Tag: account takeover fraud

Fraud rings cause an estimated $5 trillion in financial damages every year, making them one of the most dangerous threats facing today’s businesses. They’re organized, sophisticated and only growing more powerful with the advent of Generative AI (GenAI). Armed with advanced tools and an array of tried-and-true attack strategies, fraud rings have perfected the art of flying under the radar and circumventing traditional fraud detection tools. Their ability to adapt and innovate means they can identify and exploit vulnerabilities in businesses' fraud stacks; if you don’t know how fraud rings work and the right signs to look for, you may not be able to catch a fraud ring attack until it’s too late. What is a fraud ring? A fraud ring is an organized group of cybercriminals who collaborate to execute large-scale, coordinated attacks on one or more targets. These highly sophisticated groups leverage advanced techniques and technologies to breach fraud defenses and exploit vulnerabilities. In the past, they were primarily humans working scripts at scale; but with GenAI they’re increasingly mobilizing highly sophisticated bots as part of (or the entirety of) the attack. Fraud ring attacks are rarely isolated incidents. Typically, these groups will target the same victim multiple times, leveraging insights gained from previous attack attempts to refine and enhance their strategies. This iterative approach enables them to adapt to new controls and increase their impact with each subsequent attack. The impacts of fraud ring attacks far exceed those of an individual fraudster, incurring significant financial losses, interrupting operations and compromising sensitive data. Understanding the keys to spotting fraud rings is crucial for crafting effective defenses to stop them. Uncovering fraud rings There’s no single tell-tale sign of a fraud ring. These groups are too agile and adaptive to be defined by one trait. However, all fraud rings — whether it be an identity fraud ring, coordinated scam effort, or large-scale ATO fraud scheme — share common traits that produce warning signs of imminent attacks. First and foremost, fraud rings are focused on efficiency. They work quickly, aiming to cause as much damage as possible. If the fraud ring’s goal is to open fraudulent accounts, you won’t see a fraud ring member taking their time to input stolen data on an application; instead, they’ll likely copy and paste data from a spreadsheet or rely on fraud bots to execute the task. Typically, the larger the fraud ring attack, the more complex it is. The biggest fraud rings leverage a variety of tools and strategies to keep fraud teams on their heels and bypass traditional fraud defenses. Fraud rings often test strategies before launching a full-scale attack. This can look like a small “probe” preceding a larger attack, or a mass drop-off after fraudsters have gathered the information they needed from their testing phase. Fraud ring detection with behavioral analytics Behavioral analytics in fraud detection uncovers third-party fraud, from large-scale fraud ring operations and sophisticated bot attacks to individualized scams. By analyzing user behavior, organizations can effectively detect and mitigate these threats. With behavioral analytics, businesses have a new layer of fraud ring detection that doesn’t exist elsewhere in their fraud stack. At a crowd level, behavioral analytics reveals spikes in risky behavior, including fraud ring testing probes, that may indicate a forthcoming fraud ring attack, but would typically be hidden by sheer volume or disregarded as normal traffic. Behavioral analytics also identifies the high-efficiency techniques that fraud rings use, including copy/paste or “chunking” behaviors, or the use of advanced fraud bots designed to mimic human behavior. Learn more about our behavioral analytics solutions and their fraud ring detection capabilities. Learn more

Four capabilities to consider for improved coverage and customer experience. Identity verification during account opening is the foundation for building trust between consumers and businesses. Consumers expect a seamless and convenient experience, and with the ease and optionality of online banking, are willing to look for alternatives that offer less friction. According to Experian research, 92% of consumers feel it's important for the businesses they deal with online to identify or recognize them on a repeated basis accurately, but only 16% have high confidence that this is happening. The disconnect between consumers’ expectations for online identity verification and the digital experiences they encounter is leading to reduced satisfaction and increased abandonment during new account opening processes. According to recent research by Experian, 38% of consumers surveyed considered ending a new account opening mid-way through the process due to poor experience. In addition, the same research found that nearly one-fifth of consumers had moved their business elsewhere because of this. Amidst the quest for convenience lies a pressing concern: ensuring the integrity of accounts being opened and protecting against fraud. Businesses continue to experience increasing fraud losses, Juniper Research forecasts that merchant losses from online payment fraud will exceed $362 billion globally between 2023 and 2028, with losses of $91 billion alone in 2028. Identity verification serves as the first line of defense in protecting both financial institutions and consumers. By verifying the identities of individuals before granting them access to services, businesses can mitigate the risk of identity theft, account takeover, and other forms of fraud. Four capabilities to consider when building out an identity verification strategy Personally Identifiable Information (PII) dataComparing consumer input data to a comprehensive data set helps effectively validate the consumer without disrupting customer experience. Details like name, address, date of birth, and social security number provide valuable identity information to verify identities quickly and accurately. Identity graphUsing an identity graph leveraging advanced analytics and data linking techniques helps prevent synthetic IDs from getting through. By mapping relationships between identity attributes, you can easily identify patterns and connections within the data and detect anomalies or inaccuracies in the information provided. Alternative data“Thin file” consumers are often rejected due to a lack of traditional data. Using alternative data like phone ownership and email data helps not only verify that the identity is real but also improves coverage, so you are not rejecting good customers. Document verificationHaving a document verification provider that seamlessly integrates into your identity verification workflow is essential for robust identity verification. Validating good users early in the account opening process helps keep fraudsters out so good users are not subject to stringent identity checks later on during onboarding. Next steps A strong identity verification process builds trust by demonstrating a commitment to protecting and safeguarding consumer data. A proper identity verification workflow would minimize the impact of friction for consumers and help organizations manage fraud and regulatory compliance by examining specific business needs on a case-by-case basis. Identifying the right mix of capabilities through analytics and feedback while utilizing the best data reduces the cost of manual verification and helps onboard good customers faster. Learn more Research conducted in March 2024 by Experian in North America

Dormant fraud, sleeper fraud, trojan horse fraud . . . whatever you call it, it’s an especially insidious form of account takeover fraud (ATO) that fraud teams often can’t detect until it’s too late. Fraudsters create accounts with stolen credentials or gain access to existing ones, onboard under the fake identity, then lie low, waiting for an opportunity to attack.   It takes a strategic approach to defeat the enemy from within, and fraudsters assume you won’t have the tools in place to even know where to start.   Dormant fraud uncovered: A case study  NeuroID, a part of Experian, has seen the dangers of dormant fraud play out in real time.  As a new customer to NeuroID, this payment processor wanted to backtest their user base for potential signs of fraud. Upon analyzing their customer base’s onboarding behavioral data, we discovered more than 100K accounts were likely to be dormant fraud. The payment processor hadn’t considered these accounts suspicious and didn’t see any risk in letting them remain active, despite the fact that none of them had completed a transaction since onboarding.  Why did we flag these as risky?  Low familiarity: Our testing revealed behavioral red flags, such as copying and pasting into fields or constant tab switching. These are high indicators that the applicant is applying with personally identifiable information (PII) that isn’t their own.  Fraud clusters: Many of these accounts used the same web browser, device, and IP address during sign-up, suggesting that one fraudster was signing up for multiple accounts. We found hundreds of clusters like these, many with 50 or more accounts belonging to the same device and IP address within our customer’s user base.  It was clear that this payment processor’s fraud stack had gaps that left them vulnerable. These dormant accounts could have caused significant damage once mobilized: receiving or transferring stolen funds, misrepresenting their financial position, or building toward a bust-out.   Dormant fraud thrives in the shadows beyond onboarding. These fraudsters keep accounts “dormant” until they’re long past onboarding detection measures. And once they’re in, they can often easily transition to a higher-risk account — after all, they’ve already confirmed they’re trustworthy. This type of attack can involve fraudulent accounts remaining inactive for months, allowing them to bypass standard fraud detection methods that focus on immediate indicators.   Dormant fraud gets even more dangerous when a hijacked account has built trust just by existing. For example, some banks provide a higher credit line just for current customers, no matter their activities to date. The more accounts an identity has in good standing, the greater the chance that they’ll be mistaken for a good customer and given even more opportunities to commit higher-level fraud.  This is why we often talk to our customers about the idea of progressive onboarding as a way to overcome both dormant fraud risks and the onboarding friction caused by asking for too much information, too soon.   Progressive onboarding, dormant fraud, and the friction balance  Progressive onboarding shifts from the one-size-fits-all model by gathering only truly essential information initially and asking for more as customers engage more. This is a direct counterbalance to the approach that sometimes turns customers off by asking for too much too soon, and adding too much friction at initial onboarding. It also helps ensure ongoing checks that fight dormant fraud. We’ve seen this approach (already growing popular in payment processing) be especially useful in every type of financial business. Here’s how it works:  A prospect visits your site to explore options. They may just want to understand fees and get a feel for your offerings. At this stage, you might ask for minimal information — just a name and email — without requiring a full fraud check or credit score. It’s a low commitment ask that keeps things simple for casual prospects who are just browsing, while also keeping your costs low so you don’t spend a full fraud check on an uncommitted visitor.   As the prospect becomes a true customer and begins making small transactions, say a $50 transfer, you request additional details like their date of birth, physical address, or phone number. This minor step-up in information allows for a basic behavioral analytics fraud check while maintaining a low barrier of time and PII-requested for a low-risk activity.  With each new level of engagement and transaction value, the information requested increases accordingly. If the customer wants to transfer larger amounts, like $5,000, they’ll understand the need to provide more details — it aligns with the idea of a privacy trade-off, where the customer’s willingness to share information grows as their trust and need for services increase. Meanwhile, your business allocates resources to those who are fully engaged, rather than to one-time visitors or casual sign-ups, and keeps an eye on dormant fraudsters who might have expected no barrier to additional transactions.  Progressive onboarding is not just an effective approach for dormant fraud and onboarding friction, but also in fighting fraudsters who sneak in through unseen gaps. In another case, we worked with a consumer finance platform to help identify gaps in their fraud stack. In one attack, fraudsters probed until they found the product with the easiest barrier of entry: once inside they went on to immediately commit a full-force bot attack on higher value returns. The attack wasn’t based on dormancy, but on complacency. The fraudsters assumed this consumer finance platform wouldn’t realize that a low controls onboarding for one solution could lead to ease of access to much more. And they were right.  After closing that vulnerability, we helped this customer work to create progressive onboarding that includes behavior-based fraud controls for every single user, including those already with accounts, who had built that assumed trust, and for low-risk entry-points. This weeded out any dormant fraudsters already onboarded who were trying to take advantage of that trust, as they had to go through behavioral analytics and other new controls based on the risk-level of the product.   Behavioral analytics gives you confidence that every customer is trustworthy, from the moment they enter the front door to even after they’ve kicked off their shoes to stay a while.  Behavioral analytics shines a light on shadowy corners  Behavioral analytics are proven beyond just onboarding — within any part of a user interaction, our signals detect low familiarity, high-risk behavior and likely fraud clusters. In our experience, building a progressive onboarding approach with just these two signal points alone would provide significant results — and would help stop sophisticated fraudsters from perpetrating dormant fraud, including large-scale bust outs.  Want to find out how progressive onboarding might work for you? Contact us for a free demo and deep dive into how behavioral analytics can help throughout your user journey.  Contact us for a free demo

With more consumers online, bad actors are taking the opportunity to commit more financial crimes, such as account takeover fraud. This online scheme resulted in nearly $13 billion in losses in 2023, up from $11 billion in 2022.1 So, what do organizations need to know about this form of identity theft? And how can they prevent it? Let’s explore one type of account takeover fraud: email account takeover. What is email account takeover? Email account takeover occurs when a fraudster gains access to a legitimate user’s email account through data breaches that expose credentials, purchasing from the dark web, or phishing scams. It's usually one of the first steps in a broader account takeover scheme. Once fraudsters have access to a consumer’s email or social media account, they have access to the private information in that consumer’s inbox: financial statements, health records, and other forms of PII. Fraudsters can also now use the consumer’s email to impersonate them with friends, family, financial institutions or other businesses they interact with.   They can also gain access to other accounts and here’s where email account takeover becomes more dangerous. In this attack, the fraudster gains access to an email or mobile account. Once they have an email, they start by trying to guess the user’s password, commonly called a brute force attack, or through password spraying, where they use commonly used passwords, i.e. ‘password’ or ‘123123.  A recent Google survey found that 65% of people use the same password for some or all of their online accounts. This, along with a corresponding email address can give fraudsters further entre into a consumer’s other accounts. If unsuccessful, they’ll then execute a ‘forgot password’, password reset, or one-time password. Then, they take over the victim’s account with their financial institution to facilitate the transfer of funds from the compromised account. 57% of businesses are experiencing rising fraud losses associated with account opening and account takeover.2 While email account takeover can be quickly executed, detecting it can take time. Unlike credit card fraud, where an individual may soon notice suspicious activity, an email account takeover can go undetected for longer. The owner may not realize until later that their account has been compromised, especially with a dormant account or secondary account they use less. As a result, criminals have more time to facilitate additional attacks. LEARN MORE: Explore 2024 fraud trends listed by Experian. How does it affect your organization? Account takeover fraud doesn't just impact consumers, it can result in significant financial losses for organizations. For example, if your organization offers credit products, you might have to cover the costs of disputing chargebacks, card processing fees, or providing refunds. In the case of a data breach, you may have to pay fines against your organization for not properly protecting consumer information. Nearly two-thirds of consumers say they’re very or somewhat concerned with online security.3 But email account takeover isn't just costly — it can damage your organization's reputation. Consumers expect organizations to have proper security measures in place to protect their information. If a data breach occurs, your security can seem weak, leading consumers to lose trust in your organization. As a result, they may potentially take their business elsewhere. The importance of prevention While consumers listed identity theft as their top concern when conducting activities online, they’re still interacting, opening new accounts, and transacting digitally.4 Coupled with the rise of account takeover fraud and associated losses, it’s more crucial than ever for organizations to accurately detect and prevent these attacks. To do this, they must have a proactive fraud prevention strategy in place. Account takeover fraud prevention requires your business to maintain and continuously reaffirm confidence in the identity data you collect. Your team can monitor, segment, and proactively act on customer identities that display a higher risk of fraud than was determined at account origination through risk-based fraud detection models, machine learning, and advanced analytics. Experian offers many flexible solutions, including: CrossCore® Solutions are best practice-based groupings of fraud and identity products that enable organizations to solve common to complex issues. For example, our fraud risk solutions include email and phone intelligence to improve verification for thin-files and other challenging populations. Experian offers phone/carrier-based matching capabilities with address validity and occupancy data for >95% of U.S. households. FraudNet is a device intelligence solution that analyzes hundreds of device attributes and prevents fraud on all digital channels. Combining contextual data, behavioral data, and device data, it bridges the gap between physical and digital identity to achieve fraud capture rates that exceed industry averages. To further alleviate account takeover fraud, your organization can offer educational resources for fraud prevention. Using various, strong passwords across their accounts, and changing them regularly, is a foundational way consumers can help ensure their accounts are secure. Leveraging user names that are different from your email can also help. If a fraudster is able to takeover an account and initiate a lost password request, and that password is used for other accounts, that fraudster now has the credentials they need to further defraud that consumer. By spreading awareness about identity fraud risks and providing best practices for prevention, you can better protect your organization and consumers. LEARN MORE: Building a multilayered fraud and identity strategy with CrossCore Solutions Partnering with Experian Email account takeover, along with other types of fraud, can be detected and prevented with the right partner. Experian’s fraud management solutions can help your organization accurately verify customers and assess risk with our account takeover and fraud management solutions. Explore Experian’s account takeover solutions and watch an on-demand recording of our Fraud Risk and Identity Verification Solutions tech showcase. Learn more Watch tech showcase 1 Identity Fraud Cost Americans $43 Billion in 2023, AARP. 2-4 2023 U.S. Identity and Fraud Report, Experian.

Financial institutions, merchants, and e-commerce platforms are no strangers to fraud, especially in the realm of payments. With the rise of digital currency, fraudsters are becoming more inventive, making it increasingly difficult to detect and prevent payment fraud. In this blog post, we discuss payment fraud and ways to protect your organization and your customers. What is payment fraud? Payment fraud occurs when someone uses false or stolen payment information to make a purchase or transaction. The most common types of payment fraud include: Phishing: Through emails or text messages, scammers disguise themselves as trustworthy sources to lure recipients into sharing their personal information, such as account passwords and credit card numbers. Card not present fraud: This type of fraud is one of the most challenging forms of payment fraud to detect and prevent. It occurs when a criminal uses a stolen or compromised credit card to make a purchase online, in-person, or by other means where the card is not physically present at the time of the transaction. Account takeover fraud: This type of fraud occurs when fraudsters gain unauthorized access to an individual’s account and carry out fraudulent transactions. They take over accounts by gathering and using personal or financial details to impersonate their victims. The rise of online payment fraud Online payments have become a prime destination for fraudsters as more consumers choose to store card details and make purchases digitally. As a result, consumers believe that it’s the responsibility of businesses to protect them online. If there’s a lack of trust and safety, consumers will have no problem switching providers, leading to declines in customer loyalty and monetary losses for organizations. No matter the type of payment fraud, it can result in devastating consequences for your organization and your customers. According to Experian’s 2024 U.S. Identity and Fraud Report, fraud scams and bank fraud schemes resulted in more than $458 billion in losses globally. On the consumer side, 52 million Americans had fraudulent charges on their credit or debit cards, with unauthorized purchases exceeding $5 billion. Given these findings, it’s more important than ever to implement robust online payment fraud detection and prevention measures. How can payment fraud be detected and prevented? Approaches to payment fraud detection and prevention have evolved over time. Some of the current and emerging trends include: Additional layers of security: Security measures like two-factor authentication, a CVV code, and a billing zip code can help verify a customer’s identity and make it more difficult for fraudsters to complete a transaction. Enhanced identity verification: A credit card owner verification solution, like Experian LinkTM, matches the customer identity with the credit card being presented for payment, allowing businesses to make better decisions, reduce false declines, and protect legitimate customers. Artificial intelligence (AI) and machine learning: AI-powered models and machine learning algorithms can identify patterns consistent with fraudulent activity in real time, resulting in proactive fraud prevention and reduced financial losses. Behavioral analytics: Using behavioral analytics to monitor user behavior, such as how they navigate a website or interact with the payment process, can help identify inconsistencies and potential fraud. Token-based authentication: Tokenization protects card information by replacing sensitive data with a unique identifier (token), which makes data breaches less damaging. How Experian can help As the payments landscape continues to evolve, so do fraudsters. Experian offers a wide range of payment fraud analytics, account takeover fraud prevention and fraud management solutions that allow you to better detect and prevent payment fraud. Your organization’s reputation and your customers’ trust shouldn’t be compromised. To learn more, visit us today. Learn more This article includes content created by an AI language model and is intended to provide general information.

This article was updated on November 9, 2023. Account takeover fraud is a huge, illicit business in the United States with real costs for consumers and the organizations that serve them. In fact, experts predict that by the end of 2023, account takeover losses will be over $635 billion. With consumers' data, your reputation, and your organization's financial picture on the line, now's the time to learn about account takeover fraud and how to prevent it.  What is account takeover fraud?  Account takeover fraud is a form of identity theft where bad actors gain unlawful access to a user's online accounts in order to commit financial crimes. This often involves the use of bots.  information that enables account access can be compromised in a variety of ways. It might be purchased and sold on the dark web, captured through spyware or malware or even given “voluntarily" by those falling for a phishing scam.  Account takeover fraud can do far more potential damage than previous forms of fraud because once criminals gain access to a user's online account, they can use those credentials to breach others of that user's accounts.  Common activities and tools associated with account takeover fraud include: Phishing: Phishing fraud relies on human error by impersonating legitimate businesses, usually in an email. For example, a scammer might send a phishing email disguising themselves as a user's bank and asking them to click on a link that will take them to a fraudulent site. If the user is fooled and clicks the link, it can give the hackers access to the account.  Credential stuffing/cracking: Fraudsters buy compromised data on the dark web and use bots to run automated scripts to try and access accounts. This strategy, called credential stuffing, can be very effective because many people reuse insecure passwords on multiple accounts, so numerous accounts might be breached when a bot has a hit. Credential cracking takes a less nuanced approach by simply trying different passwords on an account until one works.  Malware: Most people are aware of computer viruses and malware but they may not know that certain types of malware can track your keystrokes. If a user inadvertently downloads a “key logger", everything they type, including their passwords, is visible to hackers.  Trojans: As the name suggests, a trojan works by hiding inside a legitimate application. Often used with mobile banking apps, a trojan can overlay the app and capture credentials, intercept funds and redirect financial assets.  Cross-account takeover: One evolving type of fraud concern is cross-account takeover. This is where hackers take over a user's financial account alongside another account such as their mobile phone or email. With this kind of access, fraudsters can steal funds more easily and anti-fraud solutions are less able to identify them.  Intermediary new-account fraud: This type of fraud involves using a user's credentials to open new accounts in their name with the aim of draining their bank accounts.  This is only an overview of some of the most prevalent types of account takeover fraud. The rise of digital technologies, smartphones, and e-commerce has opened the door to thieves who can exploit the weaknesses in digital security for their own aims. The situation has only worsened with the rapid influx of new and inexperienced online users driven by the COVID-19 pandemic.  Why should you be concerned, now?  Now that digital commerce and smartphone use are the norm, information used to access accounts  is a security risk. If a hacker can get access to this information, they may be able to log in to multiple accounts.. The risk is no longer centralized; with every new technology, there's a new avenue to exploit.   To exacerbate the situation, the significant shift to online, particularly online banking, spurred by the COVID-19 pandemic, appears to have amplified account takeover fraud attempts. In 2019, prior to the pandemic, 1.5 billion records — or approximately five records per American — were exposed in data breaches. This can potentially increase as the number of digital banking users in the United States is expected to reach almost 217 million by 2025. Aite research reported that 64 percent of financial institutions were seeing higher rates of account takeover fraud than before COVID. Unfortunately, this trend shows no sign of slowing down. The increase in first-time online users propelled by COVID has amplified the critical security issues caused by a shift from transaction fraud to identity-centric account access. Organizations, especially those in the financial and big technology sectors, have every reason to be alarmed.  The impact of account takeover fraud on organizations  Account takeover can be costly, damage your reputation and require significant investments to identify and correct.  Protection of assets  When we think of the risks to organizations of account takeover fraud, the financial impact is usually the first hazard to come to mind. It's a significant worry: According to Experian's 2023 U.S. Identity and Fraud report, account takeover fraud was among the top most encountered fraud events reported by U.S. businesses. And even worse, the average net fraud loss per case for debit accounts has been steadily increasing since early 2021. The costs to businesses of these fraudulent activities aren't just from stolen funds. Those who offer credit products might have to cover the costs of disputing chargebacks, card processing fees or providing refunds. Plus, in the case of a data breach, there may be hefty fines levied against your organization for not properly safeguarding consumer information. Add to these the costs associated with the time of your PR department, sales and marketing teams, finance department and customer service units.  In short, the financial impact of account takeover fraud can permeate your entire organization and take significant time to recoup and repair.  Protection of information  Consumers rightfully expect organizations to have a solid cybersecurity plan and to protect their information but they also want ease and convenience. In many cases, it's the consumers themselves who engage in risky online behavior — reusing the same password on multiple sites or even using the same password on all sites. These lax security practices open users up to the possibility of multiple account takeovers. Making things worse for organizations, security strategies can annoy or frustrate consumers. If security measures are too strict, they risk alienating consumers or even generating false positives, where the security measure flags a legitimate user.  Organizations are in the difficult position of having to balance effective security measures with a comfortable user experience. Reputation  When there's a data breach, it does significant damage to your organization's reputation by demonstrating weaknesses in your security. Fraudulent account take-overs can affect the consumers who rely on you significantly and if you lose their trust, they're likely to sever their relationship with you. Large-scale data breaches can sully your organization's reputation with the general public, making consumers less likely to consider your services. How to build an account takeover fraud prevention strategy  There are numerous ways to build an account takeover fraud prevention strategy, but to work for your and individual consumers, it must pair robust risk management with a low friction user experience.  Here are some of the key elements to an account takeover fraud prevention strategy that hits the right notes.  Monitor interactions The risk of account takeover is constant so your monitoring should be as well. A layered, proactive and passive fraud prevention program can monitor your interactions, reduce false positives and keep track of consumers' digital identities. Use the right tools When it comes to fraud prevention, you've got plenty of choices but you'll want to make sure you use the tools that protect you, as well as consumer data, while always providing a positive experience. We use risk-based identity and device authentication and targeted step-up authentication to keep things running smoothly and only pull in staff for deeper investigations where necessary. Automate to reduce manual processes  Your organization's fraud prevention strategy likely includes manual processes, tasks that are completed by employees—but humans make mistakes that can be costly. Taking the wrong action, or even no action at all, can result in a security breach. Automated tasks like threat filtering and software and hardware updates can reduce the risk to your organization while improving response time and freeing up your team.  Choose a nimble platform  Technology changes quickly and so does fraud. You'll need access to a layered platform that lets you move as quickly as the bad actors do.  The bottom line  You can effectively mitigate against the risk of account takeover fraud and offer consumers a seamless experience. Learn more about account takeover fraud prevention and fraud management solutions.  Fraud management solutions

What is elder abuse fraud? Financial abuse is reportedly the fastest-growing form of elder abuse, leaving many Americans vulnerable to theft scams, and putting businesses and other organizations on the frontlines to provide protection and help prevent fraud losses.   Financial elder abuse fraud occurs when someone illegally uses a senior’s money or other property. This can be someone they know, or a third party – like fraudsters who are perpetrating romance scams Older consumers and other vulnerable digital newbies were prime targets for this type of abuse during the start of the pandemic when many of them became active online for the first time or started transacting in new ways. This made them especially attractive targets for social engineering (when a fraudster manipulates a person to divulge confidential or private information) and account takeover fraud. While most of us have become used to life online (in fact, there’s been a 25% increase in online activity since the start of the pandemic), some seniors still have risky habits such as poor password maintenance, that can make them more attractive targets for fraudsters. What is the impact of elder abuse fraud? According to the FBI’s Internet Crime Complaint Center (IC3), elder abuse fraud cost Americans over the age of 60 more than $966 million in 2020. In addition to the direct cost to consumers, elder abuse fraud can leave organizations vulnerable to the fallout from data breaches via account takeover, and lost time and money spent helping seniors and other vulnerable Americans recoup their losses, reset accounts, and more. Further, the victim may associate the fraud with the bank, healthcare provider, or other businesses where the account was taken over and decide to stop utilizing that entity all together. How can organizations prevent elder abuse fraud? Preventing elder abuse fraud can take many forms. Organizations should start with a robust fraud management solution that can help prevent account takeover, first-party, synthetic identity fraud, and more. This platform should also include the ability to use data analysis to detect and flag sudden changes in financial behavior, online activities, and transaction locations that could indicate abuse or takeover of the account. With the right fraud strategy in place, organizations can help prevent fraud and build trust with older generations. Given that 95% of Baby Boomers cite security as the most important aspect of their online experience, this step is too important to miss.   To learn more about how Experian is helping organizations develop and maintain effective fraud and identity solutions, be sure to visit us or request a call. Contact us  

This post was updated in 2022. Fraud prevention can seem like a moving target. Criminals often shift from one scheme to the next, forcing organizations to play catch up to protect consumers’ identities and funds. But with the right technology, it’s possible to implement a fraud solution that provides protection and enhances the consumer journey. The pandemic fraud boom Government stimulus funds, COVID-19 testing and the loosening of business controls were a boon for criminals and levied an immense cost against businesses and consumers.   Consumer fraud losses rose to $3.3 billion in 2020, up from $1.8 billion in 2019.   The rapid increase in digital activity had two significant impacts. First, it shifted new account applications to the digital channel, where increased anonymity favors fraudsters by creating an environment where identity thieves could hide among the immense volume of applicants and monetize stolen personally identifiable information (PII). Second, it fueled account takeover (ATO) attacks by introducing digital “newbies” with unsophisticated password habits and limited ability to recognize and protect themselves from malware or social engineering, making them easy targets for credential theft. The return of old-school fraud Now that businesses and consumers are growing wise to some of the fraud schemes brought on by the COVID-19 pandemic, criminals are turning to new avenues, including tried-and-true methods like account opening and ATO fraud. New account fraud is expected to cost U.S. financial institutions $3.5 billion in 2021 alone.   Fraud organizations will take the PII available and match it with automated tools to increase their efficiency and success rates while continuing with phishing and other schemes to gain new information that can fuel further attacks. Building a fraud solution Staying ahead of fraudsters may feel like a losing proposition but equipped with the proper fraud controls, you can enhance the customer experience, increase operational efficiency and protect against developing fraud schemes. With a fraud solution that uses multiple tools in concert, it’s possible to recognize, verify and holistically risk assess most consumers that pass through your portfolio. The right platform — ideally one that can call upon different services to perform each job — will enable your organization to flag suspicious activity, increase insight into large-scale attacks, track risky users and break down traditional internal silos. By coordinating efforts and adding multiple touchpoints to run both in the foreground and background, you can ensure the right friction is applied at the right time without diminishing the end-user experience. In fact, by improving your recognition tools, you can make the experience for recognized, legitimate customers even easier. To learn more about the potential impacts of traditional fraud and how your organization can leverage a fraud prevention solution to achieve your retention and growth goals, read our latest white paper or request a call. Read white paper Schedule a call

“I saw an opportunity to create change instead of asking for it.” Day 2 was charged up with new technology; new ideas; and new, clearer visions of where we can drive change across our industries. Jeff Softley, President, Direct to Consumer, Experian Consumer Services, illustrated how the consumer is at the center of Experian’s business with countless statistics and how our consumer advocacy drives our focus, growth and mission. Wil Lewis, Global Chief of Diversity, Equity and Inclusion; Hiq Lee, President of Business Information Services; and Alex Lintner, Group President, Consumer Information Services, engaged in a panel discussion centered on reimagining inclusion.         Keynote: Allyson Felix Allyson Felix, five-time Olympian and most decorated Track & Field athlete, kicked off the day with an inspiring keynote touching on her athletic career, taking challenges head-on and using our platforms to make an impact. Felix, who is racing in the first race of her final season this weekend, is a tireless advocate, life-long learner, who seeks to empower others. “We can all start where we are,” she said. “Small things turn into big things.”       Day 2 session highlights From the breakout sessions, the theme of disruption was evident. We dove into how prescreen and prequalification have evolved, a demand that many must adapt to deliver in the post-pandemic world. Financial inclusion was a topic covered across the board, as were the strategies to be enacted to bolster these financial inclusion drivers. One such area addressed was how the rapidly growing buy now, pay later industry advances financial access and inclusion efforts. And speaking of evolution, retention must evolve as well — we heard how retention, recapture and risk strategies are transforming, particularly in the mortgage servicing space. Rapid Model Development and Deployment - Feedback from businesses reflects organizations’ desires for flexible deployment options, flexible integration with existing tech stacks, open source technology and the ability to incorporate multiple data providers. Today’s solutions address that feedback as well as solve for the most rampant market challenges in new, innovative ways.   Strategy optimization with Artificial Intelligence and Machine Learning - Over 50% of financial institutions surveyed are using AI/ML in at least one department. Challenges include data management, operation, evolving the analytics program. ML/AI starts with proper data management. For optimization, templatizing ML frameworks is a necessity.   ID Verification, Authentication and Fraud - There were $56B in identity fraud losses in 2020, $13B of which were traditional identity fraud losses and $43B related to identity fraud scams. Leveraging strategies is necessary to maintain the critical balance required for identity verification and fraud – mitigating losses and risk exposure, drive optimal customer experience, maintain regulatory compliance.   Maximizing Customer Value - The monthly data refresh is a thing of the past. When reimagining account review for risk and marketing purposes, remaining agile is key with increased data freshness for operational efficiency. Keynote: Ashton Kutcher The energy, insights and ideas have been reverberating throughout the venue for the past 48 hours, which set the stage for Ashton Kutcher’s closing keynote. The Chicago Bears fan talked about his career, how hard work wasn’t an option when he was growing up and how part of his assessment process for potential investments – determining whether they create efficiencies in the market – he sometimes thinks of a long-standing, personal benchmark – the air nailer. He talked about his philanthropy efforts, the mission behind his company Thorn, and the ability for people to impact change and achieve "a sense of agency" over the outcome of the future. “That’s the human spirit. That’s the spark that exists – that people understand that you can sit in despair, or you can do something,” he said. It has been an amazing two days – we can’t wait for Vision 2023!

With consumers continuing to take a digital-first approach to everything from shopping to dating and investing, fraudsters are finding new and innovative ways to commit fraud. To help businesses anticipate and prepare for the road ahead, we created the 2022 Future of Fraud Forecast. Here are the fraud trends we expect to see over the coming year: Buy Now, Pay Never: Buy now, pay later lenders will see an uptick in identity theft and synthetic identity fraud. Beware of Cryptocurrency Scams: Fraudsters will set up cryptocurrency accounts to extract, store and funnel stolen funds, such as the billions of stimulus dollars swindled by criminals. Double the Trouble for Ransomware Attacks: Fraudsters will not only ask for a hefty ransom to cede control back to the companies they’ve hacked but also steal and leverage data from the hacked company. Love, Actually?: Romance scams will continue to see an uptick, with fraudsters asking victims for money or loans to cover fabricated travel costs, medical expenses and more. Digital Elder Abuse Will Rise: Older consumers and other vulnerable digital newbies will be hit with social engineering and account takeover fraud. “Businesses and consumers need to be aware of the creativity and agility that fraudsters are using today, especially in our digital-first world,” said Kathleen Peters, Chief Innovation Officer at Experian Decision Analytics in North America. “Experian continues to leverage data and advanced analytics to develop innovative solutions to help businesses prevent fraudulent behavior and protect consumers.” To learn more about how to protect your business and customers from rising fraud trends, download the Future of Fraud Forecast and check out Experian’s fraud prevention solutions. Future of Fraud Forecast Read Press Release

Earlier this year, we shared our predictions for five fraud threats facing businesses in 2021. Now that we’ve reached the midpoint of the year and economic recovery is underway, we’re taking another look at how these threats can impact businesses and consumers.   Putting a Face to Frankenstein IDs: Synthetic identity fraudsters will attempt to bypass fraud detection methods by using AI to combine facial characteristics from different people to form a new identity. Overexposure: As many as 80% of SSNs may have been exposed on the dark web, creating opportunities for account application fraud. The Heist: Surges in data breaches, advances in automation, expanded online banking services and vulnerabilities exposed from social engineering mistakes have lead to rises in account takeover fraud. Overstimulated: Opportunistic fraudsters may take advantage of ongoing relief payments by using stolen data from consumers. Behind the Times: Businesses with lackluster fraud prevention tools and insufficient online security technology will likely experience more attacks and suffer larger losses.   To learn more about upcoming fraud threats and how to protect your business, download our new infographic and check out Experian’s fraud prevention solutions. Download infographic Request a call

The sharp uptick in fraud that coincided with the digital evolution made it clear that banks, credit unions, and fintechs need to invest in a strategy that utilizes identity layers to keep their customers and their finances safe. The steady rise in fraud over the last several years spiked—payment fraud rose 70% last year and is expected to increase by 95% in 2021—making it more challenging than ever to address the fraud threat while meeting increasing customer expectations. The rising fraud threat 2020 saw a rapid influx of customers using digital channels and the amount of data flowing into financial systems. There’s been a seismic shift, and we’re not going back. According to a recent study, 80% of consumers now prefer to manage their finances digitally, leaving the door open for fraudsters to take advantage of digital newbies. The increase in online activity corresponded with criminal activity. The rates of synthetic identity, account opening, and account takeover fraud have risen as fraudsters’ tactics have evolved. 80% of fraud losses now come from synthetic identities In 2020 the rate of new account credit card fraud attempts rose 48% Account takeover accounted for 54% of all fraud attacks in 2020 Fraudsters will continue to take advantage of current conditions, moving from stimulus-related fraud back to more traditional forms of financial theft, and financial institutions must adapt in turn with robust identity layers. Resolving the identity threat In our recent white paper, developed in partnership with One World Identity, we explore how businesses can address the fraud threat. It requires a multilayered identity proofing strategy for both onboarding and ongoing authentication. By doing this, financial institutions can gain a holistic view of consumers and their associated risks, decreasing friction while enabling robust fraud protection. To learn more, download our “Improving Fraud by Increasing Identity Layers” white paper. Download white paper

Preventing fraud losses requires an understanding of each individual fraud type—including third-party, first-party, synthetic identity, and account takeover fraud—and how they differ from one another. It’s only with a multi-layered fraud strategy that businesses can adequately detect and treat each type of fraud while maintaining the customer experience. When’s the last time you reviewed your existing fraud strategy? Download infographic Review your fraud strategy

Over the last several weeks, I’ve shared articles about the problems surrounding third-party, first-party and synthetic identity fraud. To wrap up this series, I’d like to talk about account takeover fraud and how digital transformation has impacted it over the last year. What is account takeover fraud? Account takeover fraud is a form of identity theft that involves unauthorized access to a user’s online accounts to enable financial crimes. Criminals can obtain information in a number of ways, including the dark web, spyware and malware, and phishing to allow them to make unauthorized transactions with the user’s account. Fraudsters have made efforts to also gain control of mobile or email accounts so they can intercept one-time passwords or password change instructions to retain control of the account. Once fraudsters have control of one account, they can use it to access other personal information to breach additional accounts and graduate to full-scale identity theft. How does account takeover fraud impact me? Account takeover fraud is damaging to businesses and consumers. It leads to losses and well as resources invested to confirm fraud. The potential losses from account takeover fraud have spiked over the last year, in large part due to the opportunities created by the rapid increase of digital interactions and the influx of users interacting with merchants and financial institutions online for the first time. Aite research shows that 64% of financial institutions are seeing higher rates of ATO fraud attacks now than prior to the pandemic. – Trace Fooshee, Senior Analyst, Aite Group1 Account takeover can also be difficult to detect. Unlike credit card fraud where the true owner might quickly notice suspicious charges, an account takeover attack can go undetected for long periods of time. That’s because the criminal can change login and contact information, ensuring that the real accountholder doesn’t realize they’ve been compromised immediately. Solving the account takeover fraud problem A good account takeover fraud prevention strategy requires two things: frictionless customer experience and robust risk management. It’s clear that customers expect seamless interactions with merchants and lenders. At the same time, businesses need to be able to spot risky or suspicious behavior before a bad transaction occurs. That’s where a layered fraud management solution comes into play. With the right tools—including risk-based identity and device authentication and targeted step-up authentication—businesses can provide a good customer experience and only pull in staff for deeper investigations where necessary. With this strategy in place, businesses can easily recognize good customers and provide a more personalized experience, while at the same time combatting fraud – boosting growth and minimizing losses in the long run. I hope this series has helped provide insights into the different types of fraud and why each of them requires different treatment. To learn more about the risks of account takeover and how a layered fraud management solution can help protect your business and your customers, feel free to contact us. 1Key Trends Driving Fraud Transformation in 2021 and Beyond, Aite Group, December 2020