Sharing fraud data is hard. Two industry efforts aim to make it easier.

New York, USA - 15 February 2021: American Bankers Association ABA website in browser with company logo, Illustrative Editorial.
The ABA is testing an information-exchange network to allow banks to share their fraud data with one another. The network could launch as a pilot sometime this fall.
Adobe Stock

As banks fight to reduce rampant fraud, regulators such as the U.S. Department of Treasury have suggested that the industry needs more collaboration to catch fraudsters. But as Europe finalizes regulations that would enable just this kind of fraud data sharing, no such rules exist in the U.S.

Because of this lack of collaboration, fraudsters benefit from the fact that even if they get caught defrauding one bank, it might take their next target days or weeks to learn about it. This gives them time to carry out their next scheme.

Multiple efforts are underway from fraud detection companies, banking industry groups and others to establish data-sharing exchanges for banks looking to fight back. Among these efforts, and cited by the Treasury in its recent report touching on the fraud data ecosystem, is the American Bankers Association's fraud data exchange.

Announced in November, the idea behind the information-sharing exchange is to "allow banks to share this information amongst other banks in a near-real time manner so they can integrate this data into their payment flows, into their risk-scoring systems, to stop that money from going out," according to Paul Benda, executive vice president of risk, cybersecurity and fraud at the ABA.

On Tuesday, a spokesperson for the ABA, Sarah Grano, said the exchange is currently undergoing "technical, legal and compliance testing," with tabletop exercises to happen in "the coming weeks" to test the information exchange experience.

"If all goes well, we hope to launch the pilot program sometime this fall with a select number of member banks," Grano said. "When the exchange is fully operational, we believe it will help address some of the gaps identified in the recent Treasury report and help banks stay a step ahead of bad actors."

The primary challenge with mobilizing this type of data exchange is that there is no regulatory framework today in the U.S. specifically designed to enable banks to share fraud data with one another. That's according to Eric Woodward, one of the key architects for Early Warning Services, the company owned by multiple large banks and which owns and operates the Zelle payment network.

Woodward is now an investor in and advisor to Baselayer, a firm that centralizes identity and fraud history data from sources including governments and the open web to help business lenders mitigate fraud risk.

"You're leveraging off of regulations that were designed for a completely different purpose," Woodward said of efforts happening today to help banks share fraud data.

Financial institutions that have information on whether a previous or current customer has a history of committing fraud — particularly large institutions that have information on many consumers — are not likely to share any information with another bank that asks about a particular consumer's fraud history, according to Woodward.

This is in part because no U.S. regulation specifically enables (nor requires) banks to share this kind of data, but also because even financial institutions that are willing to share such data risk liability for sharing false information — whether that's a false fraud history for an innocent consumer, or a falsely clean sheet for a fraudster. Either the institution receiving the false information or the innocent customer could hold the provider liable.

Woodward said there are other challenges to sharing fraud data between banks, as well. Woodward is particularly critical of know-your-customer regulations, which he says you could "drive a truck through." For many consumers, all the information that a bank requires to open a new account — name, date of birth, Social Security number, even photos of drivers licenses — are available to purchase or even download for free on the black market for personal identity information.

And what of the U.S. consumers who don't have a Social Security number? The Internal Revenue Service can issue Individual Taxpayer Identification Numbers to these individuals, but what if they don't have one of those either? Perhaps they recently got a new phone number, as well, and they just moved across state lines; what if they haven't updated those items with their bank?

All told, banks can have a hard time not only verifying who exactly a consumer is but communicating with each other about which consumer is the one in question when trying to understand whether the consumer has a history of fraud. On top of it all, the actual consumer might not be guilty of fraud; someone might have stolen their identity and committed third-party fraud in their name.

Naturally, many companies exist today to help solve this problem of identity proofing — Woodward named Socure as an example, and there is Onfido, Jumio, Trulioo and many others — but there is still "no one company that ultimately people would 100% rely on" to solve their identity needs, he said, and it's because identity data is so diverse and hard to pull together.

There are also gray areas to fraud, Woodward said. If a consumer loses a sports bet and disputes the credit card transaction associated with it as a way of getting their money back, the sportsbook might not try to dispute the charge-back with the credit card company if it's a small transaction. But if they do, Woodward asked, should that prevent the consumer from securing a mortgage? Should it increase their mortgage rate?

In other words, any company that tracks a consumer's fraud history really has to track something more akin to their financial history, and many entities might have a perspective on a consumer's financial history. A consumer's bank might have a perspective on a consumer's financial behavior, but so too might the sports betting platform DraftKings if they like to bet. So too might Apple, if they use Apple Wallet or have an Apple Card.

Any company that tries to pull all that financial history information into one consumer profile — that tries to act as a source of truth on consumers' financial history — starts to look like a credit bureau, Woodward said, which would in turn be regulated by the Fair Credit Reporting Act — a regulatory framework for credit histories, not fraud histories.

Although a dedicated regulatory framework for fraud data exchange would get to the heart of the challenges many banks have with sharing fraud data today, efforts like the ABA's information exchange aim to work within the existing regulatory framework to mitigate an increasingly urgent problem for banks and credit unions.

"Protecting consumers from increasingly sophisticated fraud remains one of the banking industry's top priorities, and ABA continues to develop new tools and resources designed to support banks of all sizes in that effort," said ABA spokesperson Grano.

For reprint and licensing requests for this article, click here.
Fraud prevention Fraud Technology American Bankers Association
MORE FROM AMERICAN BANKER