Safeguarding Neobanks: Fraud Prevention Tools & Comprehensive Techniques

Neobanks and digital banks are low-hanging fruit for fraudsters. What makes them such an attractive target?

It's a combination of factors.

1. Often smaller companies do not yet have comprehensive fraud, AML or risk management tools and teams in place.
2. They tend to be digital only. They do not have traditional branches. This new approach is convenient and accessible. But, it also adds new fraud risks.
3. Often the incentive to onboard and activate users as quickly as possible leads product teams to remove friction, done the wrong way, this can dramatically worsen fraud and AML risk. 
4. Some (not all) may also lack the experience of fraud or AML in their new product segment.

This combination makes them an attractive target for fraudsters and criminal networks. As a consequence, Neobanks tend to be very high risk as a category, especially in their first years of operations.

It’s common for these criminals to attack new programs or those that focus on digital-first account opening. But there’s more to the story than just these vulnerabilities.

Neobank fraud is complex. 

And it’s not just fraud.

What starts out looking like fraud, could actually be money laundering. 

Solving Neobank fraud and money laundering requires a deep understanding of the many methods used by fraudsters. This article will explore the most common types of fraud targeting neobanks. It will also cover the challenges they face in stopping these frauds.

But first, let’s investigate the various fraud tactics that are currently wreaking havoc in the neobank sector.

Neobank fraud risk throughout the customer journey

Here’s the thing: Each type of fraud requires a tailored approach to detection and prevention.

A one-size-fits-nobody strategy is ineffective. The risks a prepaid program for migrants might see is very different to a business in spend management, remittance or earned wage access.

The additional complication for Neobanks is that what starts as fraud risk, can turn into a significant AML compliance issue later down the line.

Consider the different stages of your customer journey:

• Onboarding: Fraudsters create fake accounts using stolen or synthetic identities.
• Funding: Initially linking payment instrument & loading funds onto account
• Login: Credential stuffing, account takeover, scams targeting legitimate accounts.
• Deposits: Fraudulent deposits using stolen or counterfeit checks, bank accounts.
• Withdrawals: Unauthorized withdrawals, Transfers to accounts in restricted regions
• Issuing: Fraudulent use of issued cards
• Transactions: Card-not-present (CNP) fraud, credit bust-outs, non-sufficient funds (NSF) fraud, and ACH return code abuse.
• Compliance: Fraudsters leverage weak compliance measures to facilitate money laundering and bypass Anti-Money Laundering (AML) controls.

The attack patterns, data we use to detect, and challenges all vary. Understanding these details helps us use targeted defenses, so this knowledge is crucial.

Fraud and Compliance leaders are trying to keep up with the speed of fraudsters. The sophistication and sheer scale of attacks is overwhelmingly increasing. 

But with all of the advancements in technology, we find ourselves still heavily focusing on the familiar types of fraud. Some that won’t go away, and some that are coming back fast.

Let’s break down common risks and the warning signs associated with each type of fraud in the customer journey. Some of these may not be a surprise, but skipping over them would put our customers at risk.

Onboarding

Identity Theft

Fraudsters use stolen personal information to create new accounts in the names of real individuals. These accounts are then used for fraudulent activities or to launder money.

Warning Signs:

• Personal information that does not match credit records.
• Multiple accounts created using the same personal details.
• High volume of new accounts with similar personal information.

Fake Businesses

Fraudsters create fake business entities to open accounts and facilitate fraudulent transactions. These businesses do not exist in reality but are used to manipulate financial systems. This is a particular risk for B2B companies who may believe they "have no fraud" but actually have money laundering that appears to be legitimate transactions.

Warning Signs:

• Business registration details that do not match official records.
• Multiple accounts linked to the same business address or contact information.
• Unusual or inconsistent business activities compared to legitimate businesses.

Synthetic Identities

Fraudsters combine real and fake information to create entirely new identities. These synthetic identities are used to open accounts and carry out fraudulent transactions.

Warning Signs:

• Inconsistent or unusual data in account applications.
• Accounts with minimal initial activity followed by a sudden spike in transactions.
• Multiple accounts created with variations of the same personal information.
• Match any linked accounts at onboarding to the users name (Account to Name match).

Login

Account Takeover (ATO)

Fraudsters gain unauthorized access to a customer's account through phishing, credential stuffing, or social engineering. Once they have control, they can make unauthorized purchases, change account details, or withdraw funds.

Warning Signs:

• Sudden changes in account information (e.g., email address, password).
• Logins from unfamiliar devices or locations.
• Unusual purchasing behavior from an established account.

Credential Stuffing

Reusing stolen credentials to gain access to user accounts across multiple platforms. With the increasing frequency of data breaches and big data leaks in the news lately, pressures from credential stuffing is expected to grow. 

These recent data breaches allow bad actors to easily test and access numerous accounts. We’ve built a free service in Sonar to check for this risk. The new red flag service will check if an account’s credentials exist on the dark web and return a “true” if they’re found. 

When added to these warning signs, we hope this helps manage risk of compromise.

Warning Signs:

• Multiple failed login attempts in a short timeframe.
• Logins from various locations for a single account.
• High rate of account lockouts due to failed login attempts.

Transactions

Card-Not-Present (CNP) Fraud

CNP Fraud occurs when fraudsters use stolen credit card information to make purchases without physically presenting the card. This type of fraud is prevalent in online transactions, making it a significant concern for neobanks.

Warning Signs:

• High-value transactions from new or recently created accounts.
• Multiple purchases in quick succession using different credit cards.
• Orders placed with mismatched billing and shipping addresses.

Credit Bust-Outs

Credit bust-outs involve fraudsters opening accounts, establishing good credit by making small purchases and timely payments, and then maxing out the credit limits before disappearing.

Warning Signs:

• Accounts showing a pattern of small, consistent purchases followed by large, sudden expenditures.
• New accounts with rapid increases in credit usage.
• High-value purchases made just before account activity ceases.

Non-Sufficient Funds (NSF) Fraud

NSF fraud involves fraudsters making payments or withdrawals from accounts with insufficient funds, exploiting delays in the transaction processing system.

Warning Signs:

• A high volume of transactions with insufficient funds.
• Payments that are reversed or declined shortly after being processed.
• Patterns of transactions from accounts with poor financial histories.

Account Funding (ACH Fraud)

ACH return codes are used by banks to indicate the reason a transaction was returned or failed.

Warning Signs:

• High frequency of transactions with return codes indicating insufficient funds (R01) or account closed (R02).
• Repeated use of return codes associated with unauthorized debits (R05) or administrative returns (R29).
• Patterns of transactions with specific return codes that indicate possible fraud.

Scams

Scams involve fraudsters deceiving victims through various tactics, such as romance scams and investment scams, to obtain money or sensitive information.

Warning Signs:

• Unusual or large transfers to personal accounts, often overseas.
• Sudden changes in transaction behavior, such as an increase in the number of international transfers.
• Large sums of money being transferred to unfamiliar investment accounts.

Compliance

Money Muling

Money Muling involves using individuals (mules) to transfer illegally obtained money between different accounts, often to obscure the origin of the funds. Neobanks, with their seamless transaction processes, can be particularly vulnerable to this type of fraud.

Warning Signs:

• Unusual account activity involving frequent transfers.
• Accounts receiving funds from multiple sources followed by rapid withdrawals.
• Customers who seem unaware of the transactions occurring in their accounts.

Anti-Money Laundering (AML)

Fraudsters attempt to bypass controls to launder money through neobank accounts. This involves layering and integrating illicit funds to make them appear legitimate. (See our full guide to AML here)

Warning Signs:

• Large or frequent transactions inconsistent with normal account activity.
• Transfers to and from high-risk jurisdictions.
• Accounts with sudden increases in transaction volumes.
• Patterns of activity that match known money laundering techniques, such as structuring (breaking large transactions into smaller ones).
• Business sanction screening and KYB?

Overcoming neobank fraud challenges

Neobanks face several unique challenges in their efforts to prevent fraud. These challenges require the right balance of modern technology, AI, and your human intelligence.

High Transaction Volumes and Speed

Neobanks process thousands of transactions every minute. It's nearly impossible to manually monitor for fraud. To tackle this challenge, implementing advanced technological solutions is essential.

Example 1: Your system alerts you about large transactions from a new account. With real-time alerts, you can freeze the account right away and prevent any significant financial loss.

Example 2: Your product team just releases a new instant payout feature you didn’t know about. An account seems legitimate. But, it suddenly makes high-value international transfers and instant payouts. The machine learning model flags this unusual behavior, and you discover it's a case of dormant account bustout. The system picks up subtle changes in transaction behavior. They show how well real-time transaction monitoring and machine learning can be in detecting fraud.

Recommended Solutions:

• Implement real-time transaction monitoring systems to flag suspicious activities as they occur, like numerous small transactions followed by larger purchases.
• Use machine learning models to analyze transaction patterns and detect signs of stolen card usage, such as sudden spikes in transaction volume or geographically inconsistent transactions.

Limited Physical Presence and Customer Interactions

Neobanks lack physical branches and face-to-face interactions. 

So, they must rely solely on digital methods for customer verification and interaction. Relying on technology has a downside. It brings convenience, but also fraud risks.

Example 1: A fraudster uses stolen personal information to open an account online. Without physical verification, it becomes challenging to determine the legitimacy of the identity. Advanced digital verification methods, such as biometric verification, can mitigate this risk by adding an extra layer of security.

Example 2: A legitimate customer whose account is taken over by a fraudster through social engineering. Without face-to-face interaction, detecting such takeovers becomes difficult. Implementing behavioral analytics helps in identifying unusual account activities and interactions. Flagging potential fraud.

Recommended Solutions:

• Enhance digital verification processes with step up flows that require document verification, selfie-likeness, or enhanced due diligence (EDD)
• Trigger enhanced due diligence (EDD) checks in high risk events like a transaction happening out of country (Sardine users can trigger an alert for the review queue, and Neobanks can push their customers to submit any additional documentation required automatically)
• Employ advanced behavioral analytics to detect unusual patterns in customer interactions and activities.

Dynamics between Fraud and Compliance Departments

Fraud prevention in neobanks requires a delicate balance between detecting fraudulent activities and ensuring regulatory compliance. The relationship between fraud and compliance departments is crucial in achieving this balance. The increasing real time nature of fraud and payments demand real time transaction monitoring. 

Example: Your fraud team identifies money laundering being performed on your platform. The team quickly develops a strategy to detect and prevent this activity. However, to comply with Anti-Money Laundering (AML) regulations, the strategy must also ensure that any suspicious activity is reported through Suspicious Activity Reports (SARs). Collaboration between the fraud and compliance teams ensures that the new measures are effective in detecting the fraud and compliant with SAR filing requirements.

Recommended Solutions:

• Screen and continuously monitor users for global watchlist hits that cover sanctions, Politically Exposed Persons (PEP), Specially Designated Nationals (SDN), and Adverse Media.
• Perform customer due diligence (CDD) and enhanced due diligence (EDD), including KYC, KYB, document verification, behavior biometrics, and ongoing monitoring.

How Sardine thinks about building a Neobank fraud strategy

At Sardine, we specialize in fraud prevention. We provide solutions designed by operators for operators. We understand the unique challenges and pressures that developing a comprehensive fraud strategy places on your business and your fraud team.

Here’s how we think about a Neobank fraud strategy.

1. Building a deep partnership with your bank is crucial

Banks are ultimately responsible for fraud and AML risk to the regulator. Any Neobank is an extension of the bank and is responsible for ensuring their policies are correctly applied. This requires a high degree of trust, corporation, and alignment on process and documentation. 

Neobanks who fail to build this relationship can find themselves “de-risked” where a bank will exit a relationship. This will force a potentially massive business interruption or worse, result in the product no longer being able to onboard customers. 

2. The entire customer journey matters

A user may appear low risk at account creation but later exhibit suspicious behavior, such as unusual transaction patterns or sudden changes in account activity. Continuous monitoring is essential because user risk can evolve over time. Your data and monitoring need to adapt accordingly.

By taking key signals from across a user journey you can baseline good vs bad behaviors. This allows you to apply friction only when its absolutely needed.

3. All fraud problems are data problems

Every user login, key tap and transaction is a clue to what is happening behind the web or mobile screen. Good users tend to behave consistently, whether that’s when and how they login, the transactions they make or the products they buy. Conversely, fraudsters always have a tell. It could be any one of 1,000s of different data points that give it away.

The more data a Neobank is able to collect, review and build rules and machine learned models around, the stronger their defenses will be. 

4. Fraud & Compliance are nearly always linked

What starts as fraud often is an early sign of money laundering. For example a user may commit chargeback abuse on an e-commerce website for high value items, before sending that money on to a criminal network to pay for a “crime guide.” We also see examples where an account takeover (fraud) can be performed by malware on 100s or 1000s of users. These accounts quietly move money on behalf of criminal enterprises.

The industry default was to use different systems and databases for fraud and money laundering challenges. While the KPIs and nature of the challenge differs, building a single view, single transaction monitoring capability is now considered best practice.

5. Fraud, Compliance and Cybersecurity need to collaborate

Account takeovers and bots are often best addressed by cybersecurity, who in daily operations rarely interact with their fraud or compliance counterparts. It’s very rare a Neobank application is hacked but often the deep fakes, bots and bad users are able to manipulate web and mobile applications as users. 

6. Network stand-in solutions are rarely enough by themselves

Card networks like Visa and Mastercard provide network risk scores that are aggregated across their entire customer base. These are important, but often indicative of a general risk level of transactions. However, such a wide dataset often misses context about pre-authorization user activity, or anything that happened after (e.g. the user completed your step-up verification process).

Every issuer has a unique fraud and compliance threat risk, and needs to customize their risk appetite accordingly. This creates better experiences for good users and proves much more effective at detecting fraud and AML.

7. Better UX can create better fraud detection

Neobanks are increasingly using things like access to Apple Pay and Google Pay to help validate and activate a new physical card. When a good customer receives a card, they will receive it to their registered address and tap it against their device, often while at the registered address. Each of these features adds additional security and confidence while a customer is still early in the process.

Another example, we’re seeing Neobanks build specific features like “trusted locations” where if their device is at home or the office, the app unlocks higher limits for sending money. Innovating on user experience can over time, reduce the amount of support call volume, fraud losses and build customer trust.

Key Takeaways for Neobank Fraud Defense

Understanding neobank fraud is crucial. Senior fraud and compliance professionals must use effective strategies to protect their platforms and improve their outcomes.

1. Fraud risk assessment - Audit: Assess and understand the specific fraud risks your organization faces. Getting to the root cause helps define policies, processes and tools that create better outcomes. B2B companies may see more fake businesses, while prepaid programs may have a higher risk of mule activity.
2. Recognize your unique warning signs: Become proficient in identifying the unique warning signs of different types of neobank fraud. We’ve given you some starter examples in this piece, but new ones appear all the time, and these are just a sample. 
3. Get good at creating, testing and implementing new fraud detection methods: We see that fraud and AML teams are increasingly building their own rules, routines and automations. Performing this in a no-code environment, quickly testing, and then pushing production can save 1000s of hours of trawling through spreadsheets from payment networks data.
4. Build a comprehensive fraud strategy: Develop and implement a thorough fraud prevention strategy that leverages modern technology, AI, and your human intelligence.

Navigating neobank fraud requires a comprehensive approach that balances technology with humans. If you're looking to improve your neobank's fraud prevention program, contact our experts today.

‍