Efficient Bank Fraud Investigations | A Complete Guide

Banking looks very different today than it did even 20 years ago. Banks have far fewer face-to-face interactions as more customers migrate to online or app-based banking services. In Europe today most people use online banking, with statistics showing that 70% of European adults access their online bank account at least once a month. In some European countries, as many as 90% of adults use internet banking.

But the move away from in-person banking has opened the door to a considerable increase in bank fraud. As suspected fraud incidents become more common and fraud schemes grow more sophisticated, banks must learn to more quickly and effectively investigate suspected fraud.

In this blog post, we’ll take an in-depth look at bank fraud and bank fraud investigations. We’ll then discuss the challenges of bank fraud investigations and review the steps and basic timeline of a fraud investigation. Finally, we’ll share how technology can help banks investigate fraud faster and mitigate risk. 


What is bank fraud?
What is a bank fraud investigation?
What happens when a bank is alerted of a fraud claim?
The challenges of investigating and preventing bank fraud 
The four steps of a bank fraud investigation
Do banks report suspected fraud?
How long does a bank fraud investigation take?
How can fraud victims recover their money?
How banks can investigate fraud faster and with fewer risks
Technology can simplify bank fraud investigations


What is bank fraud?

Bank fraud occurs when someone obtains funds or other assets from a bank or its customers through the use of deception. Perpetrators of bank fraud frequently use information from a stolen or lost credit or debit card or information obtained through identity theft. An individual or entity can also commit bank fraud by using a person’s bank account to launder money, using credit card machines to put refunds on their cards, or hacking online banking systems.

Banks don’t want to lose their own money or their customers’ money, so they’re incentivized to investigate suspected fraud. Let’s look at how they do that.


What is a bank fraud investigation?

A bank fraud investigation is a standardized process that banks use to determine whether a fraud claim is legitimate. If fraud has occurred, the investigation should involve protective action and, where appropriate, the reimbursement of any stolen money or property. The purposes of a bank fraud investigation include: 

•    uncovering whether fraud has occurred, 
•    determining who committed the fraud and how, 
•    deciding how to correct the fraud, 
•    protecting the bank’s customers and its brand, and 
•    taking action to prevent similar frauds from occurring in the future. 

A bank’s ultimate goal, of course, is to protect its assets, customers, and reputation.

How does a bank fraud investigation begin? Let’s look at what happens when a bank becomes aware that fraud may have been committed.


What happens when a bank is alerted of a fraud claim?

Fraud claims may come directly from customers or from the bank’s fraud-detection systems. 

A customer may claim that someone withdrew money from their account or placed unauthorized charges on their card, or that a merchant charged them the wrong amount or charged them for goods or services they did not receive. When a bank receives a fraud claim from a customer, it reviews the details of the claim and decides whether to open an investigation. If a bank launches an investigation, it must determine who is liable. 

Alternatively, a bank’s automated system may flag suspected fraud, triggering an investigation.

While the facts underlying a claim of bank fraud may be straightforward, the investigation itself often isn’t. Let’s turn next to what makes bank fraud investigations difficult.

The challenges of investigating and preventing bank fraud 

Banks perform fraud investigations based on all kinds of complaints, but many of them involve similar challenges. Common challenges around investigating and preventing bank fraud include:

  • the number of vulnerabilities that digital banking activities give rise to,
  • the difficulty in confirming individuals’ identities during remote interactions,
  • the need to balance customers’ desire for convenience—and attending resistance to online protective measures—with the bank’s need for security,
  • the increasing sophistication of bank fraud schemes, and
  • the difficulty in differentiating inexperienced online shoppers from fraudsters and in detecting fraud that results from social engineering.

 So, what does a bank do when it believes fraud has occurred?


The four steps of a bank fraud investigation

How does a fraud investigation work?

Bank fraud investigations can vary based on the type of fraud committed and internal policies, but there are four basic steps involved in a bank fraud investigation.

1.    Evaluate the claim

The first step of a bank fraud investigation is to evaluate whether fraud has occurred. This inquiry typically involves asking a complainant for more information on their report. An investigator should find out when the transaction occurred, whether the customer’s information has recently been compromised, and why the customer believes the transaction is fraudulent. If the bank’s automated system flagged the potential fraud, however, the bank may do some preliminary fact-finding before reaching out to the customer for more details.

2.    Take protective action to prevent further fraud

If the bank determines that the claim is viable and fraud may have occurred, it should take immediate action to prevent further losses. Such protective actions include canceling and reissuing the debit or credit card at issue and requiring the customer to change their account passwords and security questions. While these steps won’t recover any funds that have already been lost, they can prevent additional fraudulent transactions from occurring, at least in the short term.

3.    Make a liability determination

At this stage of the investigation, the bank determines the source of the fraud and decides who is liable. Possible outcomes include the determination that: 

•    a third party committed fraud, 
•    a merchant wrongfully charged the customer or failed to deliver goods or services, 
•    the bank’s automated fraud-detection system was mistaken, or 
•    the customer filed a false report. 

If the bank determines that fraud has occurred, it must then choose whether to report the fraud to a law enforcement agency and pursue legal action. We’ll talk about this more in a moment. 
4.    Reimburse the customer, if appropriate

Will the bank refund unauthorised transaction?

In most cases, if the customer has lost funds due to fraud, the bank will reimburse the customer for those losses. The bank will either absorb this cost or seek to recover its losses by taking legal action against the fraudster. If, however, the bank determines that a merchant is liable, it will credit the customer and recover its losses directly from the merchant, a process we’ll review in more detail below.

In some cases, though, the bank may decide not to reimburse the customer. This could occur if the bank determines that the customer filed a false report, participated in the alleged fraud, or compromised their account’s security. If the bank refuses to reimburse the customer, the customer may choose to sue the alleged fraudster to recover their losses.

Let’s circle back to the question of whether a bank will report fraud to a law enforcement agency.

Do banks report suspected fraud?

Banks report suspected fraud in certain cases. Whether a bank chooses to press charges against an individual fraudster typically hinges on the scale of the fraud committed.

In Europe, under the PSD2 (Payment Services Directive 2), banks must report suspected fraud to the relevant national authorities, such as the police or financial regulatory bodies. More so, they may also be required to report suspicious transactions to the European Central Bank or other regional financial supervisors. The reporting is usually conducted through Suspicious Activity Reports (SARs). The reporting requirements vary per country, so banks should consult with the local authorities and regulatory bodies on how to properly report suspected fraud.

In the US, if a bank chooses to report suspected fraud, it must determine which state or federal law enforcement agencies, from the local police department to the FBI, should be involved.

 Banks can also report internet phishing attempts to the Anti-Phishing Working Group, an international non-profit organization that investigates and fights cybercrime. Fraud charges can result in state or federal prosecution that, if successful, can lead to fines and imprisonment.

 But reporting isn’t entirely discretionary. The Bank Secrecy Act (BSA) mandates that financial institutions report suspected money laundering or other specific types of suspicious activity.


How long does a bank fraud investigation take?

According to the EU Directive on Payment Services (PSD2), banks must provide information to the customer as soon as possible, and no later than the next business day following the date on which the bank became aware of the unauthorized transaction or the lack of consent.

Moreover, banks in the EU must provide a full refund to the customer no later than one business day following the day on which the bank became aware of the unauthorized transaction or the lack of consent. That said, it’s important to mention that the aforementioned timeframes can be extended if the bank is able to demonstrate that it requires additional time to complete its investigation.

The specific timeframes within which banks are required to complete fraud investigations vary per EU member state and are ultimately determined by the national laws and regulations of each EU member state.

 In the US, banks are required to complete fraud investigations within 10 business days of the time they are advised of the claim. Banks can request an extension, but in most cases, they will be required to issue a temporary refund to the customer within 10 days. Many banks will issue temporary refunds voluntarily when a claim is filed to keep their customers happy.

 If the result of a bank fraud investigation is inconclusive, who is ultimately liable?


How can fraud victims recover their money?

Fraud victims typically recover their money simply by cooperating with their bank. As noted above, some banks issue temporary refunds to their customers’ accounts as soon as they open a claim. Other banks wait to make a finding or—if their investigation will take longer than 10 days—wait until they request an extension before issuing a temporary refund.

Generally speaking, banks care about their customers’ experience and want to resolve issues relating to suspected fraud as quickly as possible.


How banks can investigate fraud faster and with fewer risks

Fraud investigations can be time-consuming, but they’re necessary to avoid the serious financial and legal risks of undetected criminal activity. Modern technology can simplify the fraud investigation process and help mitigate these risks.

 ZyLAB creates innovative solutions that help all kinds of organizations perform investigations. For example, ZyLAB ONE is an end-to-end eDiscovery platform that works for more than just eDiscovery. ZyLAB ONE allows users to search, review, and analyze data in place, plus it can handle large volumes of data and different types of data easily and efficiently, saving investigators valuable time and money.


Technology can simplify bank fraud investigations

Online banking isn’t going anywhere, and neither is bank fraud. Technology is your best bet when it comes to expediting your bank’s fraud investigation process. It’s a case of fighting fire with fire: just as fraudsters use technology to perpetrate their crimes, banks can detect those crimes by investing in technology of their own.

Schedule a meeting with ZyLAB or book a demonstration today to learn more about ZyLAB ONE and our other investigation solutions.