The year 2020 will go down in history. That much is certain.
Businesses are acting quickly to revise strategic and operational plans that seemed perfectly valid in January – now almost impossible to imagine, just a few months later.
However, predictions around fraud trends still stand. The opportunistic nature of hackers means that a global crisis can create the perfect breeding ground for fraudulent activity, and with users increasingly seeking solace and communication via digital means, businesses and consumers need to be even more vigilant.
Here’s what we found earlier in the year.
Investment in fraud prevention is on the rise. According to our 2020 Global Identity & Fraud report, 84% of businesses say they are either investing more or maintaining the same budgets when it comes to identity-related fraud prevention. But with a complex digital landscape, rapid changes in consumer behavior, and customer experience playing a central role, how can businesses be sure that they are investing in the right place?
We identified the top 5 global fraud trends to watch out for in 2020:
1. Authorized push (or wire transfer) payment fraud
In the past 12 months, the most common fraud attack encountered by businesses were authorized push or wire transfer payment fraud (41%). Set to continue into 2020, authorized push payment fraud (or APP) is where victims are tricked into authorizing a payment from their own account to another account which is being controlled by a criminal.
Fraudsters can socially engineer consumers or intercept communications, changing key information such as account details, leaving victims believing that they are authorizing a legitimate transaction when in fact they are making a payment into a criminal’s account.
Validation is crucial in tackling APP fraud
Push payment fraud can be prevented with a validation exercise which carries out real-time checks, dramatically reducing the chances of payment fraud and error. It can be used to confirm that the beneficiary of a payment owns the bank account to which a payment needs to be sent to.
As with many fraud prevention methods, one layer of verification is rarely enough so it’s important that techniques like real-time validation sit within a wider fraud prevention and authentication strategy.
2. Account takeover fraud
Next in line is account takeover fraud (37%), which is expected to significantly increase in light of the recent global pandemic. This is when a fraudster gains access to an account that doesn’t belong to them and makes unauthorized transactions, sometimes changing key credentials of the account such as the rightful account owner’s personal information or log-in details. This type of attack often involves phishing attempts to compromise customer data is much more likely in light of various government assistance programs due to the crisis.
In recent years, fraudsters have done a great job of taking over bank login credentials, getting access to a user’s account, then calling that account holder to inform them a fraudulent transfer is being attempted from their account. Since customers know that banks typically send SMS one-time-passwords for customers to verify transactions, the attackers use that layer against the account holder.
Know Your Customer (KYC), Customer Identification Program (CIP), use of passwords and physical biometrics make up the top solutions currently used by businesses to detect and protect against fraud based on regulatory requirements.
Although businesses seem confident in the ability of their existing solutions used to detect and protect against fraud, they are reporting 57% higher losses associated with account takeover fraud, so what’s going wrong?
Businesses must confidently engage customers using holistic and advanced, risk-based identity and device authentication, as well as targeted, knowledge-based authentication that allows good customers to move throughout the process and frustrate fraudsters.
3. Account opening fraud
The third key fraud trend to watch out for in 2020 is account opening fraud. This takes place when criminals use stolen personal information to open new accounts for fraudulent activity such as borrowing money in another person’s name.
Identity verification is often the easiest control to bypass because so much identity data is compromised. Averting account opening risk requires strong identity authentication, proving that the person applying for the account (often digitally) is indeed the legitimate consumer.
Acquiring legitimate customers from the beginning, whilst balancing a seamless customer experience is the challenge businesses face when it comes to account opening fraud.
By improving the application process and identity-based authentication measures, businesses can decrease customer acquisition costs, reduce false positive rates, and save manual reviews for when they’re really needed.
4. Transaction payment fraud
Transactional payment fraud is any unauthorized transaction using stolen payment details or data. Fraudsters involved in this kind of criminal activity can range from small-scale amateurs to large-scale cyber-criminal rings. Criminals access stolen details in many ways, including phishing emails, and even direct contact with the victim.
The key to combatting transactional payment fraud is the ability for businesses to quickly detect irregular activity, and then distinguish between legitimate and fraudulent transactions in real-time.
In transactional fraud, strong fraud machine learning models and pattern and anomaly detection logic are key passive controls, with step-up challenge layers requiring customers to provide additional identity authentication when trying to complete high-risk activities or anomalous transfers.
5. Synthetic identity fraud (also known as fictitious identity fraud)
One of the newest types of fraud, synthetic identity fraud uses a blend of fake information and real data to create brand new fake identities that expert-level criminals use to establish and build up an online credit history. Businesses can invest time and money in chasing people that turn out to not even exist.
Synthetic identity fraud is an insight into the evolving world of fraud, and a reflection of how the criminal world reacts to sophisticated fraud prevention by becoming ever more sophisticated themselves.
The role of advanced analytics
The deployment of robust link analysis that monitors over time the use of identity elements such as name and Social Security/National Insurance, plus many other forms of personal information is paramount in tackling fraud. The ability to detect when identity elements look to be used inconsistently or at high velocities can be an indication of larger identity compromises or synthetics. Businesses should also utilize device intelligence to monitor common access points through which more organized fraud schemes may be occurring.
In some instances, synthetic identity detection scores can also make up identity verification and fraud prevention layers, providing businesses with a separate synthetic identity score with each account opening event. This is because synthetic identity is difficult to detect with traditional verification controls or risk models.
The good news is that the strategy to protect your customers and your business from these different trending types of fraud is similar – organizations need a strong layered series of defenses to both to recognise legitimate customers and to quickly pinpoint attackers if they want to combat fraudsters.