As bank fraudsters get more professional, fraud losses mount – and have implications beyond local lenders IT departments, even extending to M&A. iStock illustration

As bank leaders expect an increase in instances of fraud and fraud losses, banks and credit unions highlighted how fraud has impacts beyond IT and cybersecurity departments.

Consulting firm Cornerstone Advisors recently reported that the majority of bank and credit union executives it recently surveyed believe that fraud-related losses will increase in 2026.

According to the FBI, there were $338 million in fraud-related losses in 2024.

“It’s become far more insidious, far more professional and far more organized than we’ve ever seen,” Hanscom Federal Credit Union President and CEO Peter Rice said. “They’re not opportunistic criminals; they are full time dedicated to this business.”

Fraud has evolved from stealing checks out of mailboxes to structured groups targeting wallets in the United States, said Beacon Bank Senior Vice President and Fraud Operations and Investigations Manager Erica Bailey.

“I think that the landscape has changed to become something that is just so much larger than I think most people realize,” she said. “It’s driven by these structured criminal networks that operate across borders, and a lot of times they’re involved in other serious activity like drug trafficking and human trafficking and money laundering.”

Frictionless Transactions vs. Security

Part of the explanation for the increase can be tied to the ever-growing importance of digital platforms in serving bank and credit union customers. As institutions look to add more features and create a more streamlined experience online, fraudsters can find new ways to trouble customers.

“Everybody’s trying to find a way to remove friction from the system and that comes with a tradeoff,” Workers Credit Union Chief Revenue Officer Robert Lockett said. “The more friction you remove, the more opportunities that bad actors have to insert themselves, either in the process or actually just create fraudulent activity and fraudulent accounts.”

When frictionless, speedy, transactions can take place, this creates opportunities for fraudsters to strike.

“We have to move money fast and with that haste comes risk,” Rice said. “That’s exactly where the fraudsters play. That’s the zone that they play in. They create a sense of urgency or they infiltrate a situation that is urgent and that’s where your normal risk parameters come down”

This elevated level of fraud isn’t new this year, said Hometown Financial Chief Risk Officer William Beitler, but that doesn’t mean it’s not a passing fad.

“We as an industry have been saying for several years now it’s increasing,” he said. “It’s going to continue to increase, and I think there’s some truth to that, but I think maybe a more accurate way to look at it is that it is elevated and has been for a number of years and is expected to continue to be elevated.”

Smaller Lenders Lean on Vendors

While fraudsters don’t discriminate when it comes to their targets, it does impact different-sized institutions in unique ways. Typically smaller, community institutions have less resources to allocate towards combating fraud and mitigating losses on their own, Lockett said.

Instead, smaller institutions have to lean on a technology vendor’s ecosystem to access better fraud-fighting capabilities.

“You would think that that smaller financial institutions would have a harder time but in some ways if they pick the right vendor who has the resources and the wherewithal and the commitment to maintaining cyber security, they could be ahead of the game over some of the regionals,” Wheeler said. “It all depends on the institution, its commitment to fraud prevention for its members, and the resources available in the vendor relationships that it has.”

Also, considering the large number of customers a regional or national institution might have, these types of lenders can take a higher-level approach to how it handles fraud cases with customers.

When a fraudster strikes, community institutions are able to be more hands-on, Beitler said. This can help solve issues as well as create a positive interaction between the customer and their lender – which can, in turn, lead to future business.

“All banks, even the largest of institutions, also do great training and communication but I just think when you have a little bit more of an intimate customer base, that communication can be a little more tailored and a perhaps a little more frequent,” he said. “I really would point to the partnership among all the institutions, though, because an awful lot of helping customers avoid scams is also the ability to kind of shut them down midstream and that often takes two institutions.”

The M&A Angle

While fraud has a direct effect on IT and Cyber security departments, the effects of fraud losses can seep into other areas of institutions. Increased budget allocations to Fraud departments pulls money away from other areas of institutions and overall can affect balance sheet makeup.

But now, fraud is affecting how institutions view its merger and acquisition strategy.

Sam Lattof

“Before you’d look at the main criteria, the stability of deposits,” Lockett said. “What does the loan portfolio look like? What are the charge offs and so forth but for the past few years, and increasingly so, you have to look at the tech stack of potential acquisition and specifically focusing in on their cyber security and fraud strategies. It goes across a lot of different areas both from a direct impact but also in resources that could have been utilized elsewhere that weren’t able to be.”

Additionally, employees see their time occupied looking to recover fraud losses and seeing if fraud has impacted customer accounts. As fraud gets more complex, employment costs can rise due to the sheer number of employees in fraud departments or the skills that they possess.

“Teams across the organization really feel the pressure and the impact,” Bailey said. “When there’s fraud losses, it really does impact the organization as a whole, and the manpower is another kind of huge piece of that that it takes to mitigate those losses. I’m heavily focused in my area on recoveries, when possible. That is a pretty labor-intensive process.”

For instance, Bailey stated that the typical fraud recovery process can take 90 days. With the increasing cases of fraud – particularly for large institutions – it can take even longer.