Demand Deposit Account (DDA) Fraud and Deposit Fraud Detection

Financial institutions are under increasing pressure to grow deposits and onboard more demand deposit accounts (DDA). But as demand increases, so do fraud attempts from scammers. While a robust mitigation effort is needed to stop fraud, this same effort can also drive away potential clients.

In fact, 37 percent of U.S. adults said that they abandoned opening an account online due to experiencing friction. This leaves institutions in a unique quandary: how do they stop DDA fraud without scaring away potential clients? The answer lies in utilizing robust, machine learning tools that can help you navigate fraud attempts without increasing onboarding friction. 

Chris Ryan, Go to Market Lead for Experian Identity and Fraud, shares his thoughts on demand deposit account fraud and which decisioning tools can best combat it. 

Q: What is a demand deposit account and how is it used?

“Demand deposit is just your basic checking account,” Ryan explains.” The funds are deposited and held by an institution, which enables you to spend those assets or resources, whether it be through checks, debit cards, person-to-person, Automated Clearing House (ACH) — all the things we do every day as consumers to manage our operating budget.”

Q: What is demand deposit account fraud?

“There are two different ways that demand deposit account fraud works,” Ryan says. “One is with existing account holders, and the other is with the account opening process.”

When fraud affects existing account holders, it typically involves tricking an account holder into sending money to a scammer or using fraudulent actions, like phishing emails or credit card skimmers, to gain access to their accounts. There is also a resurgence in fraud involving duplication, theft and forgery of paper checks, Ryan explains.

Fraud impacting the account opening process occurs when scammers originate new DDAs. This can work in a variety of ways, such as these three examples:

• A scammer steals your identity and opens an account at the same bank where you have a home equity loan. They link their DDA to your line of credit, transferring your money into their new account and withdrawing the funds.
• A scammer uses a synthetic identity (SID) to open a fraudulent DDA. They will then use this new DDA to open more lucrative accounts that the institution cross-sells to them.
• A scammer uses a stolen or SID to open “mule” accounts to receive funds they dupe consumers into sending through fake relationship schemes, bogus merchandise sales and dozens of similar scams.

While both types of fraud need to be dealt with, account opening fraud can have especially large repercussions for lenders or financial institutions.

Q: What are the consequences of DDA fraud for organizations?

“Fraud hurts in a number of ways,” Ryan explains. “There are direct losses, which is the money that criminals take from our financial system. Under most circumstances, the financial institution replaces the money, so the consumer doesn’t absorb the loss, but the money is still gone. That takes money away from lending, community engagement and other investments we want banks to make. The direct losses are what most people focus on.”

But there are even more repercussions for institutions beyond losing money, and this can include the attempts that institutions put into place to stop the fraud.

“Preventing fraud requires some friction for the end consumer,” Ryan says. “The volume of fraudulent attempts is overwhelmingly large in the DDA space. This forces institutions to apply more friction. The friction is costly, and it often drives would-be-customers away. The results include high costs for the institutions and low booking rates. At the same time, institutions are hungry for deposit money right now. So, it’s kind of a perfect storm.”

Q: What is the impact of DDA fraud on customer experience?

Experian’s 2023 Identity and Fraud Report revealed that up to 37 percent of U.S. adults in the survey had abandoned a new account entirely in the previous six months because of the friction they encountered during onboarding. And 51 percent reported considering abandoning the process because of problems they encountered.

Unfortunately, fraud mitigation and deposit fraud detection efforts can end up driving customers away. “People can be impatient,” Ryan says, “and in the online world, a competing product is a mouse-click away. So, while it is tempting to ask new applicants for more information, or further proof of identity, that conflicts with their need for convenience and can impact their experience.”

Companies looking for cheap and fast mitigation can end up impeding customers trying to onboard to sweep out the bad actors, Ryan explains.”How do you get the bad people without interrupting the good people?” Ryan asks. “That’s the million-dollar question.”

Q: What are some other problems with how organizations traditionally combat DDA fraud?

Unfortunately, traditional attempts to combat DDA fraud are inefficient due to the fragmentation of technology. Ryan says this was revealed by Liminal, an industry analyst think tank.

“Nearly half of institutions use four-or-more-point solutions to manage identity and fraud-related risk,” Ryan explains. “But all of those point solutions were meant to work on their own. They weren’t developed to work together. So, there’s a lot of overlap. And in the case of fraud, there’s a high likelihood that the multiple solutions are going to find the same fraud. So, you create a huge inefficiency.” 

To solve this challenge, institutions need to shift to integrated identity platforms, such as Experian CrossCore^®.

Q: How is Experian trying to change the way organizations approach DDA fraud?

Experian is pushing a paradigm shift for institutions that will increase fraud detection efficiency and accuracy, without sacrificing customer experience. ”Organizations need to start thinking of identity through a different lens,” Ryan says. 

Experian has developed an identity graph that aggregates consumer information in a manner that reaches far beyond what an institution can create on its own. ”Experian is able to bring the entire breadth of every identity presentation we see into an identity graph,” Ryan says. “It’s a cross-industry view of identity behavior.” This is important because people who commit fraud manipulate data, and those manipulations can get lost in a busy marketplace. 

For example, Ryan explains, if you’re newly married, you may have recently presented your identity using two different surnames: one under your maiden name and one under your married name. Traditional data sources may show that your identity was presented twice, but they won’t accurately reflect the underlying details; like the fact that different surnames were used. The same holds true for thousands of other details seen at each presentation but not captured in a way that enables changes over time to be visible, such as information related to IP addresses, email accounts, online devices, or phone numbers. 

“Our identity graph is unlocking the details behind those identity presentations,” Ryan says. “This way, when a customer comes to us with a DDA application, we can say, ‘That’s Chris’s identity, and he’s consistently presenting the same information, and all that underlying data remains very stable.'” 

This identity graph, part of Experian’s suite of fraud management solutions — also connects unique identity details to known instances of fraud, helping catch fraudulent attempts much faster than traditional methods. ”Let’s say you and your spouse share an address, phone numbers, all the identity details that married couples typically share,” Ryan explains. “If an identity thief steals your identity and uses it along with a brand-new email and IP address not associated with your spouse, that might be concerning.

However, perhaps you started a new job, and the email/IP data is legitimate. Or maybe it’s a personal email using a risky internet service provider that shares a format commonly used by a known ring of identity thieves. Traditional data might flag the email and IP information as new, but our identity graph would go several layers deeper to confirm the possible risks that the new information brings.

Q: Why is this approach superior to traditional methods of fraud detection?

“Historically, organizations were interested in whether an identity was real,” Ryan says. “The next question was if the provided data (I.e., addresses, date of birth, Social Security numbers, etc.) have been historically associated with the identity. Last, the question would be whether there’s known risk associated with any of the identity components.” The identity graph turns that approach upside down. 

“The identity graph allows us to pull in insights from past identity presentations, ” Ryan says. “Maybe the current presentation doesn’t include a phone number. Our identity graph should still recognize previously provided phone numbers and the risks associated with them. Instead of looking at identity as a small handful of pieces of data that were given at the time of the presentation, we use the data given to us to get to the identity graph and see the whole picture.”