The fraud problem is ever-present, with 94% of businesses reporting it as a top priority, and fraudsters constantly finding new targets for theft. Preventing fraud requires a carefully orchestrated strategy that can recognize and treat a variety of types — without adding so much friction that it drives customers away. Experian’s fraud prevention and detection platform, CrossCore®, was recently named an Overall Leader, Product Leader in Fraud Reduction Intelligence Platforms, Innovation Leader and Market Leader in Fraud Reduction by KuppingerCole. CrossCore is an integrated digital identity and fraud risk platform that enables organizations to connect, access, and orchestrate decisions that leverage multiple data sources and services. CrossCore combines risk-based authentication, identity proofing, and fraud detection into a single, state-of-the-art cloud platform. It engages flexible decisioning workflows and advanced analytics to make real-time risk decisions throughout the customer lifecycle. This recognition highlights Experian’s comprehensive approach to combating fraud and validates that CrossCore offers best-in-class capabilities by augmenting Experian’s industry-leading identity and fraud offerings with a highly curated ecosystem of partners which enables further optionality for organizations based on their specific needs. To learn more about how CrossCore can benefit your organization, read the report or visit us. Learn more
The rise of the digital channel lead to a rise in new types of fraud – like cryptocurrency and buy now, pay later scams. While the scams themselves are new, they’re based on tried-and-true schemes like account takeover and synthetic identity fraud that organizations have been working to thwart for years, once again driving home the need for a robust fraud solution. While the digital channel is extremely attractive to many consumers due to convenience, it represents a balancing act for organizations – especially those with outdated fraud programs who are at increased risk for fraud. As organizations look for ways to keep themselves and the consumers they serve safe, many turn to fraud risk mitigation. What are fraud risk management strategies? Fraud risk management is the process of identifying, understanding, and responding to fraud risks. Proper fraud risk management strategies involve creating a program that detects and prevents fraudulent activity and reduces the risks associated with fraud. Many fraud risk management strategies are built on five principles: Fraud Risk AssessmentFraud Risk GovernanceFraud PreventionFraud DetectionMonitoring and Reporting By understanding these principles, you can build an effective strategy that meets consumer expectations and protects your business. Fraud risk assessment Fraud protection begins with an understanding of your organization’s vulnerabilities. Review your top risk areas and consider the potential losses you could face. Then look at what controls you currently have in place and how you can dial those up or down to impact both risk and customer experience. Fraud risk governance Fraud risk governance generally takes the form of a program encompassing the structure of rules, practices, and processes that surround fraud risk management. This program should include the fraud risk assessment, the roles and responsibilities of various departments, procedures for fraud events, and the plan for on-going monitoring. Fraud prevention “An ounce of prevention is worth a pound of cure.” This adage certainly rings true when it comes to fraud risk management. Having the right controls and procedures in place can help organizations stop a multitude of fraud types before they even get a foot in the door. Account takeover fraud prevention is an ideal example of how organizations can keep themselves and consumers safe. Fraud detection The only way to stop 100% of fraud is to stop 100% of interactions. Since that’s not a sustainable way to run a business, it’s important to have tools in place to detect fraud that’s already entered your ecosystem so you can stop it before damage occurs. These tools should monitor your systems to look for anomalies and risky behaviors and have a way to flag and report suspicious activity. Monitoring and reporting Once your fraud detection system is in place, you need active monitoring and reporting set up. Some fraud detection tools may include automatic next steps for suspicious activity such as step-up authentication or another risk mitigation technique. In other cases, you’ll need to get a person involved. In these cases it’s critical to have documented procedure and routing in place to ensure that potential fraud is assessed and addressed in a timely fashion. How to implement fraud risk management By adhering to the principles above, you can gain a holistic view of your current risk level, determine where you want your risk level to be, and what changes you’ll need to make to get there. While you might already have some of the necessary tools in place, the right next step is usually finding a trusted partner who can help you review your current state and help you use the right fraud prevention services that fit your risk tolerance and customer experience goals. To learn more about how Experian can help you leverage fraud prevention solutions, visit us or request a call. Learn more
E-commerce digital transactions are rapidly increasing as online shopping becomes more convenient. In fact, e-commerce is projected to exceed 17% of all retail sales worldwide by 2027. As a result, opportunities for fraudsters to exploit businesses and consumers for monetary gain are reaching high levels. Businesses must be aware of the risks associated with card not present (CNP) fraud and take steps to protect themselves and their customers. What is card not present fraud? CNP fraud occurs when a criminal uses a stolen or compromised credit card to make a purchase online, over the phone, or through some other means where the card is not physically present at the time of the transaction. This type of fraud can be particularly difficult to detect and prevent, as it relies on the use of stolen card information rather than the physical card itself. CNP fraud can yield significant losses for businesses — these attacks are estimated to reach a staggering $28 billion in losses by 2026. Many have adopted various fraud prevention and identity resolution and verification tools to better manage risk and prevent fraud losses. Since much of the success or failure of e-commerce depends on how easy merchants make it for consumers to complete a transaction, incorporating CNP fraud prevention and identity verification tools in the checkout process should not come at the expense of completing transactions for legitimate customers. What do we mean by that? Let’s look at false declines. What is a false decline? False declines occur when legitimate transactions are mistakenly declined due to the business's fraud detection system incorrectly flagging the transaction as potentially fraudulent. This can not only be frustrating for cardholders, but also for merchants. Businesses may lose the sale and also be on the hook for any charges that result from the fraudulent activity. They can also result in damage to the business's reputation with customers. In either case, it is important for businesses to have measures in place to mitigate the risks of both. How can online businesses increase sales without compromising their fraud defense? One way to mitigate the risk of CNP fraud is to implement additional security measures at the time of transaction. This can include requiring additional verification information, such as a CVV code or a billing zip code to further authenticate the card holder’s identity. These measures can help to reduce the risk of CNP fraud by making it more difficult for fraudsters to complete a transaction. Machine learning algorithms can help analyze transaction data and identify patterns indicating fraudulent activity. These algorithms can be trained on historical data to learn what types of transactions are more likely to be fraudulent and then be used to flag potentially fraudulent transactions before it occurs. Businesses require data and technology that raise confidence in a shopper’s identity. Currently, the data merchants receive to approve transactions is not enough. A credit card owner verification solution like Experian Link fills this gap by enabling online businesses to augment their real-time decisions with data that links customer identity to the credit card being presented for payment to help verify the legitimacy of a transaction. Using Experian Link, businesses can link names, addresses and other identity markers to the customer’s credit card. The additional data enables better decisions, increased sales, decreased costs, a better buyer experience and better fraud detection. Get started with Experian Link™ - our frictionless credit card owner verification solution. Learn more
External fraud generally results from deceptive activity intended to produce financial gain that is carried out by an individual, a group of people or an entire organization. Fraudsters may prey on any organization or individual, regardless of the size or nature of their activities. The tactics used are becoming increasingly sophisticated, requiring a multilayered fraud mitigation strategy. Fraud mitigation involves using tools to reduce the frequency or severity of these risks, ultimately protecting the bottom line and the future of the organization. Fraud impacts the bottom line and so much more According to the Federal Trade Commission, consumers reported losing more than $10 billion to fraud in 2023, a 14% increase over the previous year and the highest dollar amount ever reported. These costs extend beyond the face value of the theft to include fees and interest incurred, fines and legal fees, labor and investigation costs and external recovery expenses. Aside from dollar losses and direct costs, fraud can also pose legal risks that lead to fines and other legal actions and diminish credibility with regulators. Word of deceptive activities can also create risk for the brand and reputation. These factors can, in turn, result in a loss of market confidence, making it difficult to retain clients and engage new business. Leveraging fraud mitigation best practices As the future unfolds, three things are fairly certain: 1) The future is likely to bring more technological advances and, thereby, new ways of working and creating. 2) Fraudsters will continue to look for ways to exploit those opportunities. 3) The future is here, today. Organizations that want to remain competitive in the digital economy should make fraud mitigation and prevention an integral part of their operational strategy. Assess the risk environment While enhancing revenue opportunities, the global digital economy has increased the complexity of risk management. Be aware of situations that require people to enforce fraud risk policies. While informed, experienced people are powerful resources, it is important to automate routine decisions where you can and leverage people on the most challenging cases. It is also critical to consider that not every fraud risk aligns directly to losses. Consider touchpoints where information can be exposed that will later be used to commit fraud. Information that crooks attempt to glean from idle chatter during a customer service call can be a source of unexpected vulnerability. These activities can benefit from greater transparency and automated oversight. Create a tactical plan to prevent and handle fraud Leverage analytics wherever possible to streamline decisions and choose the right level of friction that’s appropriate for the risk, and palatable for good customers. Consumers and small businesses have come to expect a customized and frictionless experience. Employee productivity, and ultimately revenue growth, requires the ability to operate with speed and informed confidence. A viable fraud mitigation strategy should incorporate these goals seamlessly with operational objectives. If not, prevention and mitigation controls may be sidelined to get legitimate business done, creating inroads for fraudsters. Look for a partner who can apply the right friction to situations depending on your risk appetite and use existing data (including your internal data and their own data resources) to better identify individual consumers. This identification process can actually smooth the way for known consumers while providing the right protection against fraudsters and giving consumers who are new to your organization a sense of safety and security when logging in for the first time. It's equally important that everyone in your organization is working together to prevent fraud. Establish and document best practices and controls, beginning with fostering a workplace culture in which fraud mitigation is part of everyone's job. Empower and train all staff to identify and report suspicious activity and ensure they know how to raise concerns. Consider implementing ways to encourage open and swift communication, such as anonymous or confidential reporting channels. Stay vigilant and tap into resources for managing risks It is likely impossible to think of every threat your organization might face. Instead, think of fraud mitigation as an ongoing process to identify and isolate any suspected fraud fast — before the activity can develop into a major threat to the bottom line — and manage any fallout. Incorporating technology and robust data collection can fortify governance best practices. Technology can also help you perform the due diligence faster, ensuring compliance with Know Your Customer (KYC) and other regulations. As necessary, work with risk assessment consultants to get an objective, experienced view. Learn more about fraud risk mitigation and fraud prevention services. Learn more
“Businesses are managing vast and growing amounts of consumer data – all while ensuring consumers’ privacy and complying with complex government regulations.” This is one of the many reasons there’s an increasing need for innovative digital identity solutions, as explored in a in Axios in a new Experian advertorial. Experian Identity, an integrated suite of identity solutions, products, and services, solves for challenges presented by the continuing migration of consumers to the internet and the resulting growth of consumer data. Leveraging that data stemming from diverse sources and combining it with advanced technologies, is critical to better determining and understanding a company’s best marketing prospects, as well as making confident decisions that enhance and safeguard the consumer experience. How? By leveraging multidimensional data and adhering to all consumer protection laws and industry self-regulatory standards, businesses can best recognize and connect with their consumers in more personalized, meaningful and secure ways. The Axios article discusses the benefits of Experian Identity, including strengthening fraud detection, solving for identity resolution, and helping to uncover business opportunities through segmenting, targeting and engaging consumers. “While today’s consumers are intensely interested in protecting their personal data and identities, they also want to be recognized and understood by the companies they do business with,” said Kathleen Peters, Chief Innovation Officer of Experian Decision Analytics, in the article. Read more about how Experian’s identity solutions helps businesses stay relevant with audiences, create a positive consumer experience, and meet people’s desire to be recognized in Axios’ new article. AXIOS: Making identities personal Learn more about Experian Identity
In today’s digital-first environment, fraud threats are growing in sophistication and scope. It’s critical for credit unions to not only understand the specific threats presented by life online, but to also be prepared with a solid fraud detection and prevention plan. Below, we’ve outlined a few fraud trends that credit unions should be aware of and prepared to address. 2021 Trends to Watch: Digitization and the Movement to Life Online Trend #1: Digital Acceleration As we look ahead to the rest of 2021 and beyond, we expect to see adoption of digital strategies nearing the top of credit unions’ list of priorities. Members’ expectations for their digital experience have permanently shifted, and many credit unions now have members using online channels who traditionally wouldn’t have. This has led to a change in the types of fraud we see as online activities increased in volume. Trend #2: First-Party Fraud is On the Rise First party fraud is on the rise – 43% of financial executives say that mule activity is up 10% or more compared to attack rates prior to the pandemic, according to Trace Fooshee, Senior Analyst for Aite Group, and we expect to see this number grow. The ability for credit unions to identify and segregate the “good guys” from “bad guys” is getting more difficult to discern and this detail is more important than ever as credit unions work to create frictionless digital experiences by using digital tools and strategies. Trend #3: Continual Uptick in Synthetic Identity Fraud We expect synthetic identity fraud (SID) to continue to rise in 2021 as cybercriminals become more sophisticated in the digital space and as members continue with their new digital habits. Additionally, fraudsters can use SIDs to bring significant damage and loss to credit unions through fraudulent checks, debit cards, person-to-person and automated clearing house (ACH) transactions. More and more, fraudsters are seen opening accounts and remaining very patient – using an account to build and nurture a trusted relationship with the credit union and then remain dormant for two years before ensuing in any sort of abuse. Once the fraudster feels confident that they can bypass authentication processes or avoid a new product vetting, oftentimes, they will take that opportunity to get easy access to all solutions credit unions have available and will abuse them all at once. There are no signs of fraud slowing, so credit unions will need to stay vigilant in their fraud protection and prevention plans. We’ve outlined a few tips for credit unions to help protect member data while reducing risk. The Fight Against Fraud: Four Key Tips Tip #1: Manage Each Fraud Type Appropriately Preventing and detecting fraud requires a multi-level solution. This can involve new methods for authenticating current and prospective members, as well as incorporating synthetic identity services and identity proofing throughout the member lifecycle. For example, credit unions should consider taking extra verification steps during the account opening process as a preventative measure to minimize SID infiltration and associated fraud losses. As credit unions continue down the path of digitization, it’s also important to add in digital signals and behavior-based verification, such as information about the device a consumer is logging in from to heighten defenses against bad actors. Tip #2: Be Resourceful In the wake of the COVID-19 pandemic, many have asked, “How should credit unions approach fraud prevention tactics when in-person contact is limited or unavailable?” In some cases, you might need to be willing to say no to requests or get creative and find other options. Sometimes, it takes leveraging current resources and using what’s readily available to allow for a binary decision tree. For example, if you’re suspicious of a dormant account that you think could be synthetic, call them, and ask yourself these questions: Did they answer? Was the phone still active? Send the account holder an email – did you get a reply? Is this a new member? Is this a new channel for the member? Could they have logged on to do this instead of calling the call center? Tip #3: Empower Members Through Education Members like to know that their credit unions are taking the necessary steps and applying the right measures to keep their data secure. While members might not want every detail, they do want to know that the security measures are there. Require the use of strong passwords, step-up authentication, and empower members with alerts, notifications, and card controls. Additionally, protect members by providing resources like trainings, webinars, and best practices articles, where they can learn about current cyber trends and how to protect their data. Tip #4: Trust Data Many credit unions rely on an employee’s decision to decide when to take action and what action to take. The challenge with this approach comes when the credit union needs to reduce friction for members or tighten controls to prevent fraud, because it’s extremely hard to know exactly what drove prior actions. A better alternative is to rely on scores and specific data. Tweaks to the scores or data points that drive actions allow credit unions to achieve the desired member experience and risk tolerance – just be sure to leverage internal experts help figure out those policies. By determining what conditions drive actions before the actions are taken (instead of doing it one case at a time) the decisions remain transparent and actionable. Looking for more insights around how to best position your credit union to mitigate and prevent fraud? Watch our webinar featuring experts from around the industry and key credit unions in this Fraud Insight Form hosted by CUES. Watch now Contact us
Preventing fraud losses requires an understanding of each individual fraud type—including third-party, first-party, synthetic identity, and account takeover fraud—and how they differ from one another. It’s only with a multi-layered fraud strategy that businesses can adequately detect and treat each type of fraud while maintaining the customer experience. When’s the last time you reviewed your existing fraud strategy? Download infographic Review your fraud strategy
According to Experian’s latest Global Insights Report, 38% of consumers expect to increase their online activity in the next 12 months. The report also found that consumers continue to have high expectations for their online experience, and businesses are re-imagining the customer journey to reflect that need. This January, Experian surveyed 3,000 consumers and 900 businesses to explore the changes in consumer behavior and business strategy pre- and post-COVID-19. As consumers have embraced life online, they’ve continued to emphasize their feelings regarding the importance of protecting their information. More than half of consumers still consider security to be the most important factor in their digital experience – the same experience they have such high expectations of. Business are acting in turn, with more than half investing in fraud detection methods or software to reduce friction in the customer experience. Digital transformation is also highlighting the need to: Manage regulatory compliance Integrate security measures Ensure access to AI models Attract and manage customers Integrate automation solutions Download the report to get all the latest insights into consumer desires and business behaviors, and keep visiting the Insights blog for a deeper dive into US-specific findings. Download report
Over the last several weeks, I’ve shared articles about the problems surrounding third-party, first-party and synthetic identity fraud. To wrap up this series, I’d like to talk about account takeover fraud and how digital transformation has impacted it over the last year. What is account takeover fraud? Account takeover fraud is a form of identity theft that involves unauthorized access to a user’s online accounts to enable financial crimes. Criminals can obtain information in a number of ways, including the dark web, spyware and malware, and phishing to allow them to make unauthorized transactions with the user’s account. Fraudsters have made efforts to also gain control of mobile or email accounts so they can intercept one-time passwords or password change instructions to retain control of the account. Once fraudsters have control of one account, they can use it to access other personal information to breach additional accounts and graduate to full-scale identity theft. How does account takeover fraud impact me? Account takeover fraud is damaging to businesses and consumers. It leads to losses and well as resources invested to confirm fraud. The potential losses from account takeover fraud have spiked over the last year, in large part due to the opportunities created by the rapid increase of digital interactions and the influx of users interacting with merchants and financial institutions online for the first time. Aite research shows that 64% of financial institutions are seeing higher rates of ATO fraud attacks now than prior to the pandemic. – Trace Fooshee, Senior Analyst, Aite Group1 Account takeover can also be difficult to detect. Unlike credit card fraud where the true owner might quickly notice suspicious charges, an account takeover attack can go undetected for long periods of time. That’s because the criminal can change login and contact information, ensuring that the real accountholder doesn’t realize they’ve been compromised immediately. Solving the account takeover fraud problem A good account takeover fraud prevention strategy requires two things: frictionless customer experience and robust risk management. It’s clear that customers expect seamless interactions with merchants and lenders. At the same time, businesses need to be able to spot risky or suspicious behavior before a bad transaction occurs. That’s where a layered fraud management solution comes into play. With the right tools—including risk-based identity and device authentication and targeted step-up authentication—businesses can provide a good customer experience and only pull in staff for deeper investigations where necessary. With this strategy in place, businesses can easily recognize good customers and provide a more personalized experience, while at the same time combatting fraud – boosting growth and minimizing losses in the long run. I hope this series has helped provide insights into the different types of fraud and why each of them requires different treatment. To learn more about the risks of account takeover and how a layered fraud management solution can help protect your business and your customers, feel free to contact us. 1Key Trends Driving Fraud Transformation in 2021 and Beyond, Aite Group, December 2020
Recently, I shared articles about the problems surrounding third-party and first-party fraud. Now I’d like to explore a hybrid type – synthetic identity fraud – and how it can be the hardest type of fraud to detect. What is synthetic identity fraud? Synthetic identity fraud occurs when a criminal creates a new identity by mixing real and fictitious information. This may include blending real names, addresses, and Social Security numbers with fabricated information to create a single identity. Once created, fraudsters will use their synthetic identities to apply for credit. They employ a well-researched process to accumulate access to credit. These criminals often know which lenders have more liberal identity verification policies that will forgive data discrepancies and extend credit to people who appear to be new or emerging consumers. With each account that they add, the synthetic identity builds more credibility. Eventually, the synthetic identity will “bust out,” or max out all available credit before disappearing. Because there is no single person whose identity was stolen or misused there’s no one to track down when this happens, leaving businesses to deal with the fall out. More confounding for the lenders involved is that each of them sees the same scam through a different lens. For some, these were longer-term reliable customers who went bad. For others, the same borrower was brand new and never made a payment. Synthetic identities don't appear consistently as a new account problem or a portfolio problem or correlate to thick- or thin-filed identities, further complicating the issue. How does synthetic identity fraud impact me? As mentioned, when synthetic identities bust out, businesses are stuck footing the bill. Annual SIF (synthetic identity fraud) charge-offs in the United States alone could be as high as $11 billion. – Steven D’Alfonso, research director, IDC Financial Insights1 Unlike first- and third-party fraud, which deal with true identities and can be tracked back to a single person (or the criminal impersonating them), synthetic identities aren’t linked to an individual. This means that the tools used to identify those types of fraud won’t work on synthetics because there’s no victim to contact (as with third-party fraud), or real customer to contact in order to collect or pursue other remedies. Solving the synthetic identity fraud problem Preventing and detecting synthetic identities requires a multi-level solution that includes robust checkpoints throughout the customer lifecycle. During the application process, lenders must look beyond the credit report. By looking past the individual identity and analyzing its connections and relationships to other individuals and characteristics, lenders can better detect anomalies to pinpoint false identities. Consistent portfolio review is also necessary. This is best done using a risk management system that continuously monitors for all types of fraudulent activities across multiple use cases and channels. A layered approach can help prevent and detect fraud while still optimizing the customer experience. With the right tools, data, and analytics, fraud prevention can teach you more about your customers, improving your relationships with them and creating opportunities for growth while minimizing fraud losses. To wrap up this series, I’ll explore account takeover fraud and how the correct strategy can help you manage all four types of fraud while still optimizing the customer experience. To learn more about the impact of synthetic identities, download our “Preventing Synthetic Identity Fraud” white paper and call us to learn more about innovative solutions you can use to detect and prevent fraud. Contact us Download whitepaper 1Synthetic Identity Fraud Update: Effects of COVID-19 and a Potential Cure from Experian, IDC Financial Insights, July 2020
In the wake of unprecedented unemployment fraud since the start of COVID-19, Experian announced it was selected as the exclusive partner for identity and fraud verification for the Unemployment Insurance (UI) Integrity Center’s centralized Identity Verification (IDV) capability. IDV is available to state agencies at no cost through UI Integrity Center, which is operated by the National Association of Workforce Agencies (NASWA) in partnership with the U.S. Department of Labor. With the Federal Bureau of Investigations (FBI) reporting a spike in fraudulent unemployment insurance claims complaints related to COVID-19, it’s more important than ever for state agencies to use innovative solutions to verify identities that are applying for unemployment insurance to protect consumers. If improper unemployment insurance payments are made to fraudsters, the efforts of the CARES Act could be largely wasted. The IDV capability leverages Experian’s Precise IDTM to provide a centralized identity verification and proofing solution. Precise ID combines identity analytics with advanced fraud risk models to distinguish various types of fraud, which can help state agencies maximize time and resources. When state agencies submit claims, the IDV solution will return ID theft scoring and associated cause codes, enabling them to assess whether a claim may be fraudulent. “Due to the COVID-19 health crisis, unemployment is high, with over roughly 60 million Americans filing for unemployment since March,” said Robert Boxberger, president of Experian’s Decision Analytics in North America. “At Experian, we’re proud to have a strong culture dedicated to continuous innovation that helps protect consumers’ financial health. We’re taking that same consumer focus and helping make the unemployment insurance application process more efficient and safer for constituents.” The Integrity Data Hub (IDH) is a robust, multi-state data system that contains a continuously expanding set of sources to provide advanced cross-matching and analytic capabilities to states. It is designed to be easily implemented by any state Unemployment Insurance agency, regardless of claim volume, technology, or access to internal resources. The IDH was designed and built using the latest National Institute of Standards and Technology IT security standards, including the use of asymmetric encryption and other techniques to ensure the security of sensitive data. “We’re excited to partner with Experian and utilize its Precise ID solution to assist states in mitigating fraud during these unprecedented times,” said Scott Sanders, NASWA Executive Director. “States are finding this to be a very valuable tool and we are pleased that we can offer this solution to states through our partnership with the U.S. Department of Labor.” Read Press Release Learn More About Precise ID
Synthetic identity fraud, otherwise known as SID fraud, is reportedly the fastest-growing type of financial crime. One reason for its rapid growth is the fact that it’s so hard to detect, and thus prevent. This allows the SIDs to embed within business portfolios, building up lines of credit to run up charges or take large loans before “busting out” or disappearing with the funds. In Experian’s recent perspective paper, Preventing synthetic identity fraud, we explore how SID differs from other types of fraud, and the unique steps required to prevent it. The paper also examines the financial risks of SID, including: $15,000 is the average charge-off balance per SID attack Up to 15% of credit card losses are due to SID 18% - the increase in global card losses every year since 2013 SID is unlike any other type of fraud and standard fraud protection isn’t sufficient. Download the paper to learn more about Experian’s new toolset in the fight against SID. Download the paper
The CU Times recently reported on a nationwide synthetic identity fraud ring impacting several major credit unions and banks. Investigators for the Federal and New York governments charged 13 people and three businesses in connection to the nationwide scheme. The members of the crime ring were able to fraudulently obtain more than $1 million in loans and credit cards from 10 credit unions and nine banks. Synthetic Identity Fraud Can’t Be Ignored Fraud was on an upward trend before the pandemic and does not show signs of slowing. Opportunistic criminals have taken advantage of the shift to digital interactions, loosening of some controls in online transactions, and the desire of financial institutions to maintain their portfolios – seeking new ways to perpetrate fraud. At the onset of the COVID-19 pandemic, many financial institutions shifted their attention from existing plans for the year. In some cases they deprioritized plans to review and revise their fraud prevention strategy. Over the last several months, the focus swung to moving processes online, maintaining portfolios, easing customer friction, and dealing with IT resource constraints. While these shifts made sense due to rapidly changing conditions, they may have created a more enticing environment for fraudsters. This recent synthetic identity fraud ring was in place long before COVID-19. That said, it still highlights the need to have a prevention and detection plan in place. Financial institutions want to maintain their portfolios and their customer or member experience. However, they can’t afford to table fraud plans in the meantime. “72% of FI executives surveyed believe synthetic identity fraud to be more challenging than identity theft. This is due to the fact that it is harder to detect—either crime rings nurture accounts for months or years before busting out with six-figure losses, or they are misconstrued as credit losses, and valuable agent time is spent trying to collect from someone who doesn’t exist,” says Julie Conroy, Research Director at Aite Group. Prevention and Detection Putting the fraud strategy discussion on hold—even in the short term—could open up a financial institution to potential risk at time when cost control and portfolio maintenance are watch words. Canny fraudsters are on the lookout for financial institutions with fewer protections. Waiting to implement or update a fraud strategy could open a business up to increased fraud losses. Now is the time to review your synthetic identity fraud prevention and detection strategies, and Experian can help. Our innovative new tool in the fight against synthetic identity fraud helps financial institutions stop fraudsters at the door. Learn more
In 2015, U.S. card issuers raced to start issuing EMV (Europay, Mastercard, and Visa) payment cards to take advantage of the new fraud prevention technology. Counterfeit credit card fraud rose by nearly 40% from 2014 to 2016, (Aite Group, 2017) fueled by bad actors trying to maximize their return on compromised payment card data. Today, we anticipate a similar tsunami of fraud ahead of the Social Security Administration (SSA) rollout of electronic Consent Based Social Security Number Verification (eCBSV). Synthetic identities, defined as fictitious identities existing only on paper, have been a continual challenge for financial institutions. These identities slip past traditional account opening identity checks and can sit silently in portfolios performing exceptionally well, maximizing credit exposure over time. As synthetic identities mature, they may be used to farm new synthetics through authorized user additions, increasing the overall exposure and potential for financial gain. This cycle continues until the bad actor decides to cash out, often aggressively using entire credit lines and overdrawing deposit accounts, before disappearing without a trace. The ongoing challenges faced by financial institutions have been recognized and the SSA has created an electronic Consent Based Social Security Number Verification process to protect vulnerable populations. This process allows financial institutions to verify that the Social Security number (SSN) being used by an applicant or customer matches the name. This emerging capability to verify SSN issuance will drastically improve the ability to detect synthetic identities. In response, it is expected that bad actors who have spent months, if not years, creating and maturing synthetic identities will look to monetize these efforts in the upcoming months, before eCBSV is more widely adopted. Compounding the anticipated synthetic identity fraud spike resulting from eCBSV, financial institutions’ consumer-friendly responses to COVID-19 may prove to be a lucrative incentive for bad actors to cash out on their existing synthetic identities. A combination of expanded allowances for exceeding credit limits, more generous overdraft policies, loosened payment strategies, and relaxed collection efforts provide the opportunity for more financial gain. Deteriorating performance may be disguised by the anticipation of increased credit risk, allowing these accounts to remain undetected on their path to bust out. While responding to consumers’ requests for assistance and implementing new, consumer-friendly policies and practices to aid in impacts from COVID-19, financial institutions should not overlook opportunities to layer in fraud risk detection and mitigation efforts. Practicing synthetic identity detection and risk mitigation begins in account opening. But it doesn’t stop there. A strong synthetic identity protection plan continues throughout the account life cycle. Portfolio management efforts that include synthetic identity risk evaluation at key control points are critical for detecting accounts that are on the verge of going bad. Financial institutions can protect themselves by incorporating a balance of detection efforts with appropriate risk actions and authentication measures. Understanding their portfolio is a critical first step, allowing them to find patterns of identity evolution, usage, and connections to other consumers that can indicate potential risk of fraud. Once risk tiers are established within the portfolio, existing controls can help catch bad accounts and minimize the resulting losses. For example, including scores designed to determine the risk of synthetic identity, and bust out scores, can identify seemingly good customers who are beginning to display risky tendencies or attempting to farm new synthetic identities. While we continue to see financial institutions focus on customer experience, especially in times of uncertainty, it is paramount that these efforts are not undermined by bad actors looking to exploit assistance programs. Layering in contextual risk assessments throughout the lifecycle of financial accounts will allow organizations to continue to provide excellent service to good customers while reducing the increasing risk of synthetic identity fraud loss. Prevent SID
If you’ve been on the dating scene in the last few years, you’re probably familiar with ghosting. For those of you who aren’t, I’ll save you the trip to Urban Dictionary. “Ghosting” is when the person you’re dating disappears. No calls. No texts. No DMs. They just vanish, never to be heard from again. As troublesome as this can be, there’s a much more nefarious type of ghosting to be wary of – credit ghosting. Wait, what’s credit ghosting? Credit ghosting refers to the theft of a deceased person’s identity. According to the IRS, 2.5 million deceased identities are stolen each year. The theft often occurs shortly after someone dies, before the death is widely reported to the necessary agencies and businesses. This is because it can take months after a person dies before the Social Security Administration (SSA) and IRS receive, share, or register death records. Additionally, credit ghosting thefts can go unnoticed for months or even years if the family of the deceased does not check their credit report for activity after death. Opportunistic fraudsters check obituaries and other publicly available death records for information on the deceased. Obituaries often include a person’s birthday, address or hometown, parents’ names, occupation, and other information regularly used in identity verification. With this information fraudsters can use the deceased person’s identity and take advantage of their credit rating rather than taking the time to build it up as they would have to with other types of fraud. Criminals will apply for credit cards, loans, lines of credit, or even sign up for a cell phone plan and rack up charges before disappearing. Where did this type of identity theft come from? Credit ghosting is the result of a few issues. One traces back to a discrepancy noted by the Social Security’s inspector general. In an audit, they found that 6.5 million Social Security numbers for people born before June 16, 1901, did not have a date of death on record in the administration’s Numident (numerical identification) system – an electronic database containing Social Security number records assigned to each citizen since 1936. Without a date of death properly noted in the database, government agencies and other entities inquiring won’t necessarily know an individual is deceased, making it possible for criminals to implement credit ghosting schemes. Additionally, unreported deaths leave further holes in the system, leading to opportunity for fraudsters. When financial institutions run checks on the identity information supplied by a fraudster, it can seem legitimate. If the deceased’s credit is in good standing, the fraudster now appears to be a good customer—much like a synthetic identity—but now with the added twist that all of the information is from the same person instead of stitched together from multiple sources. It can take months before the financial institution discovers that the account has been compromised, giving fraudsters ample time to bust out and make off with the funds they’ve stolen. How can you defend against credit ghosting? Luckily, unlike your dating pipeline, there are ways to guard against ghosting in your business’ pipeline. Frontline Defense: Start by educating your customers. It’s never pleasant to consider your own passing or that of a loved one, but it’s imperative to have a plan in place for both the short and long term. Remind your customers that they should contact lenders and other financial institutions in the event of a death and continue monitoring those accounts into the future. Relatives of the deceased don’t tend to check credit reports after an estate has been settled. If the proper steps aren’t taken by the family to notify the appropriate creditors of the death, the deceased flag may not be added to their credit report before the estate is closed, leaving the deceased’s information vulnerable to fraud. By offering your customers assistance and steps to take, you can help ensure that they’re not dealing with the fallout of credit ghosting—like dealing with calls from creditors following up after the fraudster’s bust-out—on top of grieving. Backend Defense: Ensure you have the correct tools in place to spot credit ghosts when they try to enter your pipeline. Experian’s Fraud Shield includes high risk indicators and provides a deceased indicator flag so you can easily weed them out. Additionally, you can track other risk indicators like previous uses of a particular Social Security number and identify potential credit-boosting schemes. Speak to an Experian associate today about how you can increase your defenses against credit ghosting. Let's talk