Inside the True Cost of Fraud Study

How companies grow their business more safely by navigating the growing risk of fraud

From the Study

This research from LexisNexis Risk Solutions provides a snapshot of current fraud trends in the U.S. and Canadian financial services and lending markets, including key pain points related to adding new payment mechanisms, transacting through online and mobile channels, and expanding internationally. Data collection occurred as part of a larger commissioned global study conducted by Forrester Consulting.

Many of the survey questions reference the past 12 months and for the purposes of this study, the research refers to fraud as: Fraudulent transactions due to identity fraud, which is the misuse of stolen payments methods (e.g., credit cards) or personal information; fraudulent requests for refunds/returns, bounced cheques; fraudulent loan applications (i.e., purposely providing incorrect information about oneself, such as income, employment, etc.); account takeover by unauthorized persons; and the use of accounts for money laundering.

This research covers consumer-facing fraud methods and does not include insider fraud or employee fraud. The cost of fraud is more than the actual dollar value of a fraudulent transaction. It also includes additional costs related to labor/investigation, fees incurred during the applications/underwriting/processing stages, legal fees and external recovery expenses. Therefore, the total cost of fraud is expressed by saying that for every $1 of lost value due to fraud, the actual cost is higher based on a multiplier representing these additional costs. For a common base of comparison between the U.S. and Canada, all currency is in USD.

Trends

Physical branches generate the most revenue of any single channel, though two-thirds of revenue comes through remote channels. Traditional transaction methods, such as cash, checks and gifts cards, rebound. Digital wallets and payment apps hold ground while crypto softens. Credit and debit transactions combined continue to represent the majority of transaction volume, especially at U.S. Banks. U.S. firms report needing to allocate more resources toward fraud management while Canadian firms report greater impact due to direct revenue losses.

Attacks

Nearly two-thirds (63 percent) of financial firms report overall fraud increasing at least 6 percent in the prior 12 months. Canadian firms were nearly twice as likely as U.S. counterparts to report an overall increase of 21 percent or more. Synthetic Identity Fraud afflicts the entire Customer Journey, causing the greatest impact at distribution of funds for U.S. firms and Canadian financial services. Scams stand out for U.S. financial services at that customer journey stage but rank highly for other groups at new account creation.

Challenges

Challenges discerning legitimate humans from malicious bot transactions, and the emergence of new/varied transaction methods, complicate the mandate to provide customers with a positive experience across touchpoints. Widespread expectations for increased budgets align with progress in conveying the commercial impact of fraud prevention to the business overall.

Scams

Scams are still a major contributor to fraud losses, despite efforts to educate consumers. Over half of financial institutions report scams increasing 6 percent or more, with 21 percent of firms reporting at least a 21 percent increase. About 35 percent of fraud losses in the region are now attributed to scams. Almost half (48 percent) of financial institutions report undertaking efforts to educate customers about how to protect themselves. Over 40 percent have nudged customers to take actions with personalized or contextual recommendations.

Losses

The LexisNexis® Fraud Multiplier™ variable rose for all financial services segments, more so in Canada than in the U.S. – For every $1 of fraud loss, it costs Canadian firms $1 more compared to last year: $4.45 in 2023 versus $3.49 in 2022, a 28 percent increase on average. U.S. investment firms and credit lenders reported a 9 percent increase year-over-year, noticeably higher than U.S. banks and mortgage lenders. Fraud losses in the phone channel spike across the industry, in line with widespread increases in scam attacks and losses due to scams.

Risk Mitigation Smart Practices

Risk Mitigation Smart Practices: Findings show that firms using a multi-layered solutions approach that is integrated with cybersecurity and digital customer experience operations can lower their cost and volume of successful fraud while improving identity verification and fraud detection effectiveness. Organizations who build a more robust posture against fraud throughout customer journey stages report 41 percent lower fraud losses compared to the least mature organizations.

Key Finding 1

Increased digitalization affords fraudsters more opportunities to exploit both consumer identities and accounts. However, strong in-branch transaction volume and value, and prioritization of customer experience, indicate the need for robust omnichannel fraud prevention capabilities.

Although approximately two-thirds of revenue comes through remote channels, physical branches generate the most revenue of any channel.

Use of traditional transaction methods, such as cash, checks and gifts cards, rebounded, doubling for U.S. firms and more than tripling in Canada. The increase reinforces the importance of omnichannel identity verification and fraud risk assessment strategies.

Among business functions impacted by fraud, customer experience tops the list of concerns for most financial firms, though slightly less so for U.S. financial services.

Widespread difficulty establishing trust with customers and concerns over customer churn point to potential long-term challenges.

Key Finding 2

Thousands of fraudulent transaction attempts flood into financial institutions every month. More identity-related fraud occurs at account logins, especially via synthetic identity fraud for U.S. financial services and Canadian firms. Scams challenge all industry segments at all customer journey stages, especially for financial services firms.

Nearly two-thirds (63 percent) of financial firms report overall fraud increasing at least 6 percent in the prior 12 months. Canadian firms were nearly twice as likely as U.S. counterparts to report an overall increase of 21 percent or more.

Scams stand out as a top fraud vector for US banks at the point of distribution of funds, while ranking highly for other groups at new account creation. Friendly fraud consistently ranks as a top challenge across the customer journey.

Account logins overtake new account creation as the stage of the customer journey with the most identity-related fraud, except for US Lenders for whom distribution of funds is more problematic.

The average number of successful fraudulent transactions per month grew across the industry. This is driven by larger firms, as in 2022.

Key Finding 3

Financial institutions continue racing to keep ahead of evolving threats and scams while balancing customer experience. Notable increases in online and mobile challenges across the customer journey, especially at new account creation, add urgency to instill greater robustness and flexibility into fraud detection and mitigation plans.

Financial organizations report struggles with evolving threats and payment methods, and balancing fraud prevention with customer experience. The top challenge for financial services firms was staying current  and defending against new, more sophisticated payment frauds. Lenders most often ranked the inability to manage/prevent fraud for new transaction methods.

U.S. firms recognize the opportunity to balance customer experience with precautionary measures via improved digital identity verification across online and mobile channels. Malicious bot transactions and the emergence of new/varied transaction methods complicate the mandate to provide customers with a positive experience across touchpoints.

The most widespread efforts to mitigate and prevent scams focus on education, either directly to consumers about their security, or to employees about customer security and privacy. Third-party data and insights are also commonly applied to scam detection and mitigation. Scams put financial institutions in a difficult position.

Key Finding 4

Every dollar of direct fraud loss costs financial institutions more than at the time of last year’s study. Over one-third (35 percent) of fraud losses in the region are now attributed to scams, which are increasing in frequency also. Across the region, fraud losses spiked in the phone channel, the channel most frequently used by fraudsters to target consumers in the U.S. for authorized transfer scams.* Firms are succeeding at defending account logins and distribution of funds, but fraudsters are finding new ways of attack at account creation.

International fraud spiked for U.S. firms. The increase aligns with widespread challenges assessing fraud risk by country or region, and a lack of specialized fraud prevention tools for international transactions. Scams are a major contributor to fraud losses, despite efforts to educate consumers. Although 48 percent of financial institutions say they have undertaken efforts to educate customers, roughly 6 in 10 financial  institutions report an increase in scams over the last year.

The Fraud Multiplier™ variable rose for all financial services segments, more so in Canada than for U.S. firms. For every $1 of fraud loss, it costs Canadian firms $1 more compared to last year: $4.45 in 2023 versus $3.49 in 2022, a 28 percent increase on average. U.S. investment firms and credit lenders reported a 9 percent increase year-over-year.

Key Finding 5

Organizations that build a more robust, multi-layered approach against fraud through the customer journey report lower fraud losses. Across industries, geographies and customer journey stages, firms have implemented more advanced identity authentication and transaction verification solutions, especially behavioral biometrics, device identification, physical biometrics and browser/malware tracking solutions.

Having robust fraud management administration capabilities is key for both financial services and lending firms, as this empowers administrators to effectively configure, monitor, and maintain the fraud management system. Other important features include global network intelligence, utilization of AI/ML models, and segmentation of customers and attributes. Financial services firms also emphasize model explainability and governance.

Firms using a multi-layered, risk-based solutions approach tend to have a lower cost of fraud and fewer challenges across each customer journey stage. Organizations who build a more robust posture against fraud throughout customer journey stages report 41 percent lower fraud losses compared to the least mature organizations.

Recommendations

To respond faster to emerging fraud trends and rising consumer expectations, forward-thinking financial institutions increasingly take a dynamic, agile and simplified approach to risk assessment. Capabilities integrated via risk-based workflows, supported by deep troves of identity intelligence and robust linking technology promote the flexibility, agility and simplicity necessary for safe and convenient interactions and transactions.

Financial institutions need to become more nimble to keep ahead of rising consumer expectations and emerging fraud attack schemes and vectors.

To pivot quickly and reduce complexity — across the three primary consumer journey stages, across all channels and according to all risk levels — financial firms should implement and optimize risk-based workflows composed of a flexible, robust and interoperable array of physical, digital and behavioral risk and authentication assessment capabilities, which derive from deep, broad and relevant troves of reliable, actionable intelligence.

Risk-based workflows respond effectively to the risk level of the present interaction or transaction, correctly blocking fraudulent actions while promoting positive experiences for legitimate consumers. This hinges on a firm’s ability to call an appropriate combination of risk-assessment capabilities and detect the risk level of the present interaction or transaction.

Recommendation 1

Identity proofing should include assessing digital identity attributes. Technology is key to this effort of detecting and mitigating fraud while minimizing friction. Identity proofing involves both verification and authentication. Verification relates to self-provided data (date of birth, national ID number,

address, etc.) to determine if the person/identity is real and that the data relates to a single identity. This is particularly important with the rise of synthetic identity fraud. Authentication confirms that the person is legitimate (i.e., they are who they say they are).

To minimize fraud, organizations can no longer rely on manual processes with the assistance of limited technologies to reduce challenge rates, manual reviews and costs.

The digital transformation among consumers to more online and mobile transactions means that more of these transactions are occurring in an anonymous environment compared to traditional in-person interactions. Businesses should also assess the device risk, as well as the online/mobile behaviors and transaction risk. Assessing only the physical identity attributes (name, address, date of birth, Social Security Number, etc.) is not longer adequate to fully authenticate identity.

Businesses should have a robust fraud and security technology platform that helps them adapt to this changing digital environment, offering strong fraud management and resulting in a more seamless experience for genuine customers. Deploying technologies that better recognize legitimate customers, mitigate fraud and build the fraud knowledge base to streamline on-boarding can prevent account takeovers and detect insider threats.

Using a valuable data attributes like users’ logins from multiple devices, locations and channels is essential for identifying risks. Enabling integrated forensics, case management and business intelligence can help to improve productivity.

Recommendation 2

Meet rising consumer expectations, and detect and mitigate more numerous, severe and sophisticated fraud and identity risks via risk-based workflows customized to each phase of the customer journey and transaction channel.

Single point protection can be inadequate and can result in a single point of failure. As consumers transact across locations, devices and geographies, user behaviors, such as transaction patterns, payment amounts and payment beneficiaries, are becoming more varied and less predictable.

Each stage of the customer journey is a unique interaction, requiring different types of identity verification, data and solutions to let your customers in and keep the fraudsters out.

We recommend adopting a risk-based workflows approach, composed of a flexible, robust and interoperable array of physical, digital and behavioral risk and authentication assessment capabilities, which derive from deep, broad and relevant troves of reliable, actionable intelligence.

Recommendation #3

Mitigate fraud at the first point of the customer journey by protecting endpoints and using digital identity solutions and behavioral analytics that assess risk while minimizing friction. Mitigate fraud at the first point of the customer journey by protecting endpoints and using digital identity solutions and behavioral analytics that assess risk while minimizing friction.

Protect Entry Points: Implement strong customer identity and access management (CIAM) controls by integrating cybersecurity and digital experience operations with fraud detection technology. This helps guard against attacks while minimizing friction. Synthetic identities involve real and fake identity data.  Physical identity attribute assessment alone will not make this distinction.

Authenticate the Physical Person: Verify physical identity attributes, consumer identity events and account-creation behavior.

Authenticate the Digital Person: Analyze signals from digital interactions, including device usage, device reputation and digital identifiers, to discern between legitimate users and potential fraud risks. Solution Examples: Authentication by behavioral biometrics; Device ID/fingerprint – seamless risk assessment that minimizes customer effort and friction

Continue to Manage Risk Across All Endpoints: Increase flexibility and reduce complexity via a robust and interoperable array of physical, digital and behavioral risk and authentication assessment capabilities.

Recommendation #4

Use technologies that recognize your customers, determine their point of access and distinguish them from fraudsters and malicious bots. Solutions layered in a risk-based workflow support an assessment and response appropriate for each individual interaction, minimizing impact on customer experience.

Use technologies that recognize your customers, determine their point of access and distinguish them from fraudsters and malicious bots. Solutions layered in a risk-based workflow support an assessment and response appropriate for each individual interaction, minimizing impact on customer experience.

Protect Entry Points: Implement strong customer identity and access management (CIAM) controls by starting with integrating cybersecurity and digital experience operations with fraud detection technology. This guards against attacks while minimizing friction. Breached data used to access accounts requires more levels of security and distinguishing a legitimate consumer from a bot or synthetic identity

Authenticate the Physical Person: Analyze human-device interactions and behavioral patterns, such as mouse clicks and keystrokes, to discern between a real user and an imposter. This is particularly important at account login since fraudsters deploy mass attacks, using breached data, to test passwords for account takeover. Leverage crowdsourced device and account intelligence for additional risk signal that would be otherwise unavailable. Solution Examples: Authentication by biometrics; email/phone risk assessment, device intelligence consortiums – seamless risk assessment that minimizes customer effort and friction.

Active Identity Authentication: Confirm the user’s claimed identity via personal data known only to the customer or via a physical device in the user’s possession. Solution examples: Authentication by challenge or quiz; one-time passwords; push authentication.

Authenticate the Device: Identify a remote computing device or user. Solution examples: Device ID/fingerprint; geolocation.

Recommendation #5

Add transaction and payee risk technology to the layering of digital attributes, behavioral analytics and device assessment solutions during the transaction/distribution of funds journey point. As consumers transact across locations, devices and geographies, their behaviors, such as transaction patterns, payment amounts and payment beneficiaries, are becoming more varied and less predictable.

Authenticate the Digital Person: Analyze signals from digital interactions, including device usage, device reputation and digital identifiers, to discern between legitimate users and potential fraud risks. Solution Examples: Authentication by behavioral biometrics; email/phone risk assessment; Device ID/fingerprint – seamless risk assessment that minimizes customer effort and friction

Authenticate the Device: Identify a remote computing device or user. Solution examples: Device ID/fingerprint; geolocation.

Active Identity Authentication: Confirm the user’s claimed identity via personal data known only to the customer or via a physical device in the user’s possession. Solution examples: Authentication by challenge or quiz; one-time passwords; push authentication.

Access the Transaction: Velocity checks/transaction scoring: Compare current transactions against historical transaction patterns of an individual to detect if volume or other behavior by the cardholder indicates risk. Solution examples: Real-time transaction scoring; automated transaction scoring.

Summary of Recommendations

Respond faster to emerging fraud trends and rising consumer expectations by taking a dynamic, agile and simplified approach to risk assessment. Promote safe and convenient interactions and transactions across the customer journey via capabilities integrated into risk-based workflows, and supported by deep troves of identity intelligence and robust linking technology.

Consolidate vendors where possible to reduce complexity, message latency and costs, and increase the effectiveness of custom solutions and responsiveness to changing risks.

Risk-based workflows respond effectively to the risk level of the present interaction or transaction, correctly blocking fraudulent actions while promoting positive experiences for legitimate consumers.

Call an appropriate combination of risk-assessment capabilities for the present interaction or transaction, customer journey stage, channel and risk-level, by leveraging multiple interoperable capabilities on a unifying platform for rapid identity verification, user authentication and transaction scoring.

Detect the risk level of the present interaction or transaction via signal from diverse sources of intelligence, including device, behavior, email, phone and physical consumer data, and assess the signal with insights from thousands of public record and proprietary sources, industry peers (“crowd sourcing”) and user-device behavior.

About LexisNexis Risk Solutions
LexisNexis Risk Solutions harnesses the power of data, sophisticated analytics platforms and technology solutions to provide insights that help businesses across multiple industries and governmental entities reduce risk and improve decisions to benefit people around the globe. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information-based analytics and decision tools for professional and business customers.

The LexisNexis® True Cost of Fraud™ Study offers a timely picture of current fraud trends facing the financial and retail industries in the U.S. and Canada by analyzing in-depth surveys from over 700 risk and fraud executives every year. Building on 15 consecutive years of research, the True Cost of Fraud study explores current and emerging fraud trends, and shares insights and recommendations on how to better manage fraud risks and strengthen customer trust.

https://risk.lexisnexis.com/insights-resources/research/us-ca-true-cost-of-fraud-study