Fraud & Identity

Fraudsters Playing the Long Game with Synthetic Identity Fraud

Between social unrest across the globe, the lingering pandemic, and the digital transformation brought on by the health crisis, the fraud landscape has expanded dramatically for businesses and consumers alike. According to Experian’s latest global identity and fraud report, 93% of U.S. companies have mid-to-high concern for fraud, and 81% say that their worries about fraud have increased over the past 12 months. Monitoring unused or dormant accounts for fraud is often a warning directed at consumers. However, it’s now advice an increasing number of businesses are wishing they’d followed, as growing synthetic identity (SID) fraud is fueling a dramatic increase in losses—SID related charge-offs ballooned to $20 billion in 2021 alone, according to the Federal Reserve Bank of Boston. The threat of SIDs SIDs are made to look like an actual consumer, combining both real and fake data to form a new composite identity. They typically evolve using a combination of tactics that include: Identifying and creating relationships with businesses that have a high tolerance for identity discrepancies. These include businesses whose products expose the business to low fraud risk and/or products offered to market segments where identity verification is expected to be challenging. Either of these enable an SID to be planted among consumer data sources. Attaching the SID to existing accounts and relationships that belong to other consumers. Often these existing accounts were established by collusive criminals or by using other SIDs, but there are also ways for legitimate consumers to collect ‘rent’ in exchange for adding other consumers to existing accounts. Either approach improves the SID’s appearance of credit worthiness. Progressively building the SID’s independent ability to access larger and larger amounts of credit until they spend quickly and default on all obligations, leaving no one for the victimized businesses to pursue. “They’re difficult to identify because of the combination of real and fake data and because there’s no actual victim reporting an identity theft. As a result, businesses typically have trouble separating SID losses from credit losses,” said Chris Ryan, Experian’s go-to-market lead for fraud and identity. “SID fraud isn’t committed haphazardly.  It’s carefully planned and executed—and it adapts to policy changes. Some businesses change their underwriting policy or focus on early-lifecycle account activity like purchases, payments, and requests for additional credit to reduce SID losses that occur immediately after an account is opened. SIDs can adapt to this. If six months of responsible account behavior earns a credit line increase or the ability to spend large amounts in a single billing cycle, the perpetrators are willing to wait,” Ryan said. “It’s something businesses and lenders need to be on guard for, especially with the fast-paced holiday shopping season ahead,” he said. Addressing SIDs Solving the increasingly complex problem of SID fraud requires a thoughtful approach. The institutions seeing success at preventing multi-faceted fraud are using a layered approach to identifying and mitigating fraud. Here are three steps lenders can take today to prevent SID fraud across your portfolio: Use data and analytics that extend beyond credit to evaluate identities and their histories more completely. Apply those analytics across the lifecycle from marketing and origination to portfolio management recognizing that SID risk is not restricted to a single lifecycle stage. Have a rigorous verification process that escalates to document verification or the Social Security Administrations Electronic Consent Based SSN Verification (eCBSV) process For more information on how you can leverage a multi-layered approach to fraud in your business, visit our fraud and identity solutions hub or request a call to discuss customizing a solution for your company.

Published: September 14, 2022 by Jesse Hoggard
The Future of Fraud: Caught in a Bad Romance (Scam)

Reports of romance scams have spiked in the past two years, partly due to the rise in popularity of online dating and social apps while Americans were isolated at home. With more consumers looking for love online, fraudsters have jumped on the chance to build intimate, trusted relationships without the immediate pressure to meet in person. And these shams seemingly paid off: from January 1 to July 31, 2021, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center received over 1,800 complaints related to an online romance scam, resulting in losses of approximately $133 million. These romance scams carry financial and security risks that impact both the targets of the fraud and the businesses with which they interact. Experian predicts that romance scams will continue to rise in 2022, leaving consumers and businesses vulnerable to attacks and theft. What is a romance scam? According to the FBI, a romance scam occurs when “a criminal adopts a fake online identity to gain a victim's affection and trust." Typically, fraudsters seek out their marks in dating or socializing settings, such as online apps, and strive to build intimacy and trust as quickly as possible. To avoid suspicion, they may claim that they travel frequently for work or give other excuses about why they can't meet in person. Their attentions are in the context of love and dating, so it's not uncommon for romance scammers to offer marriage proposals or other commitments to intensify the relationship, but the whole point of this fraud is to get their targets to send money. Sometimes fraudsters simply ask for a “loan" to cover medical expenses, an unforeseen shortfall or even travel costs to see the victim in person. Other times, they might ask for gifts or gift cards. Requests for money ­– whether through direct deposit, gift cards or credit card payments – are all red flags. Increasingly, romance scammers have tried to lure people into investment deals, including cryptocurrency. Romance scams predate the internet by centuries, but the emergence of digital technologies has made them easier to accomplish – and easier to get away with, too. Romance scams are increasing In 2020, there were around 44 million users of online dating services in the United States and this increased to 49 million users in 2021, according to Statista Research Department. By 2022, two years into the COVID-19 pandemic, that number jumped to more than 50 million, and it's projected to rise to 53.3 million by 2025. More users mean more potential targets. According to the Federal Trade Commission (FTC), romance scams hit a record high in 2021, with consumers reporting $547 million in losses that year ­– up 80 percent from 2020. The median individual loss reported to the FTC from romance scams was $2,400. With the help of modern technologies, romance scammers have added new tactics to their grift. For example, in addition to usual requests for money, a target might be asked to participate in bogus investment schemes involving cryptocurrency. In these cases, the median loss was $10,000. According to the FTC, romance scammers have conned Americans out of an estimated $1.3 billion over the past five years. Worryingly, romance scams also present a serious data risk. Damage could spread beyond financial losses into even more hazardous territory if the scammer can gain access to a target's personally identifiable information (PII) or financial data. In these cases, fraudsters might engage in identity theft to create new accounts or take over existing ones. Breaking up with romance scammers Businesses may not be susceptible to the lure of love, but they're still vulnerable when it comes to the fallout from romance scams. Companies must ensure they have a layered solution that seamlessly recognizes returning customers, while monitoring for indicators that the user presenting an identity is not actually the owner of that identity. Some warning signs include logins from a new IP address nowhere near the user's registered physical address; unusual types or frequencies of transactions; and the addition of a suspicious new authorized user to a credit card account. Businesses also have access to fraud prevention help. Using vast data resources, decades of identity and credit risk management, consumer-permissioned data and industry-leading analytics, Experian enables businesses to detect and prevent fraud by identifying credible customers. This empowers businesses to apply the appropriate amount of friction to each interaction to protect their customers, their data and themselves. To learn more about how Experian is assisting businesses with their fraud prevention efforts, visit us or request a call. And keep an eye out for additional in-depth explorations of our Future of Fraud Forecast. Future of Fraud Forecast Fraud Prevention

Published: August 18, 2022 by Guest Contributor
State and Local Agencies Shift to Digital Modernization

Experian’s identity, verification, and fraud solutions can help government agencies of all sizes on their journey to digital modernization.

Published: August 4, 2022 by Guest Contributor
Three Key Tips for Increasing Payment Authorization Rates

Online transactions face a higher chance of being declined because face-to-face transactions come with a higher degree of confidence. Businesses who fail to address this problem run the risk of losing the customer permanently, damaging their reputation and bottom line. What can e-commerce marketplace merchants do to increase the approval rate of online payments without making fraud worse? Here are three tips: 1. Broaden access to data beyond what’s in the authorization stream. Merchants use a variety of solutions to prevent fraud and verify identities, but typically use very limited data to approve a transaction through the authorization stream between a merchant and issuer. The issuing bank often only compares the purchase data to the address listed on the card owner’s account, which can create discrepancies when a customer is trying to send an order to an alternate address from their primary home. That’s why it’s important for merchants to augment their decisioning with additional data sources to help inform the true customer risk profile. 2. Leverage capabilities that can assess risk for both the transaction and the individual behind it. Today, merchants leverage limited data including email address data, device information and other technologies in silos to augment their address verification capabilities. The challenge with these tools is that each judge the risk of a specific component of the transaction or the individual. Where integration is lacking, false positives are amplified. 3. Collaborate and share expertise and data across merchants and issuers. How can Experian help? Leveraging our multidimensional data, technical expertise and advanced analytics capabilities, we can help businesses frictionlessly authenticate valid customers, thus increasing revenue by increased approval rates, without increasing fraud or operating expenses. Only Experian Link™, our frictionless credit card owner verification solution can associate payment card with its owner. This solution combines Experian’s vast data assets – including over 500 million credit card account numbers on file in the U.S. across 250 million consumers – with our advanced analytics capabilities to match and assess the risk of the identity attributes presented to the merchant to the identity attributes contributed by the credit card’s issuer and to Experian’s network of credit and identity inquiries. The result: Experian Link’s patent-pending REST API simply and frictionlessly improves a merchant’s customer experience and helps increase revenue while reducing their fraud and operating expenses. Get started with Experian Link™ now. Experian Link

Published: July 31, 2022 by Kim Le
Unnecessary Friction in Card-Not-Present Fraud Prevention Efforts

Experian Link helps businesses remove unnecessary friction from card-not-present transactions by authentication consumer identities.

Published: July 31, 2022 by Kim Le
The Financial Consequences of False Declines

A false decline is a legitimate transaction that is not completed due to suspected fraud or the friction that occurs during verification. Read more.

Published: July 31, 2022 by Kim Le
Consumer Data is Key to Digital Identity and Personalization  

“As an industry, fintech is known for creating compelling and personalized online journeys. But that experience can suffer if the fraud-prevention routines are perceived as burdensome by consumers,” said Kathleen Peters, Chief Innovation Officer for Experian’s Decision Analytics business, in a recent Q&A article with Finovate.  With the proliferation of the digital world, managing digital identity and “getting it right” is crucial. However, as much as it is an opportunity, leveraging consumer identity data can also create a stumbling block for some organizations. Peters cited Experian’s annual Global Identity and Fraud Report, specifically, the consumer concern around online security and the need for industry players to find the right balance between security and a frictionless experience.  “In short, we need the right fraud-prevention treatment for the right transaction; it is not a one-size-fits-all exercise,” Peters said.  The interview also covered the importance of knowing a customer’s identity for compliance reasons and business use cases, dispelling the myth that banks’ efforts around personalization are considered “creepy” by consumers, and the best ways for banks and fintechs to build trust among their consumers.   According to Experian’s Global Identity and Fraud Report, consumers are willing to give entities they trust more data, particularly if they feel they are receiving value. And it’s undeniable that data is at the heart of personalization and building better relationships.  “It comes down to identifying and understanding consumers and their needs. The best way to do that is with a lot of data,” Peters said.  To read the full article, visit Finovate’s website.  Finovate: Experian CIO on Digital Identity, Personalization and Building Trust with Consumer Data  Learn more about Experian Identity

Published: July 21, 2022 by Stefani Wendel
Leveraging a Fraud Solution

With the right technology, it’s possible to implement a layered fraud solution that provides protection and enhances the consumer journey.

Published: June 29, 2022 by Guest Contributor
The Rise of Data Portability Intensifies the Importance and Challenge of Digital Identity

“Businesses are managing vast and growing amounts of consumer data – all while ensuring consumers’ privacy and complying with complex government regulations.” This is one of the many reasons there’s an increasing need for innovative digital identity solutions, as explored in a in Axios in a new Experian advertorial. Experian Identity, an integrated suite of identity solutions, products, and services, solves for challenges presented by the continuing migration of consumers to the internet and the resulting growth of consumer data. Leveraging that data stemming from diverse sources and combining it with advanced technologies, is critical to better determining and understanding a company’s best marketing prospects, as well as making confident decisions that enhance and safeguard the consumer experience. How? By leveraging multidimensional data and adhering to all consumer protection laws and industry self-regulatory standards, businesses can best recognize and connect with their consumers in more personalized, meaningful and secure ways. The Axios article discusses the benefits of Experian Identity, including strengthening fraud detection, solving for identity resolution, and helping to uncover business opportunities through segmenting, targeting and engaging consumers. “While today’s consumers are intensely interested in protecting their personal data and identities, they also want to be recognized and understood by the companies they do business with,” said Kathleen Peters, Chief Innovation Officer of Experian Decision Analytics, in the article. Read more about how Experian’s identity solutions helps businesses stay relevant with audiences, create a positive consumer experience, and meet people’s desire to be recognized in Axios’ new article. AXIOS: Making identities personal Learn more about Experian Identity

Published: June 27, 2022 by Stefani Wendel
Fintech Nexus USA 2022: Experian Perspectives on Fraud and BNPL

Experian recently attended Fintech Nexus USA, formally known as LendIT Fintech USA, to discuss fraud prevention and BNPL. Read more!

Published: June 27, 2022 by Kara Nieberlein
Experian’s 2022 Global Identity and Fraud Report

Experian's 2022 Global Identity and Fraud Report explores consumer expectations and preferences and effective risk mitigation strategies.

Published: June 23, 2022 by Guest Contributor
The Latest NetDiligence CyberRisk Summit Goes “Beyond the Arrest”

At the NetDiligence CyberRisk Summit, experts shared their thoughts on the role of U.S. cyber law enforcement and oversees intelligence.

Published: June 21, 2022 by Michael Bruemmer
Addressing the Ransomware Problem

In the first six months of 2021, there was $590 million in ransomware-related activity, which exceeds the value of $416 million reported for the entirety of 2020 according to the S. Treasury's Financial Crimes Enforcement Network. Constant economic pressure coupled with the ever-increasing volume of data online have created an environment that’s ripe for attacks, leaving businesses and consumers vulnerable to attacks and theft. What are ransomware attacks? Ransomware is a subset of malicious software, AKA malware, that either threatens to publish or block access to data or a computer system. It often takes the form of a cyberattack where criminals take over an organization’s computer network. Once they’ve assumed control, the hackers demand a ransom to restore access to the illicitly encrypted data. Additionally, ransomware attacks and data breaches are now becoming more closely linked, with sensitive data including employees’ personal information, HR records, and more being filtered out and distributed during or after the attack. In fact, Experian has found that 7 of 10 data breaches involve ransomware. The negative impact of ransomware attacks According to the Identity Theft Resource Center, the average ransom demand in 2021 was $5.3 million, a 518% increase from the 2020 average. Experian’s latest Data Breach Response Guide found that businesses were hit with ransomware attacks every 11 seconds in 2021. These attacks also take up to 20% longer to begin breach notifications, leaving businesses even more vulnerable. In addition to the monetary loss and the time spent responding to and recovering from the attack, businesses also stand to suffer reputational damage, because consumer sentiment is that companies are responsible for protecting data. Having a plan in place makes a sizeable impact though, with 90% of consumers being more forgiving of companies that had a response plan in place prior to a breach. How to protect against ransomware attacks Experian’s 2022 Future of Fraud Forecast predicts that ransomware will be a significant fraud threat for companies as fraudsters will look for a sizeable ransom to cede control and potentially steal data from the hacked company. Preparing for the possibility of an attack includes training your staff to spot the signs of a phishing attempt, having a response plan in place, and leveraging partner solutions. To learn more about how Experian helps businesses protect against the fallout of a ransomware attack, visit us, and be sure to read about our other Future of Fraud predictions about cryptocurrency and Buy Now, Pay Later fraud. Request a call Future of Fraud Forecast

Published: June 6, 2022 by Guest Contributor
The New World. Every Minute Counts.

Our latest Data Breach Response Guide is an in-depth preparedness page-turner with predictions, trends, and real-world insights.

Published: May 24, 2022 by Michael Bruemmer
Beware of Cryptocurrency Scams

Cryptocurrency scams are on the rise as digital currencies gain popularity. The decentralized nature of these currencies makes them equally attractive to both legitimate consumers and fraudsters. Businesses may find themselves in a difficult position as they seek to prevent cryptocurrency-related fraud and help protect consumers. What are cryptocurrency scams? Cryptocurrencies are virtual currencies often based on and secured by blockchain technology. However, this does not always translate into security for the individual consumer. Many individuals fall victim to either cryptocurrency investment scams or cryptocurrency theft. Cryptocurrencies are not yet well-regulated or backed by a sovereign entity, leaving consumers open to threats when purchasing funds. The deregulated nature of the currencies makes it easy for scammers to build what appear to be legitimate cryptocurrency projects before disappearing, similar to pump-and-dump stock schemes. Additionally, scammers will perpetrate romance or other relationship-based scams and convince the victim to send them funds in cryptocurrency form. Cryptocurrency theft follows a few traditional fraud patterns: The fraudster may use phishing or social engineering to steal credentials. A crime ring might leverage malware or keystroke loggers to do the same thing. A scammer might present a “reward” to an unsuspecting consumer and require access to their wallet in order to “gift” the reward. Scammers consistently find new ways to trick unsuspecting consumers, including a recent scam relying on QR codes to steal funds converted to cryptocurrency via an ATM. Other common scams utilize imposter websites, fake mobile apps, bad tweets, or scamming emails to steal information and funds. The impact of scams on consumers According to the FTC, investment cryptocurrency scam reports have skyrocketed, with nearly 7,000 people reporting losses totaling more than $80 million from October 2020 to March 2021, with a media loss of $1,900. In 2020 the Better Business Bureau Scam Tracker Risk Report ranked cryptocurrency scams as the seventh riskiest. In 2021, they jumped to the second riskiest scam. In Michigan alone 31 cryptocurrency scams were reported from January 2020 to March 2022, with reported loses from $350 all the way to $41,000. The impact of scams on businesses While the true impact of cryptocurrency scams on businesses is hard to measure, it’s easy to identify several areas for concern. First is the opportunity for the theft of personally identifiable information (PII) during a fraudulent cryptocurrency transaction. Once fraudsters have stolen funds, they may also funnel them through a legitimate business and turn them into a regulated form of currency for easy of use. Businesses with legitimate cryptocurrency interactions may also suffer from spoofed apps or websites, causing reputational damage when consumers are taken in by a scam. Preventing the fallout from scams As companies debate accepting cryptocurrency as a form of payment, it’s important to consider that funds may be stolen or accessed by a malicious party. One way to protect your organization is to have a strong device identification strategy that can help ensure the entity accessing an account and the funds within is the true owner. By layering in this protection with other fraud defenses, businesses can be better prepared as consumer payment preferences shift. Additionally, financial institutions and other organizations should keep consumers informed about how to protect their own data and signs of scams. To learn more about how Experian is helping businesses develop and maintain effective fraud and identity solutions, visit us or request a call. And keep an eye out for additional in-depth explorations of our Future of Fraud Forecast. Request a call Future of Fraud Forecast

Published: May 9, 2022 by Guest Contributor

Subscribe to our thought leadership

Enter your name and email for the latest updates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe to our thought leadership

Don't miss out on the latest industry trends and insights!
Subscribe