Financial services and online marketplaces are both facing rapidly shifting fraud landscapes. Over the past couple of years, we’ve seen exponential increases in digital and online payment fraud. Synthetic identity fraud is the fastest growing financial crime in the US. There’s also fear that deepfakes could wreak havoc across the entire fraud landscape.
These are signs the foundation of traditional fraud management is fracturing. Pressure is building for a serious “fraud earthquake”. And everything is heightened by the dramatically accelerated movement to digital channels due to the Covid-19 pandemic.
To navigate the shifting ground and avoid potentially tectonic shocks to your business, it’s important to understand the interrelationship between identity, fraud and trust. In Mitek’s latest white paper, Fraud Trends and Tectonics, I write about how fraud is affecting companies in financial services and online marketplaces more than ever, and immediate solutions each industry can implement to strengthen their foundation.
Earthquakes don’t just affect the real world. Online, fraud causes digital earthquakes that are happening more each day. For instance, P2P fraud saw a 733 per cent increase from 2016 to 2019; account takeovers increased 72 per cent from 2018 to 2019 and 2019 alone had 5,183 data breaches of 7.9 billion exposed records.
And sometimes, earthquakes can be so small no one knows it’s happening. With digital fraud today, the full financial damage may be even greater than we notice. Some studies suggest that for every dollar online merchants lose to fraud, they absorb three times that amount in chargebacks, merchandise replacement and other related expenses. For financial services, it’s been estimated fraud accounts for more than 20 per cent of credit losses, and up to 10 per cent of bad debts may actually be fraud masquerading as delinquencies. And since these estimates are based on studies now several years old, today’s percentages are likely considerably higher… and building to a bigger, more damaging earthquake.
What’s causing this strong movement in fraud trends? Proliferation of digital channels and accounts, massive data breaches, and advanced technology such as AI are all contributing factors. With easy access to abundant consumer data, computational power and tools, fraudsters have equal footing with the good guys and can now easily take over or create legitimate accounts. They look and act like real customers until the moment they strike big.
Identity, fraud and trust
Online marketplaces and financial services, including fintechs, have largely employed defences called “point solutions”. Many fintechs and online marketplaces minimise identity verification at account origination, accepting identities from other digital platforms and services, or perhaps running some background authentication processes. The effectiveness of these defences is diminishing as digital identity becomes the master key criminals use to open doors. Here’s how identity fraud is used to enact new account fraud and account takeover fraud – two of the most noteworthy fraud trends happening as you read this.
New account fraud
Synthetic identities (fake, made-up, stolen or modified personal identifying information hacked from databases or bought dirt-cheap on the dark web) have enabled the rapid rise in new account fraud.
Fraudsters get into new bank accounts, bide their time until they can achieve maximum advantage, then “bust out” and disappear. In online marketplaces, synthetic identities are used for purchases using stolen payment cards or person-to-person (P2P) accounts. Opening accounts for dozens of non-existent individuals, fraudsters take advantage of new customer promotions.
To strengthen foundations against new account fraud companies should always consider and evaluate the information received, put in measures to help applicants put their real face forward and adopt new models for today as traditional analytic models aren’t effective against the new synthetic identity threat.
Account takeover fraud
Research cited in Fraud Trends and Tectonics shows account takeover fraud (ATO) is rising. Part of the reason? It is easier for fraudsters to intrude on an existing account than to open a new one. The potential rewards may be greater, the payoff quicker and – because an established, trusted relationship might be subject to minimal fraud controls – the risks lower.
Companies should strengthen their foundation against account takeover fraud by using physical biometrics where possible, expanding user profiling for passive checks, investigating machine learning and AI to spot unusual behaviour and using active methods such as two-factor authentication. Some companies could routinely invoke identity verification whenever a dormant account suddenly becomes active, for high-value transactions or when passive analytics indicate elevated fraud risk.
Financial services and online marketplaces can learn from each other
Financial services and online marketplaces are using different tools to try to tell the difference between the typical behaviours of legitimate customers and fraudsters. But fraudsters have access to the same technology as the rest of the world, and they’re using it to get better and better at imitating normal behaviour. Financial services and online marketplaces both have strengths, but at the same time, both can better defend their customers, platforms, brand reputations and financial stability if they learn from each others’ experiences and best practices.
For instance, let’s look at what at what banks, fintechs and marketplaces can teach one another about fighting digital fraud. Traditional banks have strong fraud teams with well-established procedures for investigating suspicious transactions, communicating with customers and processing chargebacks. In fintechs, fraud management may be tucked under platform security or assigned to the group responsible for customer experience. For better control, fintechs could break out focused fraud teams, while retaining communication and collaboration between all these functions. Traditional banks usually have separate operations for lines of business and functions such as account origination and customer management which have created siloed systems and data that impede fraud visibility and defences. They could rise above silos with new technologies that access and combine data from multiple internal and external sources. On the other hand, digital-first organisations such as online marketplaces and fintechs have set up their operations to support seamless customer journeys across an expanding array of products and lines of business. That gives them good visibility into varied fraud attempts and complex multi-step schemes.
Strengthen your foundation before the next fraud earthquake
Digital transformation is accelerating and changing how we pay our bills, manage our finances, shop, work and play. So is growth in the intertwined crimes of identity theft and fraud, threatening the foundational trust consumers need to have in the digital platforms and services that are becoming the fabric of our lives.
You can’t predict an earthquake, but you can prepare for them. To avoid this potential upheaval to digital transformation and the benefits it brings, businesses are beginning to adopt a unified approach to identity verification and fraud management. Point solutions are being expanded into comprehensive defences across customer journeys.
Financial services and online marketplaces, at the forefront of digital transformation, are prime targets for intensified fraud. Both have key pieces of evolving solutions for countering the rising threat – the rest they can learn from each other.
Click here for the Best of Both infographic taken from Fraud Trends and Tectonics. You’ll find more details on how companies in online marketplaces and fintechs fight fraud today, but important practices they can learn from one another.
Or visit Miteksystems.com for more information.
By Sanjay Gupta, Global Head of Product and Corporate Development, Mitek