Fraudsters invited into bank branches
The days of sending an invitation in the mail have for the most part gone by the wayside. Aside from special invitations for weddings and milestone anniversaries, electronic and email invitations have become the norm. However, one major party planner has refused to change practices — banks inviting fraudsters into their banking centers.
As a fraud consultant I have the privilege of meeting many banking professionals, and I hear the same issues and struggles over and over again. It’s clear that the rapid increase of fraudulent account-opening applications are top of mind to many. What the executives making policy don’t realize is they’re facing fraud because they’re literally inviting the fraudsters into their branches. Think I’m exaggerating? Let me explain.
I often encounter bank policymakers who explain their practice of directing a suspicious person into a banking center. Yes, many banks still direct applicants who cannot be properly verified over the phone or online into their banking center to show proof of identity. Directing or inviting criminals into your bank instead of trying to keep them out is an outdated, high-risk practice — what good can possibly come of it?
The argument I typically hear from non-fraud banking professionals: “The bad guys know that if they come into the bank we will have them on film.” Other arguments include that the bad guys are not typically bold enough to actually come into the banking center or that their physical security guards monitor high-traffic banking centers. But often that is where bank policies and employee training ends.
Based on my years of experience dealing with banks of all sizes, from the top three global card issuers to small regional banks, let me poke a few holes in the theory that it is a good deterrent to invite perpetrators into your banking center.
Let’s role-play how my conversation goes:
Me: “When an underwriter with limited fraud training making the decision to direct a suspicious applicant into a banking center, what is the policy criteria to do so?”
Bank policymaker: (typical response) “What do you mean?”
Me: “What high-risk authentication was used by the underwriter to make the decision to extend an invitation to a high-risk applicant to come into the banking center? If the applicant failed your high-risk authentication questions and you were not able to properly identify them, what authentication tools do the branch managers have that the underwriters do not?”
Bank: “Nothing, but they can usually tell when someone is nervous or seems suspicious.”
Me: “Then what training do they receive to identify suspicious behaviors?”
(You guessed it …)
Bank: “None.”
(I then switch to the importance of customer experience.)
Me: “How do you notify the banking center in advance that the suspicious applicant was invited to come in to provide additional verification?”
Bank: “We do not have a policy to notify the banking center in advance.”
Me: “What is considered acceptable documentation? And are banking center employees trained on how to review utility statements, state ID cards, drivers’ licenses or other accepted media?“
Bank: “We do not have a list of acceptable documentation that can be used for verification; it is up to the discretion of the banking center representative.”
Me: “How do you ensure the physical safety of your employees and customers when you knowingly invite fraudsters and criminals into your banking center? How do you turn down or ask the suspicious person to leave because they do not have sufficient documentation to move forward with the original application for credit? If a suspicious person provides your employee with a possible stolen identification card, is that employee expected to keep it and notify police or return it to the applicant? Are employees expected to make a photocopy of the documentation provided?”
The response that I usually receive is, “I am not really sure.”
I hope by now you are seeing the risk of these types of outdated practices on suspicious credit applications. The fact is that technology has allowed criminals to make fairly convincing identification at a very low cost. If employees in banking centers are not equipped, properly trained, and well-documented procedures do not exist in your fraud program — perhaps it’s time to reconsider the practice or seek the advice of industry experts.
I have spent two decades trying to keep bad guys out of banks, but I can’t help but wonder — why do some still send open invitations to criminals to come visit their bank? If you are not yet ready to stop this type of bad behavior, at the very least you must develop comprehensive end-to-end policies to properly handle such events.
This fraud prevention tactic to invite perpetrators into banks was adopted long before the age of real-time decisions, robust fraud scores, big data, decision analytics, knowledge-based authentication, one-time passcodes, mobile banking and biometrics. The world we bank in has changed dramatically in the past five years; customers expect more and tolerate less. If a seamless customer experience and reducing account-opening and first-party fraud are part of your strategic plan, then it is time to consider Experian fraud solutions and consulting.