Tag: fraud prevention strategies

In this article...What is a TOAD attack?How TOAD attacks happenEffective countermeasures Keeping TOADS at bay with Experian Imagine receiving a phone call informing you that your antivirus software license is about to expire. You decide to renew it over the phone, and before you know it, you have been “TOAD-ed”! What is a TOAD attack? Telephone-Oriented Attack Deliveries (TOADs) are an increasingly common threat to businesses worldwide. According to Proofpoint's 2024 State of the Phish Report, 10 million TOAD attacks are made every month, and 67% of businesses globally were affected by a TOAD attack in 2023. In the UK alone, businesses have lost over £500 million to these scams, while in the United States the reported monetary loss averaged $43,000 per incident, with some losses exceeding $1 million.TOADs involve cybercriminals using real phone numbers to impersonate legitimate callers, tricking victims into divulging sensitive information or making fraudulent transactions. This type of attack can result in substantial financial losses and reputational damage for businesses. How TOAD attacks happen TOAD attacks often involve callback phishing, where victims are tricked into calling fake call centers. Before they strike, scammers will gather a victim's credentials from various sources, such as past data breaches, social media profiles, and information bought on the dark web. They will then contact the individual through applications like WhatsApp or call their phone directly. Here is a common TOAD attack example: Initial contact: The victim receives an email from what appears to be a reputable company, like Amazon or PayPal. Fake invoice: The email contains a fake invoice for a large purchase, prompting the recipient to call a customer service number. Deception: A scammer, posing as a customer service agent, convinces the victim to download malware disguised as a support tool, granting the scammer access to the victim's computer and personal information. These techniques keep improving. One of the cleverer tricks of TOADs is to spoof a number or email so they contact you as someone you know. Vishing is a type of phishing that uses phone calls, fake numbers, voice changers, texts, and social engineering to obtain sensitive information from users. It mainly relies on voice to fool users. (Smishing is another type of phishing that uses texts to fool users, and it can be combined with phone calls depending on how the attacker works.) According to Rogers Communication website, an employee in Toronto, Canada got an email asking them to call Apple to change a password. They followed the instructions, and a “specialist” helped them do it. After receiving their password, the cyber criminals used the employee's account to send emails and deceive colleagues into approving a fake payment of $5,000. Artificial intelligence (AI) is also making it easier for TOAD phishing attacks to happen. A few months ago, a Hong Kong executive was fooled into sending HK$200m of his company's funds to cyber criminals who impersonated senior officials in a deepfake video meeting. Effective countermeasures To combat TOAD attacks, businesses must implement robust solutions. Employee training and awareness: Regular training sessions and vishing simulations help employees recognize and respond to TOAD attacks. Authentication and verification protocols: Implementing multi-factor authentication (MFA) and call-back verification procedures enhances security for sensitive transactions. Technology solutions: Bots and spoofing detection and voice biometric authentication technologies help verify the identity of callers and block fraudulent numbers. Monitoring and analytics: Advanced fraud detection and behavioral analytics identify anomalies and unusual activities indicative of TOAD attacks. Secure communication channels: Ensure consumers have access to verified customer service numbers and promote secure messaging apps. A strong strategy should also involve using advanced email security solutions with AI fraud detection and machine learning (ML) to effectively defend against TOAD threats. These can help identify and stop phishing emails. Regular security audits and updates are necessary to find and fix vulnerabilities, and an incident response plan should be prepared to deal with and reduce any breaches. By integrating technology, processes, and people into their strategy, organizations can develop a strong defense against TOAD attacks. Keeping TOADS at bay with Experian®  By working and exchanging information with other businesses and industry groups, you can gain useful knowledge about new or emerging threats and defense strategies. Governments and organizations like the Federal Communications Commission (FCC) have a shared duty to defend the private sector and public consumers from TOAD attacks, while many of the current rules and laws seem to lag behind what criminals are doing. By combining the best data with our automated ID verification processes, Experian® helps you protect your business and reputation. Our best-in-class solutions employ device recognition, behavioral biometrics, machine learning, and global fraud databases to spot and block suspicious activity before it becomes a problem. Learn more *This article includes content created by an AI language model and is intended to provide general information.

The world of finance can be a dangerous place, where cunning schemes lurk in the shadows, ready to pounce on unsuspecting victims. In the ever-evolving landscape of financial crime, the insidious ‘pig butchering’ scam has emerged as a significant threat, targeting both financial institutions and their clients. What is a ‘pig butchering’ scam? ‘Pig butchering’ scams are named after the practice of farmers fattening up their livestock before “butchering” them. This comparison describes the core of ‘pig butchering’ scams, where criminals entice victims to participate in investment schemes and cryptocurrency fraud. Originating in Southeast Asia and now rampant in the United States, these scams often start with online interactions via social media or dating applications. Scammers build trust with the victim, eventually gaining access to their online accounts. They "fatten the pig" by enticing more cryptocurrency investments and then make off with their ill-gotten gains. The repercussions are staggering, with reported losses exceeding $3.5 billion in 2023 alone according to an AP News article, and around 40,000 victims in the United States, including cases of losses as massive as $4 million. The real-life impact The story of “RB,” a San Francisco man who engaged with a scammer named "Janey Lee," serves as a stark warning. Through social media, Janey orchestrated an elaborate scheme, promising "RB” substantial returns in cryptocurrency investment. Seduced by false promises, “RB” emptied his life savings into the scam, only to be rescued by a Federal Bureau of Investigation (FBI) intervention, narrowly avoiding financial ruin.1 Malicious actors are improving their targeting skills, and often pursue executives and victims with a large sum of money, such as C-level officials from financial institutions. This past February, a $50 million pig slaughtering fraud incident caused the CEO of a local bank in Kansas to lose all his funds and the bank to collapse a few months later. FinCEN's vigilance and updates The Financial Crimes Enforcement Network (FinCEN) remains vigilant, issuing advisories to financial institutions to combat ‘pig butchering’ scams. Their latest advisory highlights evolving scam tactics, including aggressive promotions, using money mules for illegal fund transfers, and leveraging new financial products like decentralized finance (DeFi) platforms to obfuscate transactions. FinCEN also warns about red flags such as large and sudden investments from older customers, quick fund withdrawals after big deposits, and the frequent use of coins or mixers that hide transactions. Financial institutions are encouraged to: Report any suspicious activities by using specific terms like "pig butchering fraud advisory" in their reports to make analysis and response easier. File suspicious activity reports (SARs) using the key term “FIN-2023-PIGBUTCHERING.” Guide potential victims to report to the FBI’s IC3 or the Security and Exchange Commission (SEC’s) reporting system. A call to action for financial institutions The fight against ‘pig butchering’ scams requires proactive measures from financial institutions: Enhance fraud detection and anti-money laundering (AML) programs: Implement robust systems compliant with regulatory guidelines, conduct thorough customer enhanced due diligence, and leverage fraud detection software to spot anomalies and red flags., and leverage fraud detection software to spot anomalies and red flags. Leverage data analytics: Utilize data analytics tools to monitor customer behavior, identify irregular patterns, and swiftly detect potential ‘pig butchering’ activities. Employee training: Educate employees on scam risks, fraud detection techniques, and FinCEN red flags to empower them as the first line of defense., and FinCEN red flags to empower them as the first line of defense. Community education: Educate customers on recognizing and avoiding investment scams, promoting awareness, and safeguarding their assets. Navigating challenges with effective solutions ‘Pig butchering’ scams cause not only money losses but also personal troubles and reputational harm. Awareness, learning, and cooperation are essential in protecting from these complex financial fraudsters, securing the safety and confidence of your institutions and stakeholders. By combining the best data with our automated identification verification processes, you can protect your business and onboard new talents efficiently. Our industry-leading solutions employ device recognition, behavioral biometrics, machine learning, and global fraud databases to spot and block suspicious activity before it becomes a problem. Learn more 1San Francisco Chronical (2023). Crypto Texting Scam *This article includes content created by an AI language model and is intended to provide general information.

Fraud is a serious concern for everyone, including businesses and individuals. In fact, according to our 2023 U.S. Identity and Fraud Report, nearly two-thirds (64%) of consumers are very or somewhat concerned with online security, and over 50% of businesses have a high level of concern about fraud risk. The fraud landscape is constantly evolving, and staying vigilant against the latest trends is critical to safeguarding your organization and consumers. As we reflect on 2023, let’s look at the top fraud trends and their continued potential impact on your business. The evolution of new fraud trends When economic uncertainty reigns, a rise in fraud often follows. To begin with, consumers tend to be financially stressed in such periods and prone to making risky decisions. In addition, fraudsters are keenly aware of the opportunities inherent in unstable times and develop tactics to take advantage of them. For example, as consumers rein in spending and financial institutions struggle to maintain new account volumes, fraudsters might ramp up their new account and loan activities. Fraud is becoming more sophisticated. For instance, thanks to the rapid rise in the availability of artificial intelligence (AI) tools, fraudsters are increasingly able to impersonate companies and individuals with ease, as well as consolidate data from diverse sources and use it more efficiently. The most impactful fraud trends of 2023 The fraud trends that emerged in 2023 were diverse, though they all had one thing in common: fraudsters' keen ability to take advantage of new technologies and opportunities. And businesses are feeling the repercussions, with nearly 70% reporting that fraud losses have increased in recent years. Here are five trends we forecasted in the fraud and identity space that challenged fraud fighters on the front lines this year. Deposit and checking account fraud With everyone focused on fraud in the on-line channels, it is interesting that financial institutions reported more fraud occurring at brick-and-mortar locations. Preying on the good nature of helpful branch employees, criminals are taking risks by showing up in person to open accounts, pass bad deposits and try to work their way into other financial products.  The Treasury Department reports complaints doubling YoY, after increasing more than 150% between 2020 and 2021.  Synthetic identity fraud Not quite fake, not quite real, so-called synthetic or "Frankenstein" identities mash up real data with false information to create unique customer profiles that can outsmart retailers' or financial institutions' fraud control systems. With synthetic identity (SID) fraud real data is often stolen or purchased on the dark web and combined with other information — even Artificial Intelligence (AI)-created faces — so that fraudsters can build up a synthetic identity's credit score before taking advantage of them to borrow and spend money that will never be paid back. One major risk? As fraud rates rise due to the use of tactics like synthetic identities, it could become more challenging and expensive to access credit. Fake job postings and mule schemes Well-paying remote work was in high demand this year, creating opportunities for fraudsters to create fake jobs to harvest data such as Social Security numbers from unsuspecting applicants. Experian also predicts a continued rise in "mule" jobs, in which workers unknowingly sign on to do illegal work, such as re-shipping stolen goods. According to the Better Business Bureau, an estimated 14 million people get caught in a fake employment scam yearly. Job seekers can protect themselves by being skeptical of jobs that ask them to do work that appears suspicious, requires money, financial details, or personal information upfront. Peer-to-peer payment fraud Peer-to-peer payment tools are increasingly popular with consumers and fraudsters, who appreciate that they're both instant and irreversible. Experian expects to continue to see an increase in fraudulent activity on these payment systems, as fraudsters use social engineering techniques to deceive consumers into paying for nonexistent merchandise or even sharing access credentials. Stay safe while using peer-to-peer payment tools by avoiding common scams like requests to return accidental payments, opting for payment protection whenever possible and choosing other transaction methods like paying with a credit card. Social media shopping fraud Social media platforms are eager to make in-app shopping fun and friction-free for consumers — and many brands and shoppers are keen to get on board. In fact, approximately 58% of users in the U.S. have purchased a product after seeing it on social media. Unfortunately, these tools neglect effective identity resolution and fraud prevention, leaving sellers vulnerable to fraudulent purchases. And while buyers have some recourse when a purchase turns out to be a scam, it's wise to be cautious while shopping on social media platforms by researching sellers, only using credit cards and being cognizant of common scams, like when vendors on Facebook Marketplace ask for payment upfront. Employer text fraud Fraudulent text messages — also known as “smishing,” a mash-up of Short Messaging Service (SMS) and phishing — continues to rise. In fact, according to data security company Lookout, 2022 was the biggest year ever for such mobile phishing attacks, with more than 30 percent of personal and enterprise mobile phone users exposed every quarter. One modern example of these types of schemes? Expect to continue to see a rise in gift card fraud targeting companies. For example, an employee might receive a text from their "boss" asking them to purchase gift cards and relay the numbers. The fraudsters get to shop, and the company is left with the bill. Why fraud prevention and detection solutions matter Nearly two-thirds of consumers say they are "very" or "somewhat concerned" with online security, and more than 85 percent expect businesses to respond to their identity and fraud concerns. Addressing and preventing fraud — and communicating these fraud-prevention actions to customers — is an essential strategy for businesses that want to maintain customer trust, thereby decreasing churn and maximizing conversions on new leads. There's a financial imperative to address fraud as well. Businesses stand to lose a great deal of money without adequate fraud prevention strategies. Account takeover fraud, for example, is an increasing threat to financial institutions, which saw a 90 percent increase in account takeover losses from 2020 to 2021. By making account takeover fraud prevention a priority, financial institutions can alleviate risks and prevent major losses. How to build an effective fraud strategy in 2024 In 2024, fraud management solutions must be even more technically advanced than the fraudulent techniques they're combating. But more than that, they need to be appealing to consumers, who are likely to abandon signup or purchase attempts when they become too onerous. In fact, 37% of consumers have moved their business elsewhere due to a negative account opening experience. Worryingly for businesses, this number was even higher among high-income households and those aged 25 to 39. To succeed, effective fraud strategies must be seamless, low friction, data-driven and customer-focused. That means making use of up-to-date technologies that boost security while prioritizing a positive customer experience.  Concerned about fraud? Let Experian help As we look back at the top fraud trends of 2023, it's clear that scammers are becoming increasingly sophisticated in their methods. Fraud can create huge risks for your business — but there are ways to act. Experian's suite of fraud prevention and identity verification tools can help you detect and combat fraud. Find out more about Experian's fraud risk management strategies and how they can help keep you and your customers safe. Learn more

As the sophistication of fraudulent schemes increases, so must the sophistication of your fraud detection analytics. This is especially important in an uncertain economic environment that breeds opportunities for fraud. It's no longer enough to rely on old techniques that worked in the past. Instead, you need to be plugged into machine learning, artificial intelligence (AI) and real-time monitoring to stay ahead of criminal attempts. Your customers have come to expect cutting-edge security, and fraud analytics is the best way to meet — and surpass — those expectations. Leveraging these analytics can help your business better understand fraud techniques, uncover hidden insights and make more strategic decisions. What is fraud analytics? Fraud analytics refers to the idea of preventing fraud through sophisticated data analysis that utilizes tools like machine learning, data mining and predictive AI.1 These services can analyze patterns and monitor for anomalies that signal fraud attempts.2 While at first glance this may sound like a lot of work, it's necessary in today's technologically savvy culture. Fraud attempts are becoming more sophisticated, and your fraud detection services must do the same to keep up. Why is fraud analytics so important? According to the Experian® 2023 US Identity and Fraud Report, fraud is a growing issue that businesses cannot ignore, especially in an environment where economic uncertainty provides a breeding ground for fraudsters. Last year alone, consumers lost $8.8 billion — an increase of 30 percent over the previous year. Understandably, nearly two-thirds of consumers are at least somewhat concerned about online security. Their worries range from authorized push payment scams (such as phishing emails) to online privacy, identity theft and stolen credit cards. Unfortunately, while 75 percent of surveyed businesses feel confident in protecting against fraud, only 45 percent understand how fraud impacts their business. There's a lot of unearned confidence out there that can leave businesses vulnerable to attack, especially with nearly 70 percent of businesses admitting an increase in fraud loss in recent years. The types of fraud that businesses most frequently encounter include: Authorized push payment fraud: Phishing emails and other schemes that persuade consumers to deposit funds into fraudulent accounts. Transactional payment fraud: When fraudulent actors steal credit card or bank account information, for example, to make unauthorized payments. Account takeover: When a fraudster gains access to an account that doesn't belong to them and changes login details to make unauthorized transactions. First-party fraud: When an account holder uses their own account to commit fraud, like misrepresenting their income to get a lower loan rate. Identity theft: Any time a person's private information is used to steal their identity. Synthetic identity theft: When someone combines real and fake personal data to create an identity that's used to commit fraud. How can fraud analytics be used to help your business? More than 85% of consumers expect businesses to respond to their security and fraud concerns. A good portion of them (67 percent) are even ready to share their personal data with trusted sources to help make that happen. This means that investing in risk and fraud analytics is not only vital for keeping your business and customer data secure, but it will score points with your consumers as well. So how can your business utilize fraud analytics? Machine learning is a great place to start. Rather than relying on outdated rules-based analytic models, machine learning can vastly increase your speed in identifying fraud attempts. This means that when a new fraudulent trend emerges, your machine learning software can pinpoint it fast and flag your security team. Machine learning also lets you automatically analyze large data sets across your entire customer portfolio, improving customer experiences and your response time. In general, the best way for your business to use fraud analytics is by utilizing a multi-layered approach, such as the robust fraud management solutions offered by Experian. Instead of a one-size-fits-all solution, Experian lets you customize a framework of physical and digital data security that matches your business needs. This framework includes a cloud-based platform, machine learning for streamlined data analytics, biometrics and other robust identity-authentication tools, real-time alerts and end-to-end integration. How Experian can help Experian's platform of fraud prevention solutions and advanced data analytics allows you to be at the forefront of fraud detection. The platform includes options such as: Account takeover prevention. Account takeovers can go unnoticed without strong fraud detection. Experian's account takeover prevention tools automatically flag and monitor unusual activities, increase efficiency and can be quickly modified to adapt to the latest technologies. Bust-out fraud prevention. Experian utilizes proactive monitoring and early detection via machine learning to prevent bust-out fraud. Access to premium credit data helps enhance detection.  Commercial entity fraud prevention. Experian's Sentinel fraud solutions blend consumer and business datasets to create predictive insights on business legitimacy and credit abuse likelihood. First-party fraud prevention. Experian's first-party fraud prevention tools review millions of transactions to detect patterns, using machine learning to monitor credit data and observations. Global data breach protection. Experian also offers data breach protection services, helping you use turnkey solutions to build a program of customer notifications and identity protection. Identity protection. Experian offers identity protection tools that deliver a consistent brand experience across touchpoints and devices. Risk-based authentication. Minimize risk with Experian's adaptive risk-based authentication tools. These tools use front- and back-end authentication to optimize cost, risk management and customer experience. Synthetic identity fraud protection. Synthetic identity fraud protection guards against the fastest-growing financial crimes. Automated detection rules evaluate behavior and isolate traits to reduce false positives. Third-party fraud prevention. Experian utilizes third-party prevention analytics to identify potential identity theft and keep your customers secure. Your business's fraud analytics system needs to increase in sophistication faster than fraudsters are fine-tuning their own approaches. Experian's robust analytics solutions utilize extensive consumer and commercial data that can be customized to your business's unique security needs. Experian can help secure your business from fraud Experian is committed to helping you optimize your fraud analytics. Find out today how our fraud management solutions can help you. Learn more 1 Pressley, J.P. "Why Banks Are Using Advanced Analytics for Faster Fraud Detection," BizTech, July 25, 2023. https://biztechmagazine.com/article/2023/07/why-banks-are-using-advanced-analytics-faster-fraud-detection 2 Coe, Martin and Melton, Olivia. "Fraud Basics," Fraud Magazine, March/April 2022. https://www.fraud-magazine.com/article.aspx?id=4295017143

Authorized Push Payment fraud, also known as APP fraud or APP scams, involves a fraudster persuading a victim to willingly deposit funds to their account or to the account of a complicit third party, also known as a money mule. This type of fraud often includes social engineering of the victim using fake investment schemes, impersonation scams, purchase scams or other schemes. Social engineering clouds victims' judgments and encourages them to make payments willingly to one or more money mules, with funds eventually reaching fraudsters' accounts. This type of fraud has become more attractive to criminals since the advent of real-time payment systems, which are now a reality worldwide. Fraud fueled by real-time payments Authorized push payment fraud is becoming more prevalent, and it is imperative that you know how to detect and prevent it to safeguard your organization. Real-time payment systems, such as Faster Payments in the United Kingdom (UK), PIX in Brazil, the New Payments Platform in Australia, and FedNow in the USA, make real-time payment fraud a reality.  APP fraud is notoriously difficult for banks to prevent because the victim is sending the money themselves, and steps that banks take to authenticate customers are ineffective, as the customer will pass identity checks. The victims cannot reverse a payment once they realize they have been conned, as payments made using real-time payment schemes are irrevocable. APP fraud is particularly prevalent in countries where banks have an infrastructure that facilitates fast or immediate transfers, like the UK. Learn more about the new UK legislation around APP fraud Reimbursment is vital to victims Some common types of authorized push payment fraud include attacks on individuals like romance scams, family emergency swindles, targeting property transactions, and intercepting supplier payments. To protect against APP fraud, it is important to employ layered fraud protection across all products and channels used to manage real-time payments. But that alone is not enough. Reimbursement is vital in reversing the financial distress caused by APP scams, but it cannot reverse the emotional distress these scams cause. Prevention, detection, and awareness measures must be moved up on the agenda for banks, non-traditional lenders, PSPs (Payment Service Providers), and customers alike to ensure that the customer is protected at every stage of the payment journey.  Effective alerts are a key focus area for preventing customers from falling victim to APP scams. An effective warning is one that is dynamic and tailored to the customer’s payment journey. Recent research indicates that minor changes to notifications across banking apps can have the potential to drastically reduce the number of individuals that fall victim to APP fraud. The biggest effects were achieved when a combination of risk-based and Call to Action (CTA) warnings were implemented over a period of time. A collective effort across the banking industry and beyond is crucial to protect customers and tackle the fight against APP fraud. Banks, non-traditional lenders, and PSPs can raise awareness to educate their customers on the signs and risks of APP scams, and work with industry oversight bodies to commit to voluntary standards and codes to ensure good customer outcomes. Online forums, social media platforms, and influential voices also have a role to play in raising awareness of and preventing scams. Customers can also help by being vigilant and reading and acting upon warnings and information presented to them.  Authorized push payment fraud prevention To effectively combat authorized push payment fraud, financial institutions must implement a range of measures, including:  Direct communication with consumers.  Enhanced transaction monitoring.  Effective risk mitigation and management.  Improved employee education.  Public awareness campaigns.   In response to this growing threat, banks have introduced various checks and balances, such as the Confirmation of Payee (CoP) service in the UK, which cross-references bank details with the account holder's name when processing online payments.  Banks are also leveraging sophisticated fraud prevention software stacks, incorporating machine learning and contextual data to identify and flag suspicious transactions. By utilizing AI technologies, financial institutions can process  data points faster and enhance their fraud detection capabilities, mitigating identity risk and safeguarding customer accounts. Clear communication with customers is essential in the fight against APP fraud. Higher-risk companies now include warnings in their communications, advising customers not to act on messages that request payment into new bank accounts.  Financial institutions can also offer cool-off periods before payments are sent, increase due diligence around payment destinations, and monitor accounts that regularly receive high-value payments. Additionally, financial institutions can play a crucial role in educating their customers and promoting awareness around this increasingly common type of fraud. By combining these approaches with robust fraud prevention software, the public can fight against this type of fraudulent attack.  Taking the next steps with the right partner At Experian, we offer rich data sources, advanced analytics capabilities, and the consultancy services needed to rapidly adopt data analytics solutions that mitigate fraud risks. Our solutions are used by PSPs of all types and sizes – including some of the largest banks – to identify potentially fraudulent customers and transactions, and to ensure that action is taken in real time to prevent fraudulent payments being made.  Learn more about our fraud management solutions *This article leverages/includes content created by an AI language model and is intended to provide general information.

Have you heard about the mischievous ghosts haunting our educational institutions? No, I am not talking about Casper's misfit pals. These are the infamous ghost students! They are not here for a spooky study session, oh no! They are cunning fraudsters lurking in the shadows, pretending to be students who never attend classes. It is taking ghosting to a whole new level. Understanding ghost student fraud Ghost student fraud is a serious and alarming issue in the educational sector. The rise of online classes due to the pandemic has made it easier for fraudsters to exploit application systems and steal government aid meant for genuine students. Community colleges have become primary targets due to slower adoption of cybersecurity defenses. It is concerning to hear that a considerable number of applications, such as in California (where Social Security numbers are not required at enrollment), are fictitious, with potential losses in financial aid meant for students in need. The use of stolen or synthetic identities in creating bot-powered applications further exacerbates the problem. The consequences of enrollment fraud can have a profound impact on institutions and students. The recent indictment of individuals involved in enrollment fraud, where identities were stolen to receive federal student loans, highlights the severity of the issue. Unfortunately, the lack of awareness and inadequate identity document verification processes in many institutions make it difficult to fully grasp the extent of the problem. What is a ghost student? Scammers use different methods to commit ghost student loan fraud, including creating fake schools or enrolling in real colleges. Some fraudsters use deceitful tactics to obtain the real identities of students, and then they use it to fabricate loan applications. Types of ghost loan fraud, include: Fake loan offers: Fraudsters contact students via various channels, claiming to offer exclusive student loan opportunities with attractive terms and low interest rates. They often request personal and financial information including their SSN and bank account information and use it to create ghost loans. Identity theft: Threat actors will steal personal info through data breaches or phishing. They will then forge loan applications using the victim’s identity. Targeting vulnerable individuals: Ghost student loan fraud tends to prey on those already burdened by debt. Scammers may target borrowers with poor credit history, promising loan forgiveness or debt consolidation plans in exchange for a fee. Once the victim pays, the fraudsters disappear. Ultimately, addressing ghost student fraud requires a multi-faceted approach involving collaboration between educational institutions, government agencies, and law enforcement to safeguard the accessibility and integrity of education for all deserving students. Safeguarding the financial integrity of educational institutions One powerful weapon in the battle against ghost student fraudsters is the implementation of robust identity verification solutions. Financial institutions, online marketplaces, and government entities have long employed such tools to verify the authenticity of individuals, and their application in the educational domain can be highly effective. By leveraging these tools, institutions can swiftly and securely carry out synthetic fraud detection and confirm the identity of applicants by cross-referencing multiple credible sources of information. For instance, government-issued IDs can be verified against real-time selfies, email addresses can be screened against reliable databases, and personally identifiable information (PII) can be compared to third-party dark web data to detect compromised identities. Clinching evidence from various sources renders it nearly impossible for fraudsters to slip past the watchful eyes of enrollment officers. Moreover, implementation of identity verification measures can be facilitated through low-code implementation, ensuring seamless integration into existing enrollment workflows without requiring extensive technical expertise or incurring exorbitant development costs. To further fortify security measures, educational institutions may consider incorporating biometric enrollment and authentication solutions. By requiring face or voice biometrics for accessing school resources, institutions can create an additional layer of protection against fraudsters and their ethereal counterparts. The reluctance of fraudsters to enroll their own biometric data serves as a powerful deterrent against their intrusive activities. Taking action By adopting these robust measures, higher educational institutions can fortify their defenses against ghost student fraud and maintain the integrity of their finances. The use of online identity verification methods and biometric authentication systems not only strengthens the enrollment process but serves as a stringent reminder that there is no resting place for fraudsters within the hallowed halls of education. To learn more about how Experian can help you leverage fraud prevention solutions, visit us online or request a call. *The SSN Verification tool, better known as eCBSV is also a tool that can be utilized to verify SSN.  *This article leverages/includes content created by an AI language model and is intended to provide general information.

Debt collectors need to find, contact and work with people to collect on unpaid accounts. That can be challenging enough. But when synthetic identity fraud accounts are mixed into your collection portfolio, you'll waste resources trying to collect from people who don't even exist. What is synthetic identity fraud? Synthetic identity fraud happens when fraudsters mix real and fake identity information — such as a stolen Social Security number (SSN) with a fake name and date of birth — to create an identity. Fraudsters occasionally try to quickly create and use synthetic IDs to commit fraud. But these are often more complex operations, and the fraudsters spend months or years building synthetic IDs. They might then use or sell an identity once it has a thick credit file, matching identification documents and a robust social media presence. The resulting fraud can have a significant impact on lenders. By some estimates, annual synthetic fraud losses for consumer loans and credit cards could be as high as $11 billion.1 Total annual losses are likely even higher because organizations may misclassify synthetic fraud losses — or not classify them at all — and fraudsters also target other types of organizations, such as business lenders and medical care providers Recognizing synthetic identities and fraud losses Organizations can ideally detect and stop synthetic IDs at account opening. If a fraudster slips past the first line of defense, fraud detection tools that aren't tailored for synthetic identity fraud might not flag the account as suspicious. This is especially true when fraudsters make several on-time payments, mirroring a legitimate account holder's behavior, before stopping payments or busting out. Sometimes, these past-due accounts get sent to collections before being written off as a credit loss. That creates new issues. Debt management and collections systems can help collections departments prioritize outreach and minimize charge-offs. But if you add fraudulent accounts to the mix, you wind up throwing away your time and resources. Even when you properly classify these written-off accounts as fraud losses, it can be hard to distinguish between first-party fraud by a legitimate consumer and synthetic identity fraud losses. However, the distinction can be important for optimizing your credit risk strategy. Detection is the key to prevention Keeping synthetic fraud out of collection portfolios requires a multi-layered approach to fraud management. You need systems to help stop synthetic fraud at the front door and ongoing account monitoring throughout the customer lifecycle. You also want fraud solutions that use data from multiple sources to recognize synthetic identities, such as credit bureau, public records, consortium and behavioral data. Experian's industry-leading fraud and identity solutions Experian's synthetic identity fraud and identity resolution solutions make it a leader in the space. These include: Sure Profile™uses credit, public record and identity-specific data to create a composite history of a consumer's identity and generate a risk score. You can automate risk-based decisions based on the score, and you'll have access to the underlying Sure Profile attributes. CrossCore® is a cloud-based identity and fraud management platform that you can connect to Experian, third-party and internal tools to get a 360-degree view of your accounts throughout the customer lifecycle. Experian partners with the Social Security Administration to offer an electronic Consent Based Social Security Number Verification (eCBSV) service, which can help you determine if an SSN, name and date of birth match. It can be an important part of a step-up verification when risk signals indicate that an identity might not be legitimate. View our tip sheet to learn more about keeping fraudulent accounts out of your collection portfolio. Download now 1Experian (2022). Preventing synthetic identity fraud

The Federal Reserve (Fed) took a big step towards revolutionizing the U.S. payment landscape with the official launch of FedNow, a new instant payment service, on July 20, 2023. While the new payment network offers advantages, there are concerns that fraudsters may be quick to exploit the new real-time technology with fraud schemes like automated push payment (APP) fraud. How is FedNow different from existing payment networks? To keep pace with regions across the globe and accelerate innovation, the U.S. created a alternative to the existing payment network known as The Clearing House (TCH) Real-Time Payment Network (RTP). Fraudsters can use the fact that real-time payments immediately settle to launder the stolen money through multiple channels quickly. The potential for this kind of fraud has led financial regulators to consider measures to better protect against it. While both FedNow and RTP charge a comparable fee of 4.5 cents per originated transaction, the key distinction lies in their governance. RTP is operated by a consortium of large banks, whereas FedNow falls under the jurisdiction of the Federal Reserve Bank. This distinction could give FedNow an edge in the market. One of the advantages of FedNow is its integration with the extensive Federal Reserve network, allowing smaller local banks across the country to access the service. RTP estimates accessibility to institutions holding approximately 90% of U.S. demand deposit accounts (DDAs), but currently only reaches 62% of DDAs due to limited participation from eligible institutions. What are real-time payments? Real-time payments refer to transactions between bank accounts that are initiated, cleared, and settled within seconds, regardless of the time or day. This immediacy enhances transparency and instills confidence in payments, which benefits consumers, banks and businesses.Image sourced from JaredFranklin.com Real-time payments have gained traction globally, with adoptions from over 70 countries on six continents. In 2022 alone, these transactions amounted to a staggering $195 billion, representing a remarkable year-over-year growth of 63%. India leads the pack with its Unified Payments Interface platform, processing a massive $89.5 billion in transaction volume. Other significant markets include Brazil, China, Thailand, and South Korea. The fact that real-time payments cannot be reversed promotes trust and ensures that contracts are upheld. This also encourages the development of new methods to make processes more efficient, like the ability to pay upon receiving the goods or services. These advancements are particularly crucial for small businesses, which disproportionately bear the burden of delayed payments, amounting to a staggering $3 trillion globally at any given time. The launch of FedNow marks a significant milestone in the U.S. financial landscape, propelling the country towards greater efficiency, transparency, and innovation in payments. However, it also brings a fair share of challenges, including the potential for increased fraud. Are real-time payments a catalyst for fraud? As the financial landscape evolves with the introduction of real-time payment systems, fraudsters are quick to exploit new technologies. One particular form of fraud that has gained prominence is authorized push payment (APP) fraud. APP fraud is a type of scam where fraudsters trick individuals or businesses into authorizing the transfer of funds from their bank accounts to accounts controlled by the fraudsters. The fraudster poses as a legitimate entity and deceives the victim into believing that there is an urgent need to transfer money. They gain the victim's trust and provide instructions for the transfer, typically through online or telephone banking channels. The victim willingly performs the payment, thinking it is legitimate, but realizes they have been scammed when communication halts. APP fraud is damaging as victims authorize the payments themselves, making it difficult for banks to recover the funds. To protect against APP fraud, it's important to be cautious, verify the legitimacy of requests independently, and report any suspicious activity promptly. Fraud detection and prevention with real-time payments Advances in fraud detection software, including machine learning and behavioral analytics, make unusual urgent requests and fake invoices easier to spot — in real time — but some governments are considering legislation to ensure more support for victims. For example, in the U.K., frameworks like Confirmation of Payee have rolled out instant account detail checks against the account holder’s name to help prevent cases of authorized push payment fraud. The U.K.’s real-time payments scheme Pay.UK also introduced the Mule Insights Tactical Solution (MITS), which tracks the flow of fraudulent transactions used in money laundering through bank and credit union accounts. It identifies these accounts and stops the proceeds of crimes from moving deeper into the system – and can help victims recover their funds. While fraud levels related to traditional payments have slowly come down, real-time payment-related fraud has recently skyrocketed. India, one of the primary innovators in the space, recorded a 23% rise in fraud related to its real-time payments system in 2022. The same ACI report stated that the U.S., making up only 1.2% of all real-time payment transactions in 2022, had, for now, avoided the effects. However, “there is no reason to assume that without action, the U.S. will not follow the path to crisis levels of APP scams as seen in other markets.” FedNow currently has no specific plans to bake fraud detection into their newly launched technology, meaning the response is left to financial institutions. Fight instant fraud with instant answers Artificial Intelligence (AI) holds tremendous potential in combating the ever-present threat of fraud. With AI technologies, financial institutions can process vast amounts of data points faster and enhance their fraud detection capabilities. This enables them to identify and flag suspicious transactions that deviate from the norm, mitigating identity risk and safeguarding customer accounts. The ability of AI-powered systems to ingest and analyze real-time information empowers institutions to stay one step ahead in the battle against account takeover fraud. This type of fraud, which poses a significant challenge to real-time payment systems, can be better addressed through AI-enabled tools. With ongoing monitoring of account behavior, such as the services provided by FraudNet, financial institutions gain a powerful weapon against APP fraud. In addition to behavioral analysis, location data has emerged as an asset in the fight against fraud. Incorporating location-based information into fraud detection algorithms has proven effective in pinpointing suspicious activities and reducing fraudulent incidents. As the financial industry continues to grapple with the constant evolution of fraud techniques, harnessing the potential of AI, coupled with comprehensive data analysis and innovative technologies, becomes crucial for securing the integrity of financial transactions. Taking your next step in the fight against fraud Ultimately, the effectiveness of fraud prevention measures depends on the implementation and continuous improvement of security protocols by financial institutions, regulators, and technology providers. By staying vigilant and employing appropriate safeguards, fraud risks in real-time payment systems, such as FedNow, can be minimized. To learn more about how Experian can help you leverage fraud prevention solutions, visit us online or request a call.  *This article leverages/includes content created by an AI language model and is intended to provide general information.

Banking uncertainty creates opportunity for fraud The recent regional bank collapses left anxious consumers scrambling to withdraw their funds or open new accounts at other institutions. Unfortunately, this situation has also created an opportunity for fraudsters to take advantage of the chaos. Criminals are exploiting the situation and posing as legitimate customers looking to flee their current bank to open new accounts elsewhere. Financial institutions looking to bring on these consumers as new clients must remain vigilant against fraudulent activity. Fraudsters also prey on vulnerable individuals who may be financially stressed and uncertain about the future. This creates a breeding ground for scams as fear and uncertainty cloud judgment and make people more susceptible to manipulation. Beware of fraudulent tactics Now, it is more important than ever for financial institutions to be vigilant in their due diligence processes. As they navigate this period of financial turbulence, they must take extra precautions to ensure that new customers are who they say they are by verifying customer identities, conducting thorough background checks where necessary, and monitoring transactions for any signs of suspicious activity. Consumers should also maintain vigilance — fraudulent schemes come in many forms, from phishing scams to fake investment opportunities promising unrealistic returns. To protect yourself against these risks, it is important to remain vigilant and take precautions such as verifying the legitimacy of any offers or investments before investing, monitoring your bank and credit card statements regularly for suspicious activity, and being skeptical of unsolicited phone calls, emails, or text messages. Security researcher Johannes Ulrich reported that threat actors are jumping at the opportunity, registering suspicious domains related to Silicon Valley Bank (SVB) that are likely to be used in attacks. Ulrich warned that the scammers might try to contact former clients of SVB to offer them a support package, legal services, loans, or other fake services relating to the bank's collapse. Meanwhile, on the day of the SVB closure, synthetic identity fraud began to climb from an attack rate of .57 to a first peak of 1.24% on the Sunday following the closure, or an increase of 80%. After the first spike reduced on March 14, we only saw a return of an even higher spike on March 21 to 1.35%, with bumps continuing since then. As the economy slows and fraud rises, don’t let your guard down The recent surge in third-party attack rates on small business and investment platforms is a cause for concern. There was a staggering nearly 500% increase in these attacks between March 7th and 11th, which coincided with the release of negative news about SVB. Bad actors had evidently been preparing for this moment and were quick to exploit vulnerabilities they had identified across our financial system. They used sophisticated bots to create multiple accounts within minutes of the news dropping and stole identities to perpetrate fraudulent activities. This underscores the need for increased vigilance and proactive measures to protect against cyber threats impacting financial institutions. Adopting stronger security measures like multi-factor authentication, real-time monitoring, and collaboration with law enforcement agencies for timely identification of attackers is of paramount importance to prevent similar fraud events in the future. From frictionless to friction-right As businesses seek to stabilize their operations in the face of market turbulence, they must also remain vigilant against the threat of fraud. Illicit activities can permeate a company's ecosystem and disrupt its operations, potentially leading to financial losses and reputational damage. Safeguarding against fraud is not a simple task. Striking a balance between ensuring a smooth customer experience and implementing effective fraud prevention measures can be a challenging endeavor. For financial institutions in particular, being too stringent in fraud prevention efforts may drive customers away, while being too lenient can expose them to additional fraud risks. This is where a waterfall approach, such as that offered by Experian CrossCore®, can prove invaluable. By leveraging an array of fraud detection tools and technologies, businesses can tailor their fraud prevention strategies to suit the specific needs and journeys of different customer segments. This layered, customized approach can help protect businesses from fraud while ensuring a seamless customer experience. Learn more