With bank fraud at an all-time high, the Kentucky Banking Association is enlisting Central Bank’s head of security to help other banks learn what to look for.
Shane Ensminger, director of Central Bank’s Fraud Intelligence and Security Unit, will head up KBA’s new Fraud Academy — a course for Kentucky banks to learn not only what are the biggest threats facing banks currently but also how to combat them.
Since 2019, Ensminger has offered a similar course to Central Bank employees. In August, Ensminger will lead a “first of its kind” two-day class to help bank employees identify and fight fraud at all their respective banking institutions.
“Fraud is rampant, but we’ve proven through this program more can be done to help prevent it,” Ensminger said.
“This program goes beyond the level of education required by regulations, and we do a deep dive into fraud detection and prevention. Our goal is for graduates to walk away with knowledge they can truly put to use and that they can share with others at their bank.”
The program will feature speakers from the U.S. Secret Service, federal attorneys and law enforcement experts, covering everything from check fraud to cybercrimes.
Ensminger said they hope to open the program to other businesses in the fall through a series of Lunch and Learn sessions.
Currently, Ensminger said, the biggest area of fraud is with checks.
“The biggest losses banks nationwide are taking right now are counterfeit check fraud,” he said. “It’s a legacy payment method that’s as old as banks are ... It’s something we’ve got to get rid of eventually as an industry because it’s ripe for crime and the fraudsters know it.”
And the level of fraud with checks is on the rise. For example, according to the Cybersecurity Research Group at Georgia State University, the volume of stolen checks available for sale on the dark web has risen 1,654% from about 114 checks per week in the fall of 2020 to approximately 2,000 checks per week in 2022.
While debit and credit cards are now chip-enabled, he said, checks are easily manipulated. He said that fraudsters sometimes take an existing check and change the payee or simply add a zero to change the amount – say from $1,000 to $10,000. However, he said some systems within banks like Central Bank protect businesses from losing money through check fraud.
“One of the things we o er to our business customers is a product called Positive Pay,” he said. “It’s a program where if a business is sending out checks to their vendors or their payroll, ... they just upload them into the Positive Pay system, which is linked to their account. When the checks get cashed, whether at a Central Bank location or another bank, the system will say to accept or not accept the check because it matches exactly what the issuer of the check put into the system. If it doesn’t match, it doesn’t get cashed.”
Even with the security protections put in place by banks for credit cards, there is still fraud with credit card transactions, he said. Bank card issuers and banks work together to prevent credit card fraud.
“There is more control over cards because of the chip ... but there is still a network that transaction is running through and software that’s reviewing it,” he said. “Between Visa, Mastercard, Discover and American Express ... their networks are looking for anomalies and indicators of fraud. Banks are doing their own thing as well.”
Transactions on cards are verified and run through algorithms to determine if they are anomalous and require further inquiry, he said.
As part of the Fraud Academy, Ensminger said they will educate banks on other things like wire fraud and card skimming, he said, going so far as to show bankers what card skimming looks like.
At Traditional Bank, another form of fraud comes through cyber threats, Asa McCracken, a spokesperson for the bank, said.
“We employ a wide range of tools to defend against cyber threats,” he said. “Machine learning, advanced threat protection, advanced encryption, multifactor authentication, and training and educating our staff are tools we use to protect against malicious actors. The cyber threat landscape is ever-changing but social engineering, e-mail scams and ransomware are persistent threats that pose a risk to anyone doing business over the internet.”
Having those security measures in place can create headaches for customers, McCracken said, but the benefits are worth it.
“Having multiple layers of security ultimately provides the best protection,” he said. “We know that security can be inconvenient, so we work hard to find the right balance between adding layers of security and ensuring a smooth, safe experience for our customers.”
For some areas of fraud, like elder fraud, educating customers is one of the most important ways to fight it, he said.
“We work hard to provide consistent education to our customers and community members on various fraud topics in an effort to help keep their money safe and provide peace of mind,” he said. “Elder financial exploitation is an area where education and communication are extremely important. We train our staff to identify and respond to potential exploitation and work with our partners in law enforcement to protect those impacted by this crime.”
Ensminger agreed. While banks and businesses bear the brunt of most financial fraud, sometimes customers do too. But banks have tools in place to protect their customers, he said.
“Unless the customers are complicit with the crime or totally negligent, they’re never taking the loss — they’re protected,” he said. “Almost every bank now offers protection tools to the customer like purchase alerts ... Still, it’s about a 25% adoption rate of all the tools that customers have available to them. We are working harder to educate the customer base to use what the banks offer.”