Any business that offers financial services will inevitably experience fraud. It’s impossible to completely prevent fraud, and some fraud losses are to be expected as part of the operational cost of doing business.
That said, it’s important to have a well-defined fraud-prevention strategy, one that strikes a balance between enabling business and minimizing losses. In this guide, we’ll review common patterns of fraud, as well as discussing the tools and techniques you can use to prevent, detect, and respond to them.
Fraud can be frustrating, but it’s important to remember that you’re not confronting these challenges on your own. Unit embraces industry-leading security practices, and we’re committed to helping our clients prevent, detect, and mitigate fraud wherever it occurs. We perform fraud checks during the account-opening process (read more in our End Customer Applications Guide), and we’re always here to answer your questions.
The three types of fraud
Before we launch into a discussion of different fraud surface areas (e.g., onboarding, payments) and how to mitigate risk, it’s important to understand the three main types of fraud. That’s because how you prevent, detect, and respond to fraud can vary widely depending on whether it’s first-party, second-party, or third-party fraud. We’ll use these concepts throughout the rest of the guide.
- First-party fraud. This type of fraud occurs when someone knowingly misrepresents their identity or gives false information for financial or material gain. Example: A customer makes a debit-card purchase and then disputes the transaction as unauthorized.
- Second-party fraud. This type of fraud occurs when someone knowingly gives their identity or personal information to another person so that the second person can commit fraud. Example: A customer gives their debit card to a friend or family member, who makes a purchase. Then the cardholder disputes the transaction.
- Third-party fraud. This type of fraud occurs when someone’s identity or personal details are used without their consent. That includes manufactured identities (synthetic identity fraud), in which the fraudster creates a new identity using stolen and false information. Example: A fraudster uses the victim’s personal information to apply for a bank account and then commits fraud.
Fraud surface areas & how to mitigate risk
A fraud surface area is a touchpoint you have with your customers, one that is vulnerable to first-, second-, or third-party fraud. The tables below detail the kinds of fraud our clients have experienced, organized by surface area.
Account opening fraud
|A fraudster obtains the identity of another individual and attempts to open a new account with the stolen information.
|Unit or the client may receive notification from the victim because they:
|A fraudster obtains access to an account by stealing or buying its credentials.
ACH debit origination fraud
|Funds are pulled from a third-party account via ACH debit. In these cases, the legitimate account owner can be either a victim or the one committing the fraud. Learn more in our ACH Debit Fraud Guide.
|Unit clients are contractually obligated to keep unauthorized ACH debits below 0.05% of all ACH-debit originations. High return rates can result in the suspension of ACH-debit origination for a given client. As such, we recommend the following preventive measures:
Check deposit fraud
|As with ACH-debit fraud, funds are pulled from a third-party account, resulting in losses. Fraudsters will write and/or attempt to deposit bad checks, altered checks, fictitious checks, and checks that have already been deposited.
Card activity fraud
|In these cases, fraudsters take advantage of card-processing rules regarding merchants (such as gas stations, rental cars, and restaurants) where the temporary authorization can be less than the final amount charged. Such fraud occurs when the fraudster spends more than they have in their account, or spends their balance twice, causing the account to become overdrawn.
Disputes (first-party fraud)
|The customer makes a purchase, receives the goods or services, and proceeds to deny the purchase by raising a dispute, claiming that the card was lost or stolen.
If the merchant proves that the purchase is legitimate and that they have taken sufficient measures to authenticate the cardholder (e.g. chip+pin, 3D-secure), or if the disputed amount is under $25, the liability (and loss) lies with the issuer.
Disputes (third-party fraud)
|This is similar to first-party disputes fraud (above), except that the cardholder did actually have their card details compromised and did not authorize the transaction(s).
|Announcements about new financial features, rewards programs, or even company news (e.g., fundraising) can cause a spike in fraudulent signups.
Fraud prevention tools: a deep dive
Some tools are used by Unit as a default across all clients. They include tools at the onboarding phase (ID verification, address verification, document verification, Unit platform denylists), card-transaction scoring, AML monitoring, ACH name-match review, and check-deposit review. Other opt-in tools are covered below.
|How does it work?
|We recommend implementing device fingerprinting. The collection of this information helps Unit determine whether there are risks associated with the device being used to apply for the account—for example, the detection of mobile emulators, proxies, foreign IP addresses, VPNs, and whether the same device was used to initiate multiple applications on the Unit platform.
|We require implementing Plaid Balance checks when initiating an ACH debit. This allows you to verify the balance in the counterparty account prior to initiating the payment. It’s not foolproof; the balance in the account can change before the ACH payment has settled. However, it’s a good baseline. This check helps prevent potential fraudsters from attempting multiple ACH transactions to accounts with insufficient balances.
|We require implementing Plaid Identity for “me to me” payments, to verify that the owner of the account being debited matches the name of the Unit account holder.
This will help reduce the risk of unauthorized returns and the potential for losses. Keep in mind that Plaid Identity is not available for all financial institutions, and it does not prevent first-party fraud. Additionally, Plaid Identity may not be an option when allowing a customer to originate ACH debits from a third party (e.g., a business customer sends an invoice to be paid by ACH).
|Unit enforces limits on various payment types. Set reasonable limits that you think the vast majority of your customers can reasonably be expected to stay within. Do not set limits based on edge cases, as you may unnecessarily expose yourself to risk.
|Funds that arrive as part of originated ACH debits or check deposits are subject to a clearing period. That means the funds are held in a dedicated account and are not made available to the customer until the clearing period is over. Longer clearing periods often result in fewer returns and less fraud, for the simple reason that it gives legitimate account holders longer to detect and report fraud on their accounts. Learn more in our ACH Debit Fraud Guide.
|By using what you know about an applicant to assess their risk level, you can assign them to different tiers within your financial offering. For example, low-risk customers may be assigned higher account limits and more attractive rewards, while gaining access to certain features like ACH-debit origination or mobile check deposit. Medium-risk customers might be offered lower limits and less favorable terms. Finally, high-risk applicants could be kept off your platform altogether. This allows you to offer a better experience to low-risk customers while reducing your exposure to higher-risk customers. Learn more in our KYC Guide.
|Focus your marketing materials on your target audience and limit referral programs to those that encourage account use. Fraud risk is reduced when eligibility requirements are implemented, such as requiring direct deposit or a certain number of transactions before receiving rewards. See our Rewards Guide for more details.
|Freezing and closing accounts
|Unit monitors account activity in several key areas that are known to be targets for fraudsters. We may reach out to you about activity we regard as suspicious and discuss how to proceed. We may also provide recommendations.
If fraud is detected or strongly suspected, the client may freeze an account; however, accounts should not remain frozen without further action for more than five business days. Clients may receive increased complaint volumes for frozen accounts and cards; consequently, the reason for freezing the account should be retained and documented.
Using webhooks to monitor for fraud
We recommend that clients monitor the following webhook events that Unit provides, as they can be indicative of fraud. Unit may also notify clients of unusual activity or behavior patterns that are indicative of fraud and allow clients to decide on account closure.
- Originated ACH returns. Both Unit and the client should monitor ACH returns that could be indicative of fraud. These include ACH payments that are returned as Unauthorized, Account Frozen, or Stop Payment.
- Received ACH returns. Both those that are frequent/large in number and those that have a high dollar value. You can identify those by listening for new return transactions.
- Disputes. Clients will be notified via webhook of all disputes and dispute updates. Clients can use these notifications to compare to customer service inquiries or other Client specific interactions such as log-in attempts to their application to determine if these disputes appear suspicious.
- Check Deposit: Unit reviews deposited checks prior to processing them; we’re looking for possible alterations, checks that have already been deposited, and counterfeits. We’re also ensuring that the payee name matches the account-holder name. If we detect any unusual checks, we’ll notify you via webhook and allow you to decide whether an account should be frozen or closed.
Suspicious account activity and how to address it
When there is unusual activity on an account, feel free to use the tools at your disposal to freeze or close the account. If you’d like to consult with Unit, you can fill out a support form or send us an email. (If you’re using Zendesk, just share a ticket with us.) Below are a few final examples of account activity that may be indicative of fraud and warrant further investigation:
- Customer requests to change their phone number or email address
- Customer reports multiple lost cards and/or requests for new cards
- Customer will not provide verification information
- Customer provides incorrect verification information
- Customer waits long periods before providing verification information
- Customer provides inconsistent information
- Customer requests frequent limit increases
- Customer wants their request processed immediately, regardless of normal procedures
- Customer becomes hostile or irate
- Customer contacts customer service on a new device or with a new email address
- Customer contacts customer service from a location outside of the United States
- Customer contacts customer service and gives a name other than the one on the account
- Customer interacts with support using inconsistent grammar
Fraud is a reality of financial services, and the tactics that fraudsters use will continue to evolve. Unit will monitor the ecosystem and update our systems and controls to account for any trends we observe. Please reach out to your CSM or compliance lead if you have any questions about the contents of this guide.