Since 2010, Bank of America (BOA) has been handling the debit cards for California’s unemployment program. In early 2020, an unprecedented number of residents needed unemployment benefits, and at the same time, an unprecedented number of criminals fraudulently applied for benefits. Many legitimate cardholders also had unauthorized transactions on their accounts.
Unfortunately, the bank didn’t adequately balance the needs of legitimate cardholders with its fraud-fighting efforts, and now, BOA is facing federal inquiries from the Office of the Comptroller of the Currency (OCC) and Consumer Financial Protection Bureau (CFPB).
At the time of writing, the investigations are still underway, but enforcement action looks likely. California residents also brought a class-action lawsuit against the bank after the bank froze the unemployment benefits of legitimate beneficiaries in response to a faulty screening process for fraudulent transactions.
This situation has a lot of lessons for financial institutions that want to reduce their risk of fraud without compromising the needs of their customers or their bottom line. Here’s what you need to take into account if you want to balance your anti-fraud efforts with the customer experience.
1. Assess the cost of compliance and operational risks.
Financial institutions carry heavy operational and compliance risks. To safeguard the profitability of your bank, you need to understand how the cost of these risks affects your offerings.
Bank of American accepted a government contract to administer the state’s unemployment benefits in 20210 — while the contract looked extremely lucrative, the cost of managing the risks has eroded that potential.
This is not just an issue with government contracts. Every new product or service comes with a unique set of risks. Financial institutions need plans to minimize the risks, but they also need to understand the potential costs if they fall prey to operational or compliance risks. The costs, however, aren’t always easy to measure as they include both the direct costs of mitigating the issue and the indirect costs of reputational damage.
2. Invest in scalable solutions.
The bank had been handling the program for a decade, but it underwent significant stress when California’s unemployment rate soared to 16.4% in April 2020 at the beginning of the COVID pandemic. To protect your bank, you need scalable solutions.
Whether you’re investing in fraud protection solutions, IT for internal use, or customer offerings, you should focus on built-in scalability. You may not need the resources right now, but can you easily access them in the future? If not, what would happen if you faced an increased demand for certain resources? You must consider these questions when rolling out new programs or investing in tech solutions.
3. Screen multiple elements of customer interactions.
Fraud prevention has primarily focused on stopping fraudulent transactions. But if you truly want to reduce fraud, you have to look at more than just monetary transactions. You need tools that can look through a person’s entire interaction with your financial institution to spot signs of fraud.
In this case, most of the losses were due to criminals fraudulently applying for unemployment benefits. The state believes that $20 billion of the $180 billion in benefits paid since March 2020 went to scammers, members of organized crime rings, and prison inmates. This fraud did not happen on the transactional level. It happened at the point of application.
While Bank of American may have been powerless to stop this part of the fraud, this situation underscores the need to invest in anti-fraud tools that can detect application fraud, new account fraud, account takeover fraud, and loan fraud. Again, this requires anti-fraud tools that can assess multiple elements of a person’s interactions with your financial institution from the moment they get onto your website or app and onward.
4. Have dedicated fraud reporting channels for customers.
This situation escalated when legitimate customers couldn’t reach Bank of America. Customers spent hours on hold and being referred back and forth between the bank and the state’s Employment Development Department (EDD). This is an exceptional case because it involves both the bank and the government, but again, it illustrates what banks should not do while dealing with fraud.
When legitimate customers are unable to access their money due to suspected fraud on their accounts, they become frustrated and upset. They may take their business to another financial institution. They may complain or post negative reviews about your bank. In this case, the affected customers suffered financial damage that ultimately led to a class-action suit against the bank.
To avoid these types of scenarios, you need dedicated communication channels that allow customers to report fraud. You also need communication channels that allow customers to easily reach out to your bank when their account has been frozen or suspended due to suspected fraud.
Scalability is key here as well. A judge ordered Bak of American to expand its fraud call center hours to 24/7 and to answer all calls within five minutes. This forced the bank to increase its call center from 300 employees to 6,000.
5. Have a plan to contact customers.
Your customers don’t just need to reach you. You also need to be able to reach them. Ideally, when dealing with suspected bank fraud, this process should be as straightforward as possible. For instance, your bank should be able to easily text a customer to ask if a purchase is legitimate before authorizing it if it has the markers of fraud.
Unfortunately, Bank of America also may have dropped the ball here as well. The EDD asked the bank to freeze hundreds of thousands of accounts due to suspected fraud. The bank notified the EDD after freezing accounts, but it didn’t reliably notify customers about the freezes.
6. React promptly to fraud allegations.
To minimize losses due to fraud, you need to respond quickly. Ideally, you should have tools in place that help you prevent fraud before it happens, rather than merely detecting fraud once it has been initiated.
You also need a prompt response to stay compliant with federal regulations. The Electronic Funds Transfer Act requires financial institutions to complete fraud investigations in 45 days and give customers provisional account credits within 10 days of being notified of an error.
Part of the Bank of America lawsuit focuses on whether or not the bank abided by this regulation. According to Brain Danitz, a partner with the law firm spearheading the class action suit, the bank denied fraud claims to avoid abiding by Reg E.
7. Deal with fraud claims correctly and promptly.
After receiving an injunction, Bank of America had to reopen 46,000 cases of fraud, and the bank ended up reimbursing about 29,000 cardholders. If the bank had dealt with these fraud issues correctly the first time, it could have avoided wasting time and resources on re-opening these cases.
When you handle fraud correctly right away, your financial institution can minimize reputational damage and reduce the risk of facing lawsuits or fines.
8. Use up-to-date technology.
Another issue with this situation is that the bank used magnetic strips instead of EMV chips on its unemployment benefits cards. This may have been due to a state requirement, rather than a bank misstep, but regardless of who made the decision, it increased the bank’s risk exposure.
To reduce the risk of fraud, you need to embrace up-to-date technology. In many cases, you may be legally obligated to use certain types of technology. In other cases, you should select the upgrade due to the enhanced protection it offers.
Contact SQN to Get Help Dealing With Fraud
At SQN Banking Systems, we understand that dealing with the constantly changing fraud landscape can be difficult, especially when you have extra risks due to increased demand. We keep an eye on what’s happening in the world of fraud, and we work hard to ensure our anti-fraud tools and solutions protect our clients.
Don’t get caught dealing with expensive fraud mitigation, reputational damage, compliance fines, or lawsuits. Work with us to improve your fraud prevention, detection, and response. To learn more, contact us today.