How Do Banks Investigate Unauthorized Transactions

Igor Izraylevych

5 min read

How do banks investigate unauthorized transactions

Bank fraud is a major issue for individuals and businesses concerned with cyber security. How do banks investigate unauthorized transactions? 

Let’s take a detailed look at the bank fraud investigation process, assessing everything from the investigation of check fraud to credit card fraud investigation. In this article, we will look at:

  • different types of bank fraud
  • common signs of fraud, and
  • the fraud investigation process.

Types of Fraud

As a starting point, it is important to understand that there are different types of fraud, each with its own legal implications, including:

  • True fraud
  • Friendly fraud
  • Family fraud

   What is known as “true fraud” is the classic scenario: A criminal steals a credit card number or an account holder’s credentials and then attempts to make a purchase. 

Friendly fraud” is triggered by the cardholder themselves. The cardholder disputes a transaction, claiming that it is a fake charge when, in fact, it is not. 

A related category is “family fraud”, which involves a family member or friend using someone’s card without their permission. Both the family and friendly versions involve a crime against the merchant or vendor, whereas the true version involves a crime against the card or account holder.

Common Signs of Bank Fraud

Signs of bank fraud can happen on both the customer and bank ends of a transaction. As such, bank fraud detection involves monitoring every step of the payment or transfer cycle.

Common signs of bank fraud include:

  • A customer seeing unfamiliar payments in their account or on a statement
  • Sudden account overdrafts
  • Unrecognized, new accounts in a person’s name
  • Receiving correspondence from a debt collector on an unknown account
  • Unusually large charges
  • Charges in a new location far from the customer’s usual transactions

One particular area of concern involves contactless cards. 

Even after the accounts associated with these cards have been cancelled, fraudsters can still get fraudulent charges through, in some cases. 

For this reason, it is important that consumers regularly review statements.

The Fraud Investigation Process

The bank fraud investigation process involves several steps and is regulated by various acts, depending on the region in which the bank does business. 

Most fraud investigations begin at the request of the bank customer, whether that is an individual or business. 

The customer triggers a dispute which the bank then establishes as a fraud claim. A fraud claim involves a detailed investigation into the transaction and any and all associated evidence.

The 10-day Deadline

Once a bank opens a fraud claim at the request of a customer, a 10-day time period begins in which the bank must either complete the investigation or ask for an extension. 

If the bank requires more than 10 days to conduct the investigation, they will need to temporarily refund the questionable charge to the customer. 

The majority of banks will automatically trigger this temporary credit at the start of the investigation to streamline the entire process.

Assessing the Evidence

The core component of a bank fraud investigation involves assessing the available evidence. 

A bank will typically begin by looking at the transaction itself to see if there are any obvious indicators of fraud. The bank will look at the following when assessing the transaction:

  • Timestamps
  • Geolocation
  • IP addresses associated with both ends of the transaction
  • Any additional elements that may indicate that the cardholder did not trigger the transaction.

Next, the bank may look for some common signs of friendly fraud. 

For example, children often trigger “fraudulent” transactions by making in-app purchases in games. 

Another common scenario is when a customer signs up for a trial period but does not cancel the account before the end of that trial period. 

In these “friendly” scenarios, a bank would not necessarily notify law enforcement that fraud has taken place, though it is at their discretion to do so.

Finally, the customer will need to provide their own evidence in the fraud claim. This can include proof of where they were at the time of the transaction or any documentation that a fraud was not legitimate.

Returning Money to the Bank Customer

In situations where bank fraud has been confirmed, getting the stolen funds back to the bank customer can be more complex than one might expect. 

In the majority of cases, the funds can be officially returned to an account in a few days.

When identity fraud has taken place, things can become more complex. The individual against whom the fraud has been committed will need to contact the credit bureaus and put a fraud alert on their credit reports. 

Identity fraud that has resulted in long-standing fraud can cause serious damage to a credit report and take years to make right. As such, it is recommended that consumers monitor their reports on a regular basis.

Credit Cards vs. Debit Cards

What many consumers don’t realize is that there are significant differences between how fraud liability is dealt with in credit cards vs. debit cards. 

According to the Federal Fair Credit Billing Act in the US, a customer is only responsible for $50 of the fraudulent charges if the card has been lost or stolen. If card fraud has taken place while the card is still in the possession of the account holder, they are liable for no part of the charge. The merchant will need to refund the monies to the cardholder; the merchant will also have a chargeback fee levied against them.

Debit cards, however, have a very different situation. They are overseen by the Electronic Fund Transfer Act in the US

If a customer reports the fraud in 48 hours, their liability is limited to just $50; however, if it takes them longer than two days to report the fraud, their liability shoots up to $500. If the customer fails to report fraud within 60 days of the transaction, they are on the hook for the entire sum of the transaction.

The deadlines in the EU are more generous. Customers who have fraudulent transactions within the EU have 13 months to report a transaction. If the transaction is outside the European Economic Area, the reporting period is limited to 70 days.

Chargeback Representment

Chargebacks related to unauthorized transactions can cost businesses a lot of money in fees and returned monies during the fiscal years. 

For this reason, some merchants engage in a process known as “chargeback presentment”. 

Fraud investigations often take place primarily on the customer side, meaning that the merchant is locked out from the process. 

If a fraud has been found fraudulent by a bank and a merchant has been told to refund the monies, the merchant can represent the chargeback to the bank, giving them an opportunity to dispute the bank’s findings.

How to Prevent Bank Fraud

From the consumer perspective, the following steps can help prevent bank fraud:

  1. Always verify the security of online payments by looking for a lock icon and a URL that begins with https://
  2. Keep all card information private, and do not share even with close friends
  3. Hide pin codes when entered into a keypad
  4. Keep contact information for all banks on hand to report fraud as soon as possible

Banks have a long list of steps they need to take to counter unauthorized transactions. 

These include but are not limited to:

  1. Conducting regular audits and reviews of internal procedures and compliance checklists
  2. Maintaining digital images of checks
  3. Establish security protocols for cards and associated software
  4. Establish two-party authorization protocols on wires and ACH transactions.
  5. Reconcile wires and ACH releases on a daily basis
  6. Split internal duties related to payment processing (i.e. initiating, authorizing, reconciling, etc.)
  7. Instigate a review of signature and authority levels whenever an account change is triggered
  8. Establish in-house protocols regarding the storage and destruction of documents associated with accounts
  9. Limit remote, employee access to banking systems
  10. Regularly assess compliance laws related to fraudulent transactions by a regional government

Finally, banks in the U.S. need to implement strict controls over ACH transactions, which include all transactions sent in the U.S. via the Automated Clearing House network. 

ACH filters and blocks can stop external attempts to trigger and ACH transfer and remove funds. Blocks also work to prevent any disbursements from a customer account, while filters prevent releases of funds that do not match a pre-authorized list. 

Filters can include limiting permission to only certain business partners and setting a dollar limit on transactions.   

As the world economy continues to expand and move almost exclusively into the digital space, individuals and banks will have to increase their fight against bank fraud. 

Fortunately, there are a number of steps both parties can take to prevent these financial crimes. 

Hopefully, the increase in customer knowledge and awareness, as well as improvements in financial technologies, will limit unauthorized transactions to a few incidents in the years to come.

Igor Izraylevych