Insider Intelligence delivers leading-edge research to clients in a variety of forms, including full-length reports and data visualizations to equip you with actionable takeaways for better business decisions.
In-depth analysis, benchmarks and shorter spotlights on digital trends.
Learn More
Interactive projections with 10k+ metrics on market trends, & consumer behavior.
Learn More
Proprietary data and over 3,000 third-party sources about the most important topics.
Learn More
Industry KPIs
Industry benchmarks for the most important KPIs in digital marketing, advertising, retail and ecommerce.
Learn More
Client-only email newsletters with analysis and takeaways from the daily news.
Learn More
Analyst Access Program
Exclusive time with the thought leaders who craft our research.
Learn More

About Insider Intelligence

Our goal at Insider Intelligence is to unlock digital opportunities for our clients with the world’s most trusted forecasts, analysis, and benchmarks. Spanning five core coverage areas and dozens of industries, our research on digital transformation is exhaustive.
Our Story
Learn more about our mission and how Insider Intelligence came to be.
Learn More
Rigorous proprietary data vetting strips biases and produces superior insights.
Learn More
Our People
Take a look into our corporate culture and view our open roles.
Join the Team
Contact Us
Speak to a member of our team to learn more about Insider Intelligence.
Contact Us
See our latest press releases, news articles or download our press kit.
Learn More
Advertising & Sponsorship Opportunities
Reach an engaged audience of decision-makers.
Learn More
Browse our upcoming and past events, recent podcasts, and other featured resources.
Learn More
Tune in to eMarketer's daily, weekly, and monthly podcasts.
Learn More

As banks increasingly fall victim to fraud, their weak controls put customers at risk

What’s happening? Banks are coming under fire for weak security controls which are leaving consumers more vulnerable to spoofs, scams, and hackers.

The State of the Internet report from cloud service and security provider Akamai Technologies warned financial institutions (FIs) that as open banking begins to proliferate in the US, they must take application programming interface (API) security more seriously.

Elsewhere, UK banks aren’t taking full advantage of resources that can prevent their customers from falling victim to authorized push payment (APP) fraud, per FinExtra.

Fraud in the US: According to the Akamai report, as US banks increasingly work with third-party fintech providers via API connections, their API security is weakening or not keeping up with scammers’ tactics.

  • Within the past year, attacks on financial-services-related APIs and closely related web applications grew 257%.
  • In North America, the growth in attacks was even higher, at 449%.
  • The methods by which hackers use APIs to access personal financial data are becoming more complex, too. If an API is misconfigured, bad actors don’t even need a password or login information to access consumer data. Hackers can also gain access directly to files on a bank server through an improperly secured vendor that works with the bank.

APIs power open banking: In partnering with fintechs, banks rely heavily on APIs to create quick and easy connections with third-party providers. The practice is common in the UK, where open banking is part of a national mandate. US banks aren’t yet required to implement open banking solutions, though requirements are likely coming.

But many US banks have already felt the pressure from consumers to engage in these partnerships.

Fraud in the UK: Consumer banking industry group Which? is sounding the alarm against UK banks, claiming many are not fully utilizing the resources available to them to protect consumers from the rampant APP fraud in the country.

  • In an effort to prevent APP fraud, the Office of Communications (Ofcom) worked with telecom providers to create a “do not originate” list. This is a list of telephone numbers associated with well-known companies that are only able to receive calls, but cannot place outgoing calls.
  • One use of the list is for banks to provide customer service phone numbers on debit and credit cards that consumers can call, but the bank will never use to contact a customer.
  • The industry group tested 14 banks’ customer service numbers to see if it could mimic an outgoing call from those numbers, or if they were protected by the list. The group found that it could hack numbers from six major banks, including HSBC, LLoyds, and Santander.

APP fraud is fraught: The acceleration of APP fraud in the UK has caused industry groups to label the scam an epidemic.

  • APP fraud amounted to £583 million ($686 million) in losses in 2021, an increase of 39% YoY, according to a report from UK Finance.
  • And of the total £1.3 billion ($1.5 billion) lost to fraud in the UK, 44% was made up of APP scams.
  • In September, the UK’s Payment Systems Regulator (PSR) proposed a requirement for banks to reimburse APP fraud victims within 48 hours of the incident. In 2021, APP fraud victims recovered only 47% of losses.

The big takeaway: Innovative technology and financial solutions have revolutionized the industry, providing consumers with countless resources for improving their financial health. But fraud is an inevitable part of tech development, and it’s bound to worsen and become increasingly sophisticated. It’s imperative that banks, fintechs, and other financial institutions work together to strengthen security controls and prevent scams before they happen.

This article originally appeared in Insider Intelligence’s Banking Innovation Briefing—a daily recap of top stories reshaping the banking industry. Subscribe to have more hard-hitting takeaways delivered to your inbox daily.