Mitigating fraud in financial institutions

Help clients become more difficult targets

Mitigating fraud in financial institutions

Cyber

By

This article was provided by Travelers Europe.

We’re living in times that are ripe for financial crime. The strains of the current macroeconomic environment can drive people to take money that isn’t theirs - and advances in technology are providing them with ever-expanding ways to do so. While these crimes still occur through traditional means, technology-supported tools such as AI, phishing, smishing, vishing, and deepfake technology are all making financial crimes easier for threat actors to commit.

These risks affect all sectors, but financial institutions, being gatekeepers to vast sources of funds, are an especially target-rich environment for fraudsters. UK Finance reported that the sector spends more than any other on fighting economic crime, including fraud. Last year, risk management measures prevented a total of £1.2 billion of unauthorised fraud alone, an increase of 7% over the previous year.[1]

Still, the risks are severe and evolving. UK Finance found that last year, the amount of money stolen through payment fraud in the UK totalled nearly £1.2 billion - and fraud in all of its forms now represents 40% of all reported crimes. Beyond the financial damage these crimes can cause, an institution may have to rebuild its reputation with clients and face time-consuming legal and regulatory consequences following a fraud.

Having procedures and controls in place to protect against these crimes is not enough to prevent them, according to Chris Muir, senior development underwriter for financial institutions at Travelers Europe.

How technology is changing the game

The expansion of AI in recent years has added a layer of complexity to fraud risk. In January 2024, fraudsters using deepfake technology were able to pose as the chief financial officer of a multinational firm and, over a video conference call, trick a finance worker from that firm into paying out over $25 million. CNN reports that even though the worker was initially suspicious of the request, his doubts dissolved when he took part in a video call about the transaction and the people in attendance during the call looked and sounded just like colleagues he recognised.[2]

Such incidents will surely become more common as generative AI grows in sophistication and threat actors find new ways to deploy it. Indeed, Deloitte’s Center for Financial Services predicts generative AI-driven fraud losses to grow significantly in the years ahead, climbing from $12.3 billion in the United States in 2023 to $40 billion in 2027.[3]

The importance of detection and prevention

In an environment where potential losses are so high, layered protections are critical - and far more effective at protecting financial institutions than any individual protection on its own. Systems that alert businesses to potential fraudulent activity, regular employee training in fraud detection and prevention (particularly for those in roles with access to accounts), and frequent audits and other checks all play a part in strengthening a firm’s safety net. Insurance is the final layer of support for an institution when other protections fail.

“Crime insurance and directors’ and officers’ liability insurance are there to defend financial institutions that experience financial fraud and protect their balance in the aftermath. Cyber insurance can also help them get back on track following an event, but it’s best for financial institutions to focus on making it more difficult for threat actors to commit the crime in the first place,” Muir said. “In the current economic climate, where margins are thin and businesses are trying to navigate difficult times, falling victim to a crime can mean the difference between a business continuing and failing. Prevention needs to be a top priority.”

What is phishing, smishing, and vishing?

Phishing: fraudulent e-mails and websites meant to steal data.

Vishing: fraudulent phone calls that induce the receiver of the call to reveal personal information.

Smishing: fraudulent text messages meant to trick the recipient into revealing data.

What is deepfake technology?  A deepfake is a video, photo, or audio recording that seems real but has been entirely fabricated or manipulated with AI.

Contact the Travelers Cyber team to learn more about how cyber protection can protect your business.

Contact the Travelers FI team to learn more about our Financial Institutions products.

This document is provided for general informational purposes only. It does not, and it is not intended to, provide legal, technical, or other professional advice, nor does it amend, or otherwise affect, the provisions or coverages of any insurance policy issued by Travelers. Travelers does not warrant that adherence to, or compliance with, any recommendations, best practices, checklists, or guidelines will result in a particular outcome. Furthermore, laws, regulations, standards, guidance and codes may change from time to time, and you should always refer to the most current requirements and take specific advice when dealing with specific situations. In no event will Travelers be liable in tort, contract or otherwise to anyone who has access to or uses this information.

Travelers operates through several underwriting entities in the UK and Europe. Please consult your policy documentation or visit these websites for full information: travelers.co.uk and  travelers.ie.

Keep up with the latest news and events

Join our mailing list, it’s free!