How Fintechs Can Stay Safe from Fraud

Pandemic lockdowns and closures had us changing our lives in a number of ways. Many businesses’ physical locations shut down and switched to more online models. The same was true for the banking world, where many people found themselves on apps and websites to get their banking needs fulfilled. This trend helped jump start the explosion of the fintech industry, which is projected to reach $141.18 billion in revenue worldwide by 2028. (Compared to 2020, the year of widespread pandemic lockdowns, when the industry was just at $10 billion in revenue worldwide.)

With this continuous growth, fintech will, inevitably, continue to face its share of fraud. This was the subject of “Fraud Trends Within Fintech Banking Relationships,” a presentation from Patricia Rodriguez-Autore, CFE, CIA, CRM, at the 35th Annual ACFE Global Fraud Conference.

What is Fintech?

Fintech basically meshes finance and technology together. According to Rodriguez-Autore, it is “a financial entity that uses technology for its platform and its services.” She said we are hearing about fintech more due to the growth and evolution of financial institutions. Unfortunately, there is a higher risk involved with fintech because it involves a lack of transparency and requirements, and its speed and ease make it more vulnerable. Despite this higher risk, consumers are still utilizing financial technology because of its convenience, easy access and faster services.

Rodriguez-Autore said there are four types of fintechs:

  1. Financing: Includes credit and factoring (loans, etc.) and crowdfunding.

  2. Asset Management: Includes everything that falls under the investing category.

  3. Payments: Including those through mobile banking.

  4. Other: Insurance, biometric payments and more.

Fintech banking relationships include:

  • Direct Client Program: The fintech entity is a client of the bank and uses technology to assist with the flow of funds.

  • Custodial Client Program: The fintech is a customer of the bank and the fintech’s funds are held in custodial accounts at the bank.

  • Bank Program: Fintech provides some sort of technology services which the bank offers to the bank’s partnership with a technology provider.

  • Bank Partner: The fintech is a customer of the bank.

Types of Fintech Fraud

According to Rodriguez-Autore, the most common types of fintech fraud include:

  • Social Engineering: Fraudsters use phishing schemes and other manipulative techniques to get access to credentials.

  • Presentation Attacks: Spoofed images or videos help fraudsters create fraudulent accounts.

  • Synthetic Identity Fraud: With stolen and fake identity information, fraudsters can create “synthetic” fake identities.

  • Account Takeover.

  • ACH Fraud.

Red Flags of Fintech Fraud

To avoid fraud risks, Rodriguez-Autore urged the audience to watch out for potential red flags in a fintech relationship. These include, but are not limited to:

  • The use of deepfakes/AI and synthetic identity.

  • The use of virtual currency.

  • Negative news involving an organization.

  • Lack of fraud systems.

  • Lack of communication.

  • Expired licenses.

  • International presence without domestic explanation.

  • Accounts being opened for one reason but being used for another.

Governance

To keep fintech relationships safe from fraud, Rodriguez-Autore recommended a few steps of governance and quality control between businesses. Before onboarding other organizations for a relationship, she said fintechs should:

  • Participate in regular fraud training and keep up with evolving trends in fraud, risks and regulations.

  • Review the other organization’s fraud policies.

  • Keep in constant, direct contact with members of the other organization, including compliance officers and fraud managers, and meet with the other organization regularly.

“Pretty much, the bottom line is accountability,” said Rodriguez-Autore. “Hold them accountable for everything that they’re telling you that they are.”