problem. They need to up their defenses against more elusive, complex fraud without overcomplicating their approach. 

Fraud is expensive, but so is fighting it 

On average, fintechs lose 1.7% of their annual revenue to fraud every year—with smaller firms losing an even higher rate (2.2%). However, it’s not just immediate losses that make fraud costly. 

Take ACH fraud, for example. On the surface, the cost of ACH fraud is usually calculated by summing up the total amount of return losses that can’t be salvaged via collections. But there’s more to factor in:

• The processing fees attached to every return and transaction

• The cost and time spent on manual reviews

• The lost revenue from unprocessed transactions and unfinished sign-ups 

Over a third of risk leaders (35%) are spending more than $500,000 on anti-fraud annually, and these investments are only increasing. So, what does it take to mitigate the true cost of fraud without spending so much you fall behind?

Start where it hurts the most

First, identify where you’re experiencing the most fraud and associated costs. For example, many companies I work with see high losses from returns. If their biggest issue is losses from NSF returns, a good starting point is to hold the funds for two banking days until the return window closes.

If their biggest problem is dealing with the rarer but more costly unauthorized returns, they should start by canceling transactions with indicators of fraud or stepping up friction for risky transactions. An effective way to do both is by using Plaid Signal’s instant risk scoring to flag risky transactions while processing the low-risk ones without added delay. 

Safeguard the entire customer journey 

Once you remove the immediate risk to your company’s cash flow, you can tackle the next challenge. You can use the Signal scores to increase user engagement by offering near-instant funding to non-risky transactions. Or you can move appropriate friction up the funnel to block bad actors from the start: use Plaid Identity Verification's identity checks at sign-up and confirm that customers own the financial accounts they link with Plaid Identity Match. 

By securing sign-up, account linking, and account funding, you can control (and balance) the user experience and risk at key steps of the user journey. Then, you can reinforce your anti-fraud measures and expand the risk signals you analyze to include sources outside of in-house data. 

Set up ongoing monitoring to detect when identities are associated with fraud on other platforms or suspicious account activity indicating an account takeover. Then, of course, monitor transactions to prevent costly returns. 

Today’s anti-fraud goals aren’t tomorrow’s

Fraudsters are constantly changing. That means how you fight them and measure the effectiveness of your anti-fraud efforts should evolve too. Regularly re-evaluate your approach and the results you’re seeing. Doing this can help you identify what strategies to continue investing in and the ones that require rethinking. 

Strengthen your risk program with Plaid

Plaid’s fraud prevention solution stops fraud earlier, faster, and in more places. With a partner like Plaid, you benefit from our reach across the thousands of apps and services to stay ahead of threats. 

From knowing your customer to assessing the riskiness of transactions, Plaid can help you lower fraud without hurting the customer experience. 

Keep reading about fraud awareness

• The key to fighting fraud at scale