Tag: bust out

Dormant fraud, sleeper fraud, trojan horse fraud . . . whatever you call it, it’s an especially insidious form of account takeover fraud (ATO) that fraud teams often can’t detect until it’s too late. Fraudsters create accounts with stolen credentials or gain access to existing ones, onboard under the fake identity, then lie low, waiting for an opportunity to attack.   It takes a strategic approach to defeat the enemy from within, and fraudsters assume you won’t have the tools in place to even know where to start.   Dormant fraud uncovered: A case study  NeuroID, a part of Experian, has seen the dangers of dormant fraud play out in real time.  As a new customer to NeuroID, this payment processor wanted to backtest their user base for potential signs of fraud. Upon analyzing their customer base’s onboarding behavioral data, we discovered more than 100K accounts were likely to be dormant fraud. The payment processor hadn’t considered these accounts suspicious and didn’t see any risk in letting them remain active, despite the fact that none of them had completed a transaction since onboarding.  Why did we flag these as risky?  Low familiarity: Our testing revealed behavioral red flags, such as copying and pasting into fields or constant tab switching. These are high indicators that the applicant is applying with personally identifiable information (PII) that isn’t their own.  Fraud clusters: Many of these accounts used the same web browser, device, and IP address during sign-up, suggesting that one fraudster was signing up for multiple accounts. We found hundreds of clusters like these, many with 50 or more accounts belonging to the same device and IP address within our customer’s user base.  It was clear that this payment processor’s fraud stack had gaps that left them vulnerable. These dormant accounts could have caused significant damage once mobilized: receiving or transferring stolen funds, misrepresenting their financial position, or building toward a bust-out.   Dormant fraud thrives in the shadows beyond onboarding. These fraudsters keep accounts “dormant” until they’re long past onboarding detection measures. And once they’re in, they can often easily transition to a higher-risk account — after all, they’ve already confirmed they’re trustworthy. This type of attack can involve fraudulent accounts remaining inactive for months, allowing them to bypass standard fraud detection methods that focus on immediate indicators.   Dormant fraud gets even more dangerous when a hijacked account has built trust just by existing. For example, some banks provide a higher credit line just for current customers, no matter their activities to date. The more accounts an identity has in good standing, the greater the chance that they’ll be mistaken for a good customer and given even more opportunities to commit higher-level fraud.  This is why we often talk to our customers about the idea of progressive onboarding as a way to overcome both dormant fraud risks and the onboarding friction caused by asking for too much information, too soon.   Progressive onboarding, dormant fraud, and the friction balance  Progressive onboarding shifts from the one-size-fits-all model by gathering only truly essential information initially and asking for more as customers engage more. This is a direct counterbalance to the approach that sometimes turns customers off by asking for too much too soon, and adding too much friction at initial onboarding. It also helps ensure ongoing checks that fight dormant fraud. We’ve seen this approach (already growing popular in payment processing) be especially useful in every type of financial business. Here’s how it works:  A prospect visits your site to explore options. They may just want to understand fees and get a feel for your offerings. At this stage, you might ask for minimal information — just a name and email — without requiring a full fraud check or credit score. It’s a low commitment ask that keeps things simple for casual prospects who are just browsing, while also keeping your costs low so you don’t spend a full fraud check on an uncommitted visitor.   As the prospect becomes a true customer and begins making small transactions, say a $50 transfer, you request additional details like their date of birth, physical address, or phone number. This minor step-up in information allows for a basic behavioral analytics fraud check while maintaining a low barrier of time and PII-requested for a low-risk activity.  With each new level of engagement and transaction value, the information requested increases accordingly. If the customer wants to transfer larger amounts, like $5,000, they’ll understand the need to provide more details — it aligns with the idea of a privacy trade-off, where the customer’s willingness to share information grows as their trust and need for services increase. Meanwhile, your business allocates resources to those who are fully engaged, rather than to one-time visitors or casual sign-ups, and keeps an eye on dormant fraudsters who might have expected no barrier to additional transactions.  Progressive onboarding is not just an effective approach for dormant fraud and onboarding friction, but also in fighting fraudsters who sneak in through unseen gaps. In another case, we worked with a consumer finance platform to help identify gaps in their fraud stack. In one attack, fraudsters probed until they found the product with the easiest barrier of entry: once inside they went on to immediately commit a full-force bot attack on higher value returns. The attack wasn’t based on dormancy, but on complacency. The fraudsters assumed this consumer finance platform wouldn’t realize that a low controls onboarding for one solution could lead to ease of access to much more. And they were right.  After closing that vulnerability, we helped this customer work to create progressive onboarding that includes behavior-based fraud controls for every single user, including those already with accounts, who had built that assumed trust, and for low-risk entry-points. This weeded out any dormant fraudsters already onboarded who were trying to take advantage of that trust, as they had to go through behavioral analytics and other new controls based on the risk-level of the product.   Behavioral analytics gives you confidence that every customer is trustworthy, from the moment they enter the front door to even after they’ve kicked off their shoes to stay a while.  Behavioral analytics shines a light on shadowy corners  Behavioral analytics are proven beyond just onboarding — within any part of a user interaction, our signals detect low familiarity, high-risk behavior and likely fraud clusters. In our experience, building a progressive onboarding approach with just these two signal points alone would provide significant results — and would help stop sophisticated fraudsters from perpetrating dormant fraud, including large-scale bust outs.  Want to find out how progressive onboarding might work for you? Contact us for a free demo and deep dive into how behavioral analytics can help throughout your user journey.  Contact us for a free demo

Recently, I shared articles about the problems surrounding third-party and first-party fraud. Now I’d like to explore a hybrid type – synthetic identity fraud – and how it can be the hardest type of fraud to detect. What is synthetic identity fraud? Synthetic identity fraud occurs when a criminal creates a new identity by mixing real and fictitious information. This may include blending real names, addresses, and Social Security numbers with fabricated information to create a single identity.   Once created, fraudsters will use their synthetic identities to apply for credit. They employ a well-researched process to accumulate access to credit. These criminals often know which lenders have more liberal identity verification policies that will forgive data discrepancies and extend credit to people who appear to be new or emerging consumers. With each account that they add, the synthetic identity builds more credibility.   Eventually, the synthetic identity will “bust out,” or max out all available credit before disappearing. Because there is no single person whose identity was stolen or misused there’s no one to track down when this happens, leaving businesses to deal with the fall out.   More confounding for the lenders involved is that each of them sees the same scam through a different lens. For some, these were longer-term reliable customers who went bad. For others, the same borrower was brand new and never made a payment. Synthetic identities don't appear consistently as a new account problem or a portfolio problem or correlate to thick- or thin-filed identities, further complicating the issue.   How does synthetic identity fraud impact me?   As mentioned, when synthetic identities bust out, businesses are stuck footing the bill.   Annual SIF (synthetic identity fraud) charge-offs in the United States alone could be as high as $11 billion. – Steven D’Alfonso, research director, IDC Financial Insights1   Unlike first- and third-party fraud, which deal with true identities and can be tracked back to a single person (or the criminal impersonating them), synthetic identities aren’t linked to an individual. This means that the tools used to identify those types of fraud won’t work on synthetics because there’s no victim to contact (as with third-party fraud), or real customer to contact in order to collect or pursue other remedies.   Solving the synthetic identity fraud problem   Preventing and detecting synthetic identities requires a multi-level solution that includes robust checkpoints throughout the customer lifecycle.   During the application process, lenders must look beyond the credit report. By looking past the individual identity and analyzing its connections and relationships to other individuals and characteristics, lenders can better detect anomalies to pinpoint false identities.   Consistent portfolio review is also necessary. This is best done using a risk management system that continuously monitors for all types of fraudulent activities across multiple use cases and channels. A layered approach can help prevent and detect fraud while still optimizing the customer experience.   With the right tools, data, and analytics, fraud prevention can teach you more about your customers, improving your relationships with them and creating opportunities for growth while minimizing fraud losses.   To wrap up this series, I’ll explore account takeover fraud and how the correct strategy can help you manage all four types of fraud while still optimizing the customer experience. To learn more about the impact of synthetic identities, download our “Preventing Synthetic Identity Fraud” white paper and call us to learn more about innovative solutions you can use to detect and prevent fraud.   Contact us Download whitepaper   1Synthetic Identity Fraud Update: Effects of COVID-19 and a Potential Cure from Experian, IDC Financial Insights, July 2020

Synthetic identity fraud, otherwise known as SID fraud, is reportedly the fastest-growing type of financial crime. One reason for its rapid growth is the fact that it’s so hard to detect, and thus prevent. This allows the SIDs to embed within business portfolios, building up lines of credit to run up charges or take large loans before “busting out” or disappearing with the funds. In Experian’s recent perspective paper, Preventing synthetic identity fraud, we explore how SID differs from other types of fraud, and the unique steps required to prevent it. The paper also examines the financial risks of SID, including: $15,000 is the average charge-off balance per SID attack Up to 15% of credit card losses are due to SID 18% - the increase in global card losses every year since 2013 SID is unlike any other type of fraud and standard fraud protection isn’t sufficient. Download the paper to learn more about Experian’s new toolset in the fight against SID. Download the paper

This is the next article in our series about how to handle the economic downturn – this time focusing on how to prevent fraud in the new economic environment. We tapped two new experts—Chris Ryan, Market Lead, Fraud and Identity and Tischa Agnessi, Go-to-Market Lead, Decisioning Software—to share their thoughts on how to keep fraud out of your portfolio while continuing to lend. Q: What new fraud trends do you expect during the economic downturn? CR: Perhaps unsurprisingly, we tend to see high volumes of fraud during economic downturn periods. First, we anticipate an uptick in third-party fraud, specifically account takeover or ATO. It’ll be driven by the need for first-time users to be forced online. In particular, the less tech-savvy crowd is vulnerable to phishing attacks, social engineering schemes, using out-of-date software, or landing on a spoofed page. Resources to investigate these types of fraud are already strained as more and more requests come through the top of the funnel to approve new accounts. In fact, according to Javelin Strategy & Research’s 2020 Identity Fraud Study, account takeover fraud and scams will increase at a time when consumers are feeling financial stress from the global health and economic crisis. It is too early to predict how much higher the fraud rates will go; however, criminals become more active during times of economic hardships. We also expect that first party fraud (including synthetic identity fraud) will trend upwards as a result of the deliberate abuse of credit extensions and additional financing options offered by financial services companies. Forced to rely on credit for everyday expenses, some legitimate borrowers may take out loans without any intention of repaying them – which will impact businesses’ bottom lines. Additionally, some individuals may opportunistically look to escape personal credit issues that arise during an economic downturn. The line between behaviors of stressed consumers and fraudsters will blur, making it more difficult to tell who is a criminal and who is an otherwise good consumer that is dealing with financial pressure. Businesses should anticipate an increase in synthetic identity fraud from opportunistic fraudsters looking to take advantage initial financing offers and the cushions offered to consumers as part of the stimulus package. These criminals will use the economic upset as a way to disguise the fact that they’re building up funds before busting out. Q: With payment stress on the rise for consumers, how can lenders manage credit risk and prevent fraud? TA: Businesses wrestle daily with problems created by the coronavirus pandemic and are proactively reaching out to consumers and other businesses with fresh ideas on initial credit relief, and federal credit aid. These efforts are just a start – now is the time to put your recession readiness plan and digital transformation strategies into place and find solutions that will help your organization and your customers beyond immediate needs. The faceless consumer is no longer a fraction of the volume of how organizations interact with their customers, it is now part of the new normal. Businesses need to seek out top-of-line fraud and identity solutions help protect themselves as they are forced to manage higher digital traffic volumes and address the tough questions around: How to identify and authenticate faceless consumers and their devices How to best prevent an overwhelming number of fraud tactics, including first party fraud, account takeover, synthetic identity, bust out, and more. As time passes and the economic crisis evolves, we will all adapt to yet another new normal. Organizations should be data-driven in their approach to this rapidly changing credit crisis and leverage modern technology to identify financially stressed consumers with early-warning indicators, predict future customer behavior, and respond quickly to change as they deliver the best treatment at the right time based on customer-specific activities. Whether it’s preparing portfolio risk assessment, reviewing debt management, collections, and recovery processes, or ramping up your fraud and identity verification services, Experian can help your organization prepare for another new normal. Experian is continuing to monitor the updates around the coronavirus outbreak and its widespread impact on both consumers and businesses. We will continue to share industry-leading insights to help financial institutions differentiate legitimate consumers from fraudsters and protect their business and customers. Learn more About Our Experts [avatar user="ChrisRyan" /] Chris Ryan, Market Lead, Fraud and Identity Chris has over 20 years of experience in fraud prevention and uses this knowledge to identify the most critical fraud issues facing individuals and businesses in North America, and he guides Experian’s application of technology to mitigate fraud risk. [avatar user="tischa.agnessi" /] Tischa Agnessi, Go-to-Market Lead, Decisioning Software Tischa joined Experian in June of 2018 and is responsible for the go to market strategy for North America’s decisioning software solutions. Her responsibilities include delivering compelling propositions that are unique and aligned to markets, market problems, and buyer and user personas. She is also responsible for use cases that span the PowerCurve® software suite as well as application platforms, such as Decisioning as a ServiceSM and Experian®One.