Skip to main content
  • English
    Discover SWIFT
  • Español
    Descubra nuestros contenidos en español
  • Français
    Découvrez notre contenu disponible en français
  • 中文
  • 日本語

While fraud targeting end-customers has always been a concern for banks, its rise in the past two years has been exponential and has led to scrutiny from regulators across the world.

According to the FBI, the amount of reported fraud losses in USD denominated payments globally reached $6.9 billion in 2021, representing a huge rise from $1.4 billion in 2017.

The rise of e-commerce, open banking and new payment methods has provided additional avenues for fraudsters to target people and companies. Fraud can now impact C2C payments, B2B payments, or even FI payments. According to the AFP Fraud Survey 2020, the proportion of wire payments involved in B2B fraud had multiplied eight times, representing less than 5% of fraud cases in 2012 and reaching 39% by 2020. This trend applies to all payment types as digitisation has continued to accelerate, enabling fraudsters to scale up their attacks using digital channels.

At the same time, fraudsters have used more sophisticated methods to defraud bank customers, resorting to impersonation and social engineering scams for example. Such cases of authorised fraudulent payments leave anomaly markers more subtle and difficult to detect. Worse than that, victims may not even recognise themselves until it’s too late.

Fraud targeting your customers: Regulatory scrutiny and costs for customers

Fraud targeting your customers and counterparties is a pressing issue, with regulators and law enforcement agencies across the world warning banks and their customers of the growing threats of impersonation, social engineering and phishing attempts. 

When your clients fall victim to fraud, there are direct financial losses for your institution and your clients, with an associated impact on the client experience.

However, there are indirect costs associated with fraud as well, including costs associated with recovering funds and reporting transactions. It’s estimated that for every dollar of fraud loss, it can cost a bank up to four dollars to respond. These costs represent the transaction value for which firms may be held liable, fees and interest incurred, fines and legal fees, labour and investigation costs, and external recovery expenses. 

[ebook] Fighting institutional payments fraud in the new normal

Basic defences, counter measures and best practices.

How SWIFT Payment Controls can help

Since its launch, Payment Controls has helped many financial institutions to monitor payment transactions in order to detect potential fraud targeting financial institutions directly. That said, fraud affecting end-customers requires additional markers to characterise unusual activity observed at an account level.

It’s for this reason that, in the second half of 2022, Payment Controls has begun leveraging such account-level data. And it doesn’t stop there: these Payment Controls insights that characterise account behaviour are obtained from the entire SWIFT community. In other words, thanks to Payment Controls, financial institutions can now benefit from network-based anomaly markers that could not have been derived individually.

How to protect your payment operations against fraudulent attacks

Detecting anomalous account activity

Fraud affecting end-customers can manifest in many ways. Sometimes they happen in bulk, with many affected customers but only one fraudster; sometimes they are isolated; sometimes the amounts involved are small, sometimes not. For that reason, Payment Controls’ approach offers different logics designed to detect the various markers of anomaly that can hide fraudulent activity. Interestingly, some of these logics can be used for other purposes such as operational issues.

  • A first logic is in the detection of repeated payments of the same amount and currency from or to the same account, or between two given accounts. For instance, you can choose to be alerted if one of your customers sends a payment to a beneficiary account that received a payment of the same amount and currency from accounts owned by other financial institutions – which may indicate they have been victim of a fraud scam. The logic of detecting repeated payments via Payment Controls can also help banks alert and block cases of operational issues, such as human error.

  • Not all customers send or receive payments via SWIFT. Payment Controls enables banks to detect scenarios in which customers send or receive funds for the first time across the SWIFT network – which may be indicative of fraudulent activity or simply of operational mistakes – for example, if the wrong beneficiary or ordering account was encoded.

  • Other logics are in progress whereby other markers of abnormal activity at the account level will be able to be detected. These will include the detection of unusual funds or number of payments sent/received by a given account.

Millions of accounts do transfer and/or receive funds via SWIFT. Apart from exceptional situations, financial institutions do not and cannot afford configuring anomaly detection logics per account. For that reason, all the above-described Payment Controls logics operate in a generic fashion scoping by default all accounts a financial institution does business for or with. Of course, as exceptions can prevail, such a generic approach can be tuned to focus or exclude some given account(s).

Network-level analytics

As previously mentioned, Payment Controls enables you to leverage account insights from the entire SWIFT community (subject to country limitations – for more information, please contact your SWIFT account manager).

Previously, FIs could leverage institution-centric views whereas community-wide insights remained a blind spot. With institution-centric views, financial institutions were using their own information without having access to other financial institutions’ information; they could identify anomaly markers if their own data was highlighting unusual patterns. With end-customer fraud, many patterns can only be seen on the beneficiary side, making it difficult for originating institutions to catch fraudulent transactions before releasing them – leading to the additional indirect costs described earlier.

With the introduction of these new account-based logics, Payment Controls allows users to benefit from the power of the SWIFT network by offering insights that only networks can offer. Originating institutions can be warned if their transactions contribute to an abnormal behaviour observed at network level and leverage this information in their anomaly detection processes in order to potentially avoid the indirect costs linked to recovery of fraudulent funds.

Greater flexibility

With these new developments, Payment Controls will offer you more flexibility, as well as network level insights, to target the detection of payment fraud impacting your clients and account holders. This transformational development is the first of several enhancements we have planned to improve our community’s response to financial crime and fraud.

It’s important to note that these new account-based functionalities don’t replace other existing logics offered by Payment Controls. Thanks to the Payment Controls rules combination framework, users can even use the new account analytics to refine their already existing screening policies.

Lastly, all these logics could not be offered without ensuring compliance with existing regulations on party data information. For more information on this, please consult SWIFT Pseudonymised Account Statistics – Information Notice.

For any other questions, please contact your account manager.

Discover our Fraud solutions

Cyber attackers are innovative and now work with subtlety and sophistication. They cover their tracks and exploit the fact that payments move faster than ever. Work with SWIFT to monitor and protect your core payments on three fronts.