As a greater number of transactions have moved online or gone mobile since COVID-19 emerged,
Every dollar of fraud loss at mortgage lenders ended up costing businesses $4.40 through the first three quarters of 2021, according to a study issued by LexisNexis Risk Solutions. The price of fraud has increased 33% since 2019, when the mortgage-lending industry lost $3.30 per dollar to fraudsters, and up 23.6% from pre-pandemic 2020’s figure of $3.56. But the impact has lessened by 0.6% from the COVID-affected months of 2020 when every dollar lost from fraud cost mortgage lenders $4.67.
The results came from a survey of risk and fraud management executives in financial services and lending companies conducted in August and September 2021.
Mortgage lenders recorded higher fraud expenses than banks and other financial services. Each dollar of fraud cost financial services, comprising banks, credit unions and wealth managers, $4.00 last year, the study reported, while at banks and credit unions alone, the loss came out to $4.10. Among U.S. lending providers, which includes both credit and mortgage companies, $4.16 was lost for every $1 of fraud.
"With the accelerated movement to online/mobile transactions and payments, financial services and lending firms must continue to build out and enhance the digital customer experience while protecting against fraud," said Christopher Schnieper, director of fraud and identity at LexisNexis Risk Solutions, in a press release.
The increased use of online tools and devices in the last two years has led to much of the spike in
In line with increased mobile volume, activity on phones was behind 29% of all fraud-related expenses at mortgage lenders in 2021, jumping from 24% in 2020 and 21% in 2019. At banks, fraudsters targeting mobile transactions led the channel to a 29% share of fraud costs last year, compared to 20% in 2020 and 16% in 2019.
“The mobile channel continues to impact higher fraud costs and volumes, as financial services and lending firms say that criminals have particularly targeted this channel for fraud during the pandemic,” the report stated.
The overall number of
But at banks, fraud attacks keep trending upwards, averaging 2,056 per month last year, compared with 1,839 in the pandemic-impacted months of 2020. Fraudsters, though, had less success last year with only 775 managing to break through, compared to 918 in COVID-affected 2020. Before pandemic onset, banks saw monthly averages of 1,690 attempts, 595 successful in 2019, and 1,239, 621 successful in early 2020.
Malicious bots also represent a fast-growing threat, impacting all financial services and lending firms. While in 2019 bot attacks made up only 3% of transactions within U.S. financial services in 2019 and 2% across lending companies, their share had jumped to 24% and 25% by 2021. Similar spikes occurred specifically at mortgage companies and banks. Mortgage lenders saw malicious bot attacks jump from 2% to 25% of transactions between 2019 and 2021, while banks experienced an increase of 3% to 24% in the same time frame.
Fraud occurs within all stages of client interactions, and for mortgage lenders, financial disruption appears evenly spread across the customer journey. Mortgage companies said 30% of fraud losses came during new account creation, 33% at funds distribution and 37% at account login. Almost half of the lenders surveyed said the funds-distribution posed the greatest fraud threat.
Identity verification, including via devices, email and phone numbers, is a challenge that financial companies need to address to limit fraud, according to LexisNexis’ recommendations. Identity fraud is a cause of a significant percentage of losses at the point-of-funds distribution, as well as during new account openings. Mortgage lenders and banks both also indicated that verification of malicious bots and transaction origins posed major obstacles their businesses struggled to deal with when combating fraud.
"Fraud prevention must assess both physical and digital identity attributes as well as the risk of the transaction,” Schnieper said. “It is difficult for even the best trained professional to detect the increasingly sophisticated crime occurring in the remote digital channels without the aid of solutions that detect digital behaviors, anomalies, device risk and synthetic identities."