Tag: Identity & Fraud

The decisioning landscape is changing rapidly. In parallel to this, digital continues to redefine the customer experience with a big focus on removing friction from the customer journey. Mounting expectations around online customer experience mean that we are seeing a digital transformation both in terms of consumer interaction, and what the businesses are processing in the background. The front and back end are no longer mutually exclusive, and the driving force behind this transformation is digital, and it’s enabled by the cloud. How the pandemic has shifted priorities Before the Covid-19 pandemic took hold, businesses were well on their way to recognizing this. Digitizing more workflows while incorporating a truly customer-centric view was the goal of 2020. A Gartner report shows that in January, priorities for CIOs centered around Cloud and DevOps. This push to shorten the development lifecycle by combining software development and IT operations into a single discipline, alongside demand for Robotic Process Automation, using bots to focus on automating high volume repetitive tasks, were top of the list for businesses. By April, these priorities had changed. Businesses quickly shifted their focus to the pandemic, and with that, the need to enable remote or home working. But Cloud remains firmly within the top three. We look at why cloud-first decisioning remains critical to digital transformation, now more than ever. Why Cloud-first is even more important now Managing cash flow: When a CIO is in the cost optimization mode and trying to conserve cash, scaling back on the use of existing Cloud technology can afford immediate cost savings. Cloud cost for infrastructure of the service, or platform of the service, and even some software of the service is often tied to the business. The less usage, the more savings. When a CIO needs to implement new technologies in 2020, Cloud can offer the most cash flow optimized needs to do so. Less cash is spent upfront to acquire Cloud technology than to buy data center systems or licensed software. Business agility: Cloud technology makes it much easier to keep systems up to date and secure, alongside feature enhancements and new releases. The Cloud minimizes lengthy and costly delivery projects with solutions that can be deployed in weeks, not months and years. Customer journey: Many established market leaders are running digital transformation programs that re-orientate their business away from functional and product silos to focus on customer journeys enabled by Cloud services. Keeping it simple: Simplification is crucial. Simplifying the IT environment with Cloud services that eliminate the need to manage hardware and other infrastructure. Using Cloud-native architecture to support auto-scaling, zero downtime for upgrade. Security is paramount: The challenge to identify and fight fraud by analyzing behavior during the data capture process is ever-present. Software needs to evolve all the time to adapt to threats, and it needs to continuously update with new features to help businesses remain competitive. Businesses need to protect consumer digital accounts from Account Takeover threats while balancing consumer convenience. Cloud-first impacts all layers, from consumer interactions to data sourcing and processing, from fraud detection to identity verification, and at the heart of areas like credit and decisioning. Integrated decisioning, and decisioning that is governed and can be clearly explained to both the auditor and to the regulator is the goal of every business, and it is enabled by the cloud.

“Password Incorrect"Are businesses making progress identifying customers online, or are they continuing to frustrate those customers with archaic identification and authentication methods? Businesses engaging with their customers online walk a precarious tightrope between offering a frictionless experience and securing user accounts against fraud. But with ever-evolving technology, we look at how businesses can get a grip on the changing world of fraud while offering a great customer experience. While easy digital experiences matter to end-users, especially now that any physical customer interaction is temporarily on hold, make no mistake about it: security is the most important factor when it comes to building trust with your customers. In fact, our annual Global Identity & Fraud report, published in February 2020, found that 74% of consumers consider security the most important factor related to their willingness to conduct business online. Moreover, ease of access to their accounts was a close second, with 72% of respondents saying they want less friction and more user-friendly solutions. But keeping track of multiple, complex passwords across hundreds of digital accounts and running a gauntlet of authentication hurdles is the antithesis of what customers want. The Evolution of Identification Businesses that are truly committed to providing customers with a secure and frictionless experience online are moving beyond traditional fraud mitigation methods when it comes to customer identity. They're adding multiple intelligent layers, many of which are completely invisible to end users, to add security and enable the fast, easy access customers expect. Traditional analogue measures, like signature cards and face-to-face interactions with customers by a bank employee, are nearly extinct. Now, like those dinosaurs of the pre-internet world, many digital fraud protection measures are also being rendered obsolete because they just aren't robust enough to confidently identify customers. But technology can help businesses address this disparity. More sophisticated strategies, such as the development of machine learning and artificial intelligence, can provide faster and more accurate authentication – while being less intrusive user experiences. Technology for Trust Thanks in large part to the rapid growth of smartphones and mobile devices, we've seen more sophisticated methods of authentication. One of the most common forms of two-factor authentication today are the nearly ubiquitous one-time passcodes that are sent by email or text. This second layer of authentication ensures that the user is in possession of the hardware being used for access and has access to a confirmed email account or mobile device. A downside of using these codes for verification, however, is that the user has to access email or messaging, which adds friction to the process, and is still not (on its own) immune to fraudsters. There is no one-size-fits-all solution The white knight of trust is a dynamic approach to both identity verification and authentication. To accomplish this, businesses need to layer solutions that provide insight into devices and behaviors on top of traditional two-factor options. Then apply advanced analytics to stop fraud while allowing 99% of customers to breeze through sign-up and ongoing account access. Many of the latest identity authentication controls are 'passive', so customers won't even notice that they are happening, making the customer experience both secure and smooth. Passive authentication can include behavioral risk assessments that compare the device against historical activities from the customer as well as evaluate how the customer is inputting information or navigating the page. This, paired with other measures such as enrolling customers' biometrics and using them for ongoing account accesses, can help ensure a seamless online experience. Looking for the right signals across data sources can quickly flag risk and move the customer through the digital enrolment or login without unnecessary friction. Related articles: Covid-19 as a Gateway to Fraud: Top 5 Global Fraud Trends to Watch Out for in 2020

Awareness is key for both businesses and their workforce when it comes to phishing fraud. But in a world where digital engagement has suddenly ramped up a notch (or ten), it is becoming increasingly difficult to differentiate between what's real and what's not. Mike Gross, Head of Global Identity and Fraud at Experian, recently spoke to Jill Malandrino at Nasdaq Trade Talks about the key things to watch out for when it comes to phishing scams. Here's a round-up of what was discussed: New opportunities for phishing The global pandemic has opened up new routes for phishing scams. Fraudsters are great marketeers in a crisis, and they thrive on people's curiosity. From fake charity organizations claiming to be investing in Covid-19 related treatment to new government support schemes - if it sounds too good to be true, it probably is. Remote working Individuals are now forced to work from home but still have a responsibility to protect customer data. New processes have exposed gaps that fraudsters can exploit as there are typically fewer controls on home networks. Businesses must ensure that the right security is in place for their employees. regardless of the business size. Habits have shifted, and so have the fraudsters The pandemic will change the way we operate forever - how businesses enable remote workers, how consumers interact with commerce and how kids learn today - this is impacting our lives on the social side as well as the work side. Fraud will follow suit. Reacting to the crisis with a layered defense Phishing has dramatically increased, but phishing itself doesn't cause losses. It's the gaps in the controls - organizations may not have proper layered controls in place to defend themselves against these more sophisticated, or multi-channel attacks - that's what leads to the increases in losses. No one had a chance to prepare for this crisis - everything is different now than it was a month ago, from customer service, online demand, a flood of certain types of applications - businesses are not set up for the scale of demand. Listen to the full interview

The year 2020 will go down in history. That much is certain. Businesses are acting quickly to revise strategic and operational plans that seemed perfectly valid in January – now almost impossible to imagine, just a few months later.   However, predictions around fraud trends still stand. The opportunistic nature of hackers means that a global crisis can create the perfect breeding ground for fraudulent activity, and with users increasingly seeking solace and communication via digital means, businesses and consumers need to be even more vigilant.       Here’s what we found earlier in the year. Investment in fraud prevention is on the rise. According to our 2020 Global Identity & Fraud report, 84% of businesses say they are either investing more or maintaining the same budgets when it comes to identity-related fraud prevention. But with a complex digital landscape, rapid changes in consumer behavior, and customer experience playing a central role, how can businesses be sure that they are investing in the right place? We identified the top 5 global fraud trends to watch out for in 2020: 1. Authorized push (or wire transfer) payment fraud In the past 12 months, the most common fraud attack encountered by businesses were authorized push or wire transfer payment fraud (41%). Set to continue into 2020, authorized push payment fraud (or APP) is where victims are tricked into authorizing a payment from their own account to another account which is being controlled by a criminal. Fraudsters can socially engineer consumers or intercept communications, changing key information such as account details, leaving victims believing that they are authorizing a legitimate transaction when in fact they are making a payment into a criminal's account. Validation is crucial in tackling APP fraud Push payment fraud can be prevented with a validation exercise which carries out real-time checks, dramatically reducing the chances of payment fraud and error. It can be used to confirm that the beneficiary of a payment owns the bank account to which a payment needs to be sent to. As with many fraud prevention methods, one layer of verification is rarely enough so it's important that techniques like real-time validation sit within a wider fraud prevention and authentication strategy. 2. Account takeover fraud Next in line is account takeover fraud (37%), which is expected to significantly increase in light of the recent global pandemic. This is when a fraudster gains access to an account that doesn't belong to them and makes unauthorized transactions, sometimes changing key credentials of the account such as the rightful account owner's personal information or log-in details. This type of attack often involves phishing attempts to compromise customer data is much more likely in light of various government assistance programs due to the crisis. In recent years, fraudsters have done a great job of taking over bank login credentials, getting access to a user's account, then calling that account holder to inform them a fraudulent transfer is being attempted from their account. Since customers know that banks typically send SMS one-time-passwords for customers to verify transactions, the attackers use that layer against the account holder. Know Your Customer (KYC), Customer Identification Program (CIP), use of passwords and physical biometrics make up the top solutions currently used by businesses to detect and protect against fraud based on regulatory requirements. Although businesses seem confident in the ability of their existing solutions used to detect and protect against fraud, they are reporting 57% higher losses associated with account takeover fraud, so what's going wrong? Businesses must confidently engage customers using holistic and advanced, risk-based identity and device authentication, as well as targeted, knowledge-based authentication that allows good customers to move throughout the process and frustrate fraudsters. 3. Account opening fraud The third key fraud trend to watch out for in 2020 is account opening fraud. This takes place when criminals use stolen personal information to open new accounts for fraudulent activity such as borrowing money in another person's name. Identity verification is often the easiest control to bypass because so much identity data is compromised. Averting account opening risk requires strong identity authentication, proving that the person applying for the account (often digitally) is indeed the legitimate consumer. Acquiring legitimate customers from the beginning, whilst balancing a seamless customer experience is the challenge businesses face when it comes to account opening fraud. By improving the application process and identity-based authentication measures, businesses can decrease customer acquisition costs, reduce false positive rates, and save manual reviews for when they're really needed. 4. Transaction payment fraud Transactional payment fraud is any unauthorized transaction using stolen payment details or data. Fraudsters involved in this kind of criminal activity can range from small-scale amateurs to large-scale cyber-criminal rings. Criminals access stolen details in many ways, including phishing emails, and even direct contact with the victim. The key to combatting transactional payment fraud is the ability for businesses to quickly detect irregular activity, and then distinguish between legitimate and fraudulent transactions in real-time. In transactional fraud, strong fraud machine learning models and pattern and anomaly detection logic are key passive controls, with step-up challenge layers requiring customers to provide additional identity authentication when trying to complete high-risk activities or anomalous transfers. 5. Synthetic identity fraud (also known as fictitious identity fraud) One of the newest types of fraud, synthetic identity fraud uses a blend of fake information and real data to create brand new fake identities that expert-level criminals use to establish and build up an online credit history. Businesses can invest time and money in chasing people that turn out to not even exist. Synthetic identity fraud is an insight into the evolving world of fraud, and a reflection of how the criminal world reacts to sophisticated fraud prevention by becoming ever more sophisticated themselves. The role of advanced analytics The deployment of robust link analysis that monitors over time the use of identity elements such as name and Social Security/National Insurance, plus many other forms of personal information is paramount in tackling fraud. The ability to detect when identity elements look to be used inconsistently or at high velocities can be an indication of larger identity compromises or synthetics. Businesses should also utilize device intelligence to monitor common access points through which more organized fraud schemes may be occurring. In some instances, synthetic identity detection scores can also make up identity verification and fraud prevention layers, providing businesses with a separate synthetic identity score with each account opening event. This is because synthetic identity is difficult to detect with traditional verification controls or risk models. The good news is that the strategy to protect your customers and your business from these different trending types of fraud is similar - organizations need a strong layered series of defenses to both to recognise legitimate customers and to quickly pinpoint attackers if they want to combat fraudsters. New research available: The global impact of Covid-19 on businesses and consumers - September/October 2020  

Birger Thorburn reviews the effectiveness, efficiency and evolution of the password. He examines current challenges facing business' current online authentication security measures.

In this podcast episode of Insights in Action we talk to David Britton, VP of Global Identity & Fraud at Experian Decision Analytics, about how businesses worldwide are driving towards a more consumer-centric approach in both their operations and structure.