It’s easy to understand why fraudsters often target financial institutions. After all, banks are where money is deposited and withdrawn.
What’s less well-understood, though, is how bank fraud occurs, and how often it happens.
According to a 2024 report by Alley, bank fraud is a growing concern. Half of banks, credit unions, and fintech companies surveyed report a rise in bank fraud targeting business depositors, while two-thirds of those surveyed note an increase in consumer bank fraud over the last year.
But how significant is the problem at a baseline? In one word, very.
35% of financial institutions said they experienced over 1,000 fraud attempts in the past year, while 10% of respondents reported over 10,000 fraud attempts. To make matters worse, even a single successful attempt can result in devastating fraud losses. Of the financial institutions surveyed, 25% reported over $1 million in fraud losses.
Nor are these losses isolated to banks themselves. When bank fraud occurs, the entire ecosystem — from issuers and acquirers to merchants and consumers — are harmed as well. In fact, according to Bankrate’s Financial Fraud survey, 34% of Americans said they were victims of financial fraud in 2024. Of those, 37% said they lost money.
In this article, we’re going to take a closer look at bank fraud. We’ll examine what it is and how it works, and also take a look at what merchants can do to identify, prevent, and respond to bank fraud.
Bank fraud occurs when criminals use deceit to steal money or assets from a financial institution.
Merchants are especially susceptible to bank fraud because they lie at the confluence of payments and customer interaction. This gives fraudsters numerous opportunities to attack. To make matters worse, bank fraud can sometimes result in chargebacks, which can cause sellers to incur chargeback fees and lose both revenue and inventory.
Read MoreModern-day bank fraud employs sophisticated tactics that are often aimed at exploiting vulnerabilities possessed by merchants.
Common schemes include business email compromise (BEC), where fraudsters impersonate trusted figures to authorize fake payments, and merchant account takeovers, where criminals gain direct access to steal funds or data.
Another prevalent bank fraud tactic is ACH origination fraud, which exploits the automated clearinghouse (ACH) network’s batch processing and other features to illicitly pull funds from accounts.
Read MoreOne-quarter of FIs reported bank fraud losses in excess of $1 million in 2024. This is happening as fraudsters adapt to new security measures and exploit emerging vulnerabilities in digital banking infrastructure.
The true cost of bank fraud extends well beyond reported losses to FIs, though. Bank fraud creates cascading financial consequences that ultimately impact merchants and the broader eCommerce ecosystem.
Read MoreBank fraud can cause tens of millions of dollars worth of fraud losses when it occurs. Financial institutions and businesses are commonly targeted by large and difficult-to-dismantle fraud rings that can operate with impunity for years without being detected or brought to justice.
However, if caught, bank fraudsters face severe penalties, including six- or seven-figure fines and prison sentences lasting a decade or more.
Read MoreMerchants can identify potential bank fraud by looking for several red flags in customer behavior and account activity.
Transactional warnings include unusual payment patterns, multiple failed payment attempts, mismatched billing and shipping information, and urgent rush orders.
Other indicators involve account activity, such as unexpected password resets or logins from strange locations, and communication red flags, like urgent language or pressure to bypass normal procedures.
Read MoreWhen bank fraudsters strike, merchants must respond quickly and methodically to contain the damage. Before doing anything else, sellers should freeze the compromised accounts and document the incident.
Afterwards, merchants will need to contact their financial institution, file reports with law enforcement, and communicate with affected customers. Finally, businesses should review and strengthen their security, explore insurance claims, and analyze the incident to prevent future occurrences.
Read MoreA proactive stance against fraud, coupled with a multi-layered defense, is the most effective way to combat bank fraud.
For example, this involves deploying strong payment verification protocols like multi-factor authentication and velocity checks to validate transactions at checkout. Establishing stringent internal controls, such as dual approval for payment changes and regular employee training, can likewise help sellers protect themselves from internal and external threats.
Lastly, leveraging technology solutions like fraud detection software and tokenization can help merchants attain end-to-end payment security.
Read More
With bust-out fraud, criminals use stolen or counterfeited data to obtain a credit card, then use those credentials to build a good credit score and open more accounts. At some point, they max out the cards and disappear.
Since credit cards come with limited or no liability for theft, issuers will need to reimburse cardholders. However, they typically try to recoup those costs from merchants. If the cardholder files a chargeback over the stolen funds, everything will fall on the merchant.
Most bust-out scams are built around stolen Social Security numbers, typically acquired through phishing or purchased in bulk off the dark web.
With diligence, some cases can be stopped by banks or card processors. The fraud is nearly impossible to recognize on the merchant level, but monitoring purchases for unusual activity may help detect fraudulent activity.
An example of a bust-out credit card scheme is a scenario where a scammer uses a synthetic identity to open a credit card account, uses it normally to build up credit, and then finally maxes it out and disappears.
Sudden changes in activity, inconsistent information, over-ordering, requests for expedited shipment, or excessive return requests can all be warning signs that a scammer may be about to “bust-out.”
eCommerce merchants can prevent bust-out by instituting strict identity verification at onboarding by using tools like biometric authentication and liveness checks. In addition, sellers should deploy machine learning behavioral analytics and require multi-factor authentication (MFA) verification at checkout.
