With a growing number of data breaches and evolving fraud tactics, criminals have more data and means to commit fraud than ever before. Because of this, maintaining a competitive edge through online and mobile service offerings, while also protecting against the latest fraud tactics, remains a top priority for financial service providers.
Each year at IDology, we survey anti-fraud practitioners across a variety of industries and share our findings, including current and emerging trends, in our annual fraud report. Our most recent report uncovered a sharp rise in companies observing increasing fraudulent activity in 2017—a 58 percent increase over 2016. We also learned that the ever-shifting tactics used by fraudsters are a growing concern for businesses, with 71 percent of organizations reporting it as their greatest challenge. Another significant challenge faced by businesses is that of delivering a positive engagement experience by minimizing effort and friction. This is especially true for financial services firms in which 48 percent, compared to 40 percent overall, stated reducing friction as a top industry priority.
With increasingly sophisticated fraud tactics and high consumer demand for an efficient and seamless payment experience, how exactly do you stay ahead of a threat landscape while minimizing friction for the consumer?
Understanding the Evolving Fraud Universe
Fraudsters have proven that they never stop looking for the path of least resistance. They’re resourceful and innovative, and continuously modify strategies in order to circumvent fraud controls. Consider the increase in customer-not-present fraud that occurred when EMV®, the technology used to authenticate chip-card transactions, was mandated. Point-of-sale fraud decreased as thieves shifted their fraudulent activity online and away from retail locations. Other customer-not-present environments, such as call centers, also experienced surges, with call center fraud attempts increasing six-fold the year EMV® was implemented.
Where to Start?
The first step in prevention is understanding the different types of fraud that are most prevalent today:
First-Party Fraud – This is fraud committed by an individual or group by opening an account with no intention of payment. While our annual fraud report confirmed that first-party fraud is widespread across numerous industries, it is most prevalent within financial services, with 60 percent of financial institutions reporting it as the prominent source of fraud .
Synthetic Identity Fraud (SIF) – This occurs when a criminal creates a new identity using a mix of real and fake information and opens and builds credit over time then “busts out” with fraudulent withdrawals or purchases. Fraudsters pose as legitimate customers by using both real and fictitious information, such as social security numbers and names, to create identities with which they may defraud financial institutions. Many of these legitimate identities are stolen from children who don’t have credit files and whose parents seldom check it, giving fraudsters plenty of time before the victim realizes their identity has been hijacked.
Like first-party fraud, SIF was most rampant within financial services in 2017, with half of financial institutions reporting it as a major prevalent issue. Fifty-eight percent of companies said they were either “very worried” or “extremely worried” about synthetic identity fraud, due in part to its difficulty to identify and prevent.
Mobile Fraud – Now more than ever, consumers are using their smartphones to shop, check their bank balances and open new accounts. As fraudsters follow consumer trends, they’ve also begun shifting their sights to the mobile channel. Of the businesses surveyed, 54 percent reported an increase in mobile fraud.
Device cloning, in which a fraudster creates a software duplicate of a victim’s phone, was reported as the most frequent form of mobile fraud, followed by automatic number identification (ANI) spoofing.
Account Takeover – An account takeover occurs when a fraudster poses as a genuine customer, gains control of an account and then makes unauthorized transactions. Data breaches and phishing schemes have provided fraudsters with the personal information they need to perform account takeovers. This year it was the third most widespread form of fraud. Organizations saw the prevalence of account takeover increase by 11 percent over last year, with almost half of organizations (49 percent) reporting it as a pervasive issue.
Call Center Fraud – In the last 12 months, 40 percent of businesses saw contact center fraud levels increase.
One tactic used is Caller ID spoofing, which occurs when a fraudster calls into a contact center and appears to be calling from the victim’s number. By nature, unsuspecting customer service agents are trying to provide positive customer service and in doing so, may give up small bits of personal information. Preying on this weakness, fraudsters attempt to trick or “socially engineer” unsuspecting agents into sharing information.
Preventing Fraud While Reducing Friction in 2018
With the right processes and tools in place, it’s possible to facilitate a positive customer experience while preventing fraud. To keep ahead of fraudulent tactics, the following is crucial:
Identity Verification – Verifying a consumer’s identity is continuously becoming more complicated, especially with thin file consumers. Preventing fraud while reducing friction, particularly in the customer-not-present environment, requires a robust, layered identity proofing system. To mitigate risk, you’ll need to employ technology that provides multiple ways to verify a customer by monitoring activity, location and device attributes and dynamically and seamlessly escalates any suspicious case to other methods of verification.
Increased Employee and Customer Awareness – While consumer awareness of fraud tactics has improved, there’s still a long way to go. Fraud can be kicked off by human error or low security awareness and social engineering missteps, such as clicking on a phishing link or being duped into sharing a password over the phone, are still common.
Leverage Mobile– Smartphones are everywhere. With the explosion in mobile payment and banking services, mobile devices are a treasure trove of personal identity information. Forward-thinking businesses are actively investing in ways to utilize mobile attribute data in their identity verification and fraud prevention systems. Attributes such as the tenure of the account, the type of account (prepaid or postpaid), change events (such as SIM swaps) and utilizing direct access to real-time mobile carrier data can all be used to assess customer risk, deter fraud and improve the customer experience.
Effortless, Easy Customer Experience– Fraud prevention and customer retention are closely tied. A rather large challenge reported by businesses is reducing friction in customer interactions. In today’s marketplace, keeping the customer experience easy while at the same time instilling confidence the interaction is safe has become a competitive differentiator. Businesses are constantly balancing the desire to offer a low-effort, simple experience with the need for additional layers to deter fraud.
Streamlining engagements by escalating to additional authentication methods only when necessary, employing “invisible” mobile authentication processes and utilizing smart layers of identity attributes that work together to analyze disparities have become the new benchmark for earning and keeping customers.
Collaborative Fraud Networks – Joining a collaborative network adds an additional layer of protection by sharing data across industries and providing insights into the fraud being experienced by other organizations and making trends easier to spot.
Is there such a thing as being fraud-proof? It’s doubtful, but there are ways to help prevent and significantly lower fraud rates. Fighting fraud today is dynamic and fast-paced, but it’s also manageable with knowledge-sharing among organizations, consumer education and investing in technology and tools that have the ability to evolve more quickly than the threat landscape.
Christina Luttrell is the senior vice president of product, client solutions and marketing for IDology, a leader in multi-layered identity verification and fraud prevention.