Dealing with cybercriminals and hackers is nothing new for banks. From identity theft to account takeovers, to phishing, evolving threats continually test even the strongest security defences. Fraud is an ever-present threat for any financial institutions, but do neobanks and challengers face unique challenges?
Over time traditional banks have formalised their security processes and built experienced teams to counter criminal activity. Neobanks have risen rapidly to success in recent years, but have faced challenges balancing security with the customer experience.
One of the main competitive advantages of neobanks is their frictionless onboarding process, but while this is attractive to customers, it is also attractive to financial criminals looking to exploit any security weaknesses for their own gain. A digital account opening process still needs to be comprehensive enough to meet anti-money laundering regulations and to prevent fraud.
In recent years several high-profile neobanks have been investigated, fined or faced compliance challenges. Late last year, the German financial watchdog BaFin levied a fine of €4.25 million on digital bank N26 for weak anti-money laundering controls. BaFin noted that the fine against the Fintech unicorn was related to almost 50 suspicious activity reports being filed late.
Monzo is also currently under investigation by the UK’s financial watchdog over alleged breaches of anti-money laundering and financial crime rules. Payments giant PayPal also announced in recent weeks that they had closed 4.5 million illegitimate accounts, with bad actors reportedly taking advantage of new customer incentives when signing up to PayPal.
A Revolut whistleblower told the BBC in 2019 that “The CEO refused to listen to the compliance team”. The Fintech firm also saw the departure of two chief risk officers, two money-laundering reporting officers and a chief compliance officer over the course of three years, according to BBC reporting.
No quick fix
Achieving real-time banking experience for customers, at the same time as offering the same level of security and trust as conventional banks, is no small feat. Striking the right balance will be vitally important going forward as regulators continue to scrutinise regulatory compliance at neobanks and hackers find new ways to target customers.
A report from Paygilant finds there has been a 134% increase in new account fraud attempts since the beginning of the COVID-19 pandemic, highlighting the growing impact of such activity. Yet if onboarding systems are put in place which are too onerous, not only will users have to go through more potentially unnecessary security checks but the number of false positives where customer accounts are either blocked or closed could rise.
Advances in background or ‘silent’ authentication have the potential to reduce the burden on the customer when it comes to security. Mobile authentication provider tru.ID aims to do this through SIM security. Paul McGuire, Co-founder and CEO at tru.ID explains, “The answer to account security is not patching knowledge factor on top of knowledge factor. We need to move away from copyable credentials towards a far more secure, hardware-based possession factor. The most immediate and innovative solution is the SIM card. It’s cryptographically secure, virtually unclonable, and it’s in everyone’s pocket.”
As neobanks distinguish themselves from incumbents by offering a seamless customer experience, even temporary blocking of non-fraudulent accounts would damage the reputation of challenger banks and reduce their appeal.
While expensive, hiring more skilled staff in the compliance department can help to uncover genuine fraudulent activity while leaving other customers unaffected. In an increasingly digital environment, neobanks need to quickly find solutions to the challenge of fraud that manage to balance the customer experience and regulatory obligations.
Written by Finbarr Toesland, Editorial Contributor
The conversation continues at Future Identity Finance, 26th April 2022, at County Hall, London.