Tag: fraud
While bots have many helpful purposes, they have unfortunately become a tool for malicious actors to gain fraudulent access to financial accounts, personal information and even company-wide systems. Almost every business that has an online presence will have to face and counter bot attacks. In fact, a recent study found that across the internet on a global scale, malicious bots account for 30 percent of automated internet activity.1 And these bots are becoming more sophisticated and harder to detect. What is a bot attack and bot fraud? Bots are automated software applications that carry out repetitive instructions mimicking human behavior.2 They can be either malicious or helpful, depending on their code. For example, they might be used by companies to collect data analytics, scan websites to help you find the best discounts or chat with website visitors. These "good" bots help companies run more efficiently, freeing up employee resources. But on the flip side, if used maliciously, bots can commit attacks and fraudulent acts on an automated basis. These might even go undetected until significant damage is done. Common types of bot attacks and frauds that you might encounter include: Spam bots and malware bots: Spam bots come in all shapes and sizes. Some might scrape email addresses to entice recipients into clicking on a phishing email. Others operate on social media sites. They might create fake Facebook celebrity profiles to entice people to click on phishing links. Sometimes entire bot "farms" will even interact with each other to make a topic or page appear more legitimate. Often, these spam bots work in conjunction with malware bots that trick people into downloading malicious files so they can gain access to their systems. They may distribute viruses, ransomware, spyware or other malicious files. Content scraping bots: These bots automatically scrape content from websites. They might do so to steal contact information or product details or scrape entire articles so they can post duplicate stories on spam websites. DDoS bots and click fraud bots: Distributed denial of service (DDoS) bots interact with a target website or application in such large numbers that the target can't handle all the traffic and is overwhelmed. A similar approach involves using bots to click on ads or sponsored links thousands of times, draining advertisers' budgets. Credential stealing bots: These bots use stolen usernames and passwords to try to log into accounts and steal personal and financial information. Other bots may try brute force password cracking to find one combination that works so they can gain unauthorized access to the account. Once the bot learns consumer’s legitimate username and password combination on one website, they can oftentimes use it to perform account takeovers on other websites. In fact, 15 percent of all login attempts across industries in 2022 were account takeover attacks.1 AI-generated bots: While AI, like ChatGPT, is vastly improving the technological landscape, it's also providing a new avenue for bots.3 AI can create audio and videos that appear so real that people might think they're a celebrity seeking funds. What are the impacts of bot attacks? Bot attacks and bot fraud can have a significant negative impact, both at an individual user level and a company level. Individuals might lose money if they're tricked into sending money to a fake account, or they might click on a phishing link and unwittingly give a malicious actor access to their accounts. On a company level, the impact of a bot attack can be even more widespread. Sensitive customer data might get exposed if the company falls victim to a malware attack. This can open the door for the creation of fake accounts that drain a company's money. For example, a phishing email might lead to demand deposit account (DDA) fraud, where a scammer opens a fraudulent account in a customer's name and then links it to new accounts, like new lines of credit. Malware attacks can also cause clients to lose trust in the company and take their business elsewhere.A DDoS attack can take down an entire website or application, leading to a loss of clients and money. A bot that attacks APIs can exploit design flaws to steal sensitive data. In some cases, ransomware attacks can take over entire systems and render them unusable. How can you stop bot attacks? With so much at risk, stopping bot attacks is vital. But some of the most typical defenses have core flaws. Common methods for stopping bot attacks include: CAPTCHAs: While CAPTCHAs can protect online systems from bot incursions, they can also create friction with the user process. Firewalls: To stop DDoS attacks, companies might reduce attack points by utilizing firewalls or restricting direct traffic to sensitive infrastructures like databases.4 Blocklists: These can prevent IPs associated with attacks from accessing your system entirely. Multifactor authentication (MFA): MFA requires two forms of identification or more before granting access to an account. Password protection: Password managers can ensure employees use strong passwords that are different for each access point. While the above methods can help, many simply aren't enough, especially for larger companies with many points of potential attacks. A piecemeal approach can also lead to friction on the user's side that may turn potential clients away. Our 2024 Identity and Fraud Report revealed that up to 38 percent of U.S. adults stopped creating a new account because of the friction they encountered during the onboarding process. And often, this friction is in place to try to stop fraudulent access. Incorporating behavioral analytics to combat attacks Another effective way to enhance bot detection is through the use of behavioral analytics. This technology helps track user activity and identify patterns that may suggest malicious bot behavior. By analyzing aspects such as typing speed, mouse movement and the way users interact with websites, businesses can gain real-time insights into whether a visitor is human or a bot. Behavioral analytics in fraud uses machine learning and advanced algorithms to continuously monitor and refine user behavior patterns. This allows businesses to identify bot attacks more accurately and prevent them before they cause harm. By analyzing real-time behaviors, such as how fast someone enters information or their browsing habits, businesses can flag suspicious activity that traditional methods might miss. Why partner with Experian? What companies need is fraud and bot protection with a positive customer experience. We provide account takeover fraud prevention solutions that can help protect your company from bot attacks, fraudulent accounts and other malicious attempts to access your sensitive data. Experian's approach embodies a paradigm shift where fraud detection increases efficiency and accuracy without sacrificing customer experience. We can help protect your company from bot attacks, fraudulent accounts and other malicious attempts to access your sensitive data. Learn more This article includes content created by an AI language model and is intended to provide general information. 1"Bad bot traffic accounts for nearly 30% of APAC internet traffic," SMEhorizon, June 13, 2023. https://www.smehorizon.com/bad-bot-traffic-accounts-for-nearly-30-of-apac-internet-traffic/2"What is a bot?" AWS. https://aws.amazon.com/what-is/bot/3Nield, David. "How ChatGPT — and bots like it — can spread malware," Wired, April 19, 2023. https://www.wired.com/story/chatgpt-ai-bots-spread-malware/4"What is a DDoS attack?" AWS. https://aws.amazon.com/shield/ddos-attack-protection/
Spoiler alert: Gen AI is everywhere, including the top of Experian’s list of fraud trends 2024. “The speed and complexity of fraud attacks due to new technology and sophisticated fraudsters is leaving both businesses and consumers at risk in 2024,” said Kathleen Peters, chief innovation officer at Experian Decision Analytics in North America. “At Experian, we’re constantly innovating to deliver data-driven solutions to help our customers fight fraud and to protect the consumers they serve.” To deter fraudulent activity in 2024, businesses and consumers must get tactical for their fraud fighting strategies. And for businesses, the need for more sophisticated fraud protection solutions leveraging data and technology is greater than ever before. Experian suggests consumers and businesses watch out for these big five rounding out our fraud trends 2024. Generative AI: Generative AI accelerates DIY fraud: Experian predicts fraudsters will use generative AI to accelerate “do-it-yourself” fraud ranging from deepfake content – think emails, voice and video – as well as code creation to set up scam websites. A previous blog post of ours highlighted four types of generative AI used for fraud, including fraud automation at scale, text content generation, image and video manipulation and human voice generation. The way around it? Fight AI fraud with AI as part of a multilayered fraud prevention solution. Fraud at bank branches: Bank branches are making a comeback. A growing number of consumers prefer visiting bank branches in person to open new accounts or get financial advice with the intent to conduct safer transactions. However, face-to-face verification is not flawless and is still susceptible to human error or oversight. According to an Experian report, 85% of consumers report physical biometrics as the most trusted and secure authentication method they’ve recently encountered, but the measure is only currently used by 32% of businesses to detect and protect against fraud. Retailers, beware: Not all returns are as they appear. Experian predicts an uptick in cases where customers claim to return their purchases, only for the business to receive an empty box in return. Businesses must be vigilant with their fraud strategy in order to mitigate risk of lost goods and revenue. Synthetic identity fraud will surge: Pandemic-born synthetic identities may have been dormant, but now have a few years of history, making it easier to elude detection leading to fraudsters using those dormant accounts to “bust out” over the next year. Cause-related and investment deception: Fraudsters are employing new methods that strike an emotional response from consumers with cause-related asks to gain access to consumers’ personal information. Experian predicts that these deceptive cause-related methods will surge in 2024 and beyond. How businesses and consumers feel about fraud in 2024 According to an Experian report, over half of consumers feel they’re more of a fraud target than a year ago and nearly 70% of businesses report that fraud losses have increased in recent years. Business are facing mounting challenges – from first-party fraud and credit washing to synthetic identity and the yet-to-be-known impacts generative AI may have on fraud schemes. Synthetic identity fraud has been mentioned in multiple Experian Fraud Forecasts and the threat is ever growing. As technology continues to enhance consumers’ connectedness, it also heightens the stakes for various fraud attacks. As highlighted by this list of fraud trends 2024, the ways that fraudsters are looking to deceive is increasing from all angles. “Now more than ever, businesses need to implement a multilayered approach to their identity verification and fraud prevention strategies that leverages the latest technology available,” said Peters. Consumers are increasingly at risk from sophisticated fraud schemes. Increases in direct deposit account and check fraud, as well as advanced technologies like deepfakes and AI-generated phishing emails, put consumers in a precarious position. The call to action for consumers is to remain vigilant of seemingly authentic interactions. Experian can help with your fraud strategy To learn more about Experian’s fraud prevention solutions, please visit https://www.experian.com/business/solutions/fraud-management. Download infographic Watch Future of Fraud webinar
This article was updated on February 12, 2024. The Buy Now, Pay Later (BNPL) space has grown massively over the last few years. But with rapid growth comes an increased risk of fraud, making "Buy Now, Pay Never" a crucial fraud threat to watch out for in 2024 and beyond. What is BNPL? BNPL, a type of short-term financing, has been around for decades in different forms. It's attractive to consumers because it offers the option to split up a specific purchase into installments rather than paying the full total upfront. The modern form of BNPL typically offers four installments, with the first payment at the time of purchase, as well as 0% APR and no hidden fees. According to an Experian survey, consumers cited managing spending (34%), convenience (31%), and avoiding interest payments (23%) as main reasons for choosing BNPL. Participating retailers generally offer BNPL at point-of-sale, making it easy for customers to opt-in and get instantly approved. The customer then makes a down payment and pays off the installments from their preferred account. BNPL is on the rise The fintech and online-payment-driven world is seeing a rise in the popularity of BNPL. According to Experian research, 3 in 4 consumers have used BNPL in 2023, with 11% using BNPL weekly to make purchases. The interest in BNPL also spans generations — 36% of Gen Z, 43% of Millennials, 32% of Gen X, and 12% of Baby Boomers have used this payment method. The risks of BNPL While BNPL is a convenient, easy way for consumers to plan for their purchases, experts warn that with lax checkout and identity verification processes it is a target for digital fraud. Experian predicts an uptick in three primary risks for BNPL providers and their customers: identity theft, first-party fraud, and synthetic identity fraud. WATCH: Fraud and Identity Challenges for Fintechs Victims of identity theft can be hit with charges from BNPL providers for products they have never purchased. First-party and synthetic identity risks will emerge as a shopper's buying power grows and the temptation to abandon repayment increases. Fraudsters may use their own or fabricated identities to make purchases with no intent to repay. This leaves the BNPL provider at the risk of unrecoverable monetary losses and can impact the business' risk tolerance, causing them to narrow their lending band and miss out on properly verified consumers. An additional risk lies with fraudsters who may leverage account takeover to gain access to a legitimate user's account and payment information to make unauthorized purchases. READ: Payment Fraud Detection and Prevention: What You Need to Know Mitigating BNPL risks Luckily, there are predictive credit, identity verification, and fraud prevention tools available to help businesses minimize the risks associated with BNPL. Paired with the right data, these tools can give businesses a comprehensive view of consumer payments, including the number of outstanding BNPL loans, total BNPL loan amounts, and BNPL payment status, as well as helping to detect and apply the relevant treatment to different types of fraud. By accurately identifying customers and assessing risk in real-time, businesses can make confident lending and fraud prevention decisions. To learn more about how Experian is enabling the protection of consumer credit scores, better risk assessments, and more inclusive lending, visit us or request a call. And keep an eye out for additional in-depth explorations of our Future of Fraud Forecast. Learn more Future of Fraud Forecast
It is a New Year and a new start. How about a new job? That is what thousands of employees will consider over the next month. It is also a time for employers to attract new talents, but they must be aware of different types of employment fraud. The rise of remote work has significantly increased the prevalence of remote hiring practices, from the initial job application to the onboarding process and beyond. Unfortunately, this shift has also opened the door to a surge in imposter employees, also known as ‘candidate fraud,’ posing a significant concern for organizations. How does employment identity theft happen? Instances of potential job candidates utilizing real-time deepfake video and deepfake audio, along with personally identifiable information (PII), during remote interviews to secure positions within American companies have been on the rise. The Federal Bureau of Investigation (FBI) reports that fraudulent individuals often acquire PII through fake job opening posts, which enable them to gather candidate information and resumes. Surprisingly, the tools necessary for impersonation on live video calls do not require sophisticated or expensive hardware or software. Employment identity theft can occur in several ways. Here are a few examples: Inaccurate credentials: Employers may inadvertently hire someone with false or stolen credentials if they fail to conduct comprehensive background checks. When the employer discovers the deception, it can be challenging to trace the true identity of the person they unknowingly hired. Limited-term job offers: Some industries offer temporary job opportunities in distant locations. Individuals with criminal backgrounds may steal victims' identities to apply for these jobs, hoping that their crimes will go unnoticed until after the job is complete. Perpetrated by colleagues: In rare instances, jealous colleagues or coworkers can commit employment identity theft. They may steal a coworker's information during a data breach and sell it on the dark web or use the victim's credentials to frame them for fraudulent workplace actions. Preventing employment identity theft In addition to the reported cases of imposter employee fraud, it is crucial to acknowledge the potential for other scams that exploit new technologies and the prevalence of remote work. Malicious cyber attackers could secure employment using stolen credentials, enabling them to gain unauthorized access to sensitive data or company systems. A proficient hacker possessing the necessary IT skills may find it relatively easy to leverage social engineering techniques during the hiring process. Consequently, the reliability of traditional methods for employee verification, such as face-to-face interactions and personal recognition, is diminishing in the face of remote work and the technological advancements that enable individuals to manipulate their appearance, voice, and identity. To mitigate risks associated with hiring imposters, it is imperative to incorporate robust measures into the recruitment process. Here are some key considerations: Establish clear policies and employment contracts: Clearly communicate your organization's policies regarding moonlighting in employment contracts, employee handbooks, or other official documents. Confidentiality and non-compete agreements: Implement confidentiality and non-compete agreements to protect your company's sensitive information and intellectual property. Monitoring: Automate employment and income verification of your employees. Provide training on cybersecurity best practices: Educate employees about cyber-attacks and identity scams, such as phishing scams, through seminars and workplace training sessions. Implement robust security measures: Use firewalls, encrypt sensitive employee information, and limit access to personal data. Minimize the number of employees who have access to this information. Thoroughly screen new employees: Verify the accuracy of Social Security numbers and other information during the hiring process. Conduct comprehensive background checks, including checking bank account information and credit reports and fight against synthetic identities. Offer identity theft protection as a benefit: Consider providing identity theft protection services to your employees as part of their benefits package. These services can detect and alert victims of potential identity theft, facilitating a fast response. The new era of remote work necessitates a fresh perspective on the hiring process. It is crucial to reevaluate HR practices and leverage AI fraud detection technologies to ensure that the individuals you hire, and employ are who they claim to be, guarding against the infiltration of imposters. Navigating employment fraud with effective solutions Employment fraud presents significant risks and challenges for employers, including conflicts of interest, reputation damage, and breaches of confidentiality. By taking the right preventative measures, you can safeguard your organization and employees. Streamlining the hiring process is essential to remain competitive. But how do you balance the need for speed and ease of use with essential ID checks? By combining the best data with our automated ID verification processes, Experian helps you protect your business and onboard new talents efficiently. Our best-in-class solutions employ device recognition, behavioral biometrics, machine learning and global fraud databases to spot and block suspicious activity before it becomes a problem. Learn more about preventing employement fraud *This article includes content created by an AI language model and is intended to provide general information.
Meeting Know Your Customer (KYC) regulations and staying compliant is paramount to running your business with ensured confidence in who your customers are, the level of risk they pose, and maintained customer trust. What is KYC?KYC is the mandatory process to identify and verify the identity of clients of financial institutions, as required by the Financial Conduct Authority (FCA). KYC services go beyond simply standing up a customer identification program (CIP), though that is a key component. It involves fraud risk assessments in new and existing customer accounts. Financial institutions are required to incorporate risk-based procedures to monitor customer transactions and detect potential financial crimes or fraud risk. KYC policies help determine when suspicious activity reports (SAR) must be filed with the Department of Treasury’s FinCEN organization. According to the Federal Financial Institutions Examinations Council (FFIEC), a comprehensive KYC program should include:• Customer Identification Program (CIP): Identifies processes for verifying identities and establishing a reasonable belief that the identity is valid.• Customer due diligence: Verifying customer identities and assessing the associated risk of doing business.• Enhanced customer due diligence: Significant and comprehensive review of high-risk or high transactions and implementation of a suspicious activity-monitoring system to reduce risk to the institution. The following organizations have KYC oversight: Federal Financial Institutions Examinations Council (FFIEC), Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), national Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB). How to get started on building your Know Your Customer checklist 1. Define your Customer Identification Program (CIP) The CIP outlines the process for gathering necessary information about your customers. To start building your KYC checklist, you need to define your CIP procedure. This may include the documentation you require from customers, the sources of information you may use for verification and the procedures for customer due diligence. Your CIP procedure should align with your organization’s risk appetite and be comply with regulations such as the Patriot Act or Anti-money laundering laws. 2. Identify the customer's information Identifying the information you need to gather on your customer is key in building an effective KYC checklist. Typically, this can include their first and last name, date of birth, address, phone number, email address, Social Security Number or any government-issued identification number. When gathering sensitive information, ensure that you have privacy and security controls such as encryption, and that customer data is not shared with unauthorized personnel. 3. Determine the verification method There are various methods to verify a customer's identity. Some common identity verification methods include document verification, facial recognition, voice recognition, knowledge-based authentication, biometrics or database checks. When selecting an identity verification method, consider the accuracy, speed, cost and reliability. Choose a provider that is highly secure and offers compliance with current regulations. 4. Review your checklist regularly Your KYC checklist is not a one and done process. Instead, it’s an ongoing process that requires periodic review, updates and testing. You need to periodically review your checklist to ensure your processes are up to date with the latest regulations and your business needs. Reviewing your checklist will help your business to identify gaps or outdated practices in your KYC process. Make changes as needed and keep management informed of any changes. 5. Final stage: quality control As a final step, you should perform a quality control assessment of the processes you’ve incorporated to ensure they’ve been carried out effectively. This includes checking if all necessary customer information has been collected, whether the right identity verification method was implemented, if your checklist matches your CIP and whether the results were recorded correctly. KYC is a vital process for your organization in today's digital age. Building an effective KYC checklist is essential to ensure compliance with regulations and mitigate risk factors associated with fraudulent activities. Building a solid checklist requires a clear understanding of your business needs, a comprehensive definition of your CIP, selection of the right verification method, and periodic reviews to ensure that the process is up to date. Remember, your customers' trust and privacy are at stake, so iensuring that your security processes and your KYC checklist are in place is essential. By following these guidelines, you can create a well-designed KYC checklist that reduces risk and satisfies your regulatory needs. Taking the next step Experian offers identity verification solutions as well as fully integrated, digital identity and fraud platforms. Experian’s CrossCore & Precise ID offering enables financial institutions to connect, access and orchestrate decisions that leverage multiple data sources and services. By combining risk-based authentication, identity proofing and fraud detection into a single, cloud-based platform with flexible orchestration and advanced analytics, Precise ID provides flexibility and solves for some of financial institutions’ biggest business challenges, including identity and fraud as it relates to digital onboarding and account take over; transaction monitoring and KYC/AML compliance and more, without adding undue friction. Learn more *This article includes content created by an AI language model and is intended to provide general information.
Financial institutions are under increasing pressure to grow deposits and onboard more demand deposit accounts (DDA). But as demand increases, so do fraud attempts from scammers. While a robust mitigation effort is needed to stop fraud, this same effort can also drive away potential clients. In fact, 37 percent of U.S. adults said that they abandoned opening an account online due to experiencing friction. This leaves institutions in a unique quandary: how do they stop DDA fraud without scaring away potential clients? The answer lies in utilizing robust, machine learning tools that can help you navigate fraud attempts without increasing onboarding friction. Chris Ryan, Go to Market Lead for Experian Identity and Fraud, shares his thoughts on demand deposit account fraud and which decisioning tools can best combat it. Q: What is a demand deposit account and how is it used? "Demand deposit is just your basic checking account," Ryan explains." The funds are deposited and held by an institution, which enables you to spend those assets or resources, whether it be through checks, debit cards, person-to-person, Automated Clearing House (ACH) — all the things we do every day as consumers to manage our operating budget." Q: What is demand deposit account fraud? "There are two different ways that demand deposit account fraud works," Ryan says. "One is with existing account holders, and the other is with the account opening process.” When fraud affects existing account holders, it typically involves tricking an account holder into sending money to a scammer or using fraudulent actions, like phishing emails or credit card skimmers, to gain access to their accounts. There is also a resurgence in fraud involving duplication, theft and forgery of paper checks, Ryan explains. Fraud impacting the account opening process occurs when scammers originate new DDAs. This can work in a variety of ways, such as these three examples: A scammer steals your identity and opens an account at the same bank where you have a home equity loan. They link their DDA to your line of credit, transferring your money into their new account and withdrawing the funds. A scammer uses a synthetic identity (SID) to open a fraudulent DDA. They will then use this new DDA to open more lucrative accounts that the institution cross-sells to them. A scammer uses a stolen or SID to open “mule” accounts to receive funds they dupe consumers into sending through fake relationship schemes, bogus merchandise sales and dozens of similar scams. While both types of fraud need to be dealt with, account opening fraud can have especially large repercussions for lenders or financial institutions. Q: What are the consequences of DDA fraud for organizations? "Fraud hurts in a number of ways," Ryan explains. "There are direct losses, which is the money that criminals take from our financial system. Under most circumstances, the financial institution replaces the money, so the consumer doesn’t absorb the loss, but the money is still gone. That takes money away from lending, community engagement and other investments we want banks to make. The direct losses are what most people focus on." But there are even more repercussions for institutions beyond losing money, and this can include the attempts that institutions put into place to stop the fraud. "Preventing fraud requires some friction for the end consumer," Ryan says. "The volume of fraudulent attempts is overwhelmingly large in the DDA space. This forces institutions to apply more friction. The friction is costly, and it often drives would-be-customers away. The results include high costs for the institutions and low booking rates. At the same time, institutions are hungry for deposit money right now. So, it's kind of a perfect storm." Q: What is the impact of DDA fraud on customer experience? Experian’s 2023 Identity and Fraud Report revealed that up to 37 percent of U.S. adults in the survey had abandoned a new account entirely in the previous six months because of the friction they encountered during onboarding. And 51 percent reported considering abandoning the process because of problems they encountered. Unfortunately, fraud mitigation and deposit fraud detection efforts can end up driving customers away. "People can be impatient," Ryan says, "and in the online world, a competing product is a mouse-click away. So, while it is tempting to ask new applicants for more information, or further proof of identity, that conflicts with their need for convenience and can impact their experience.” Companies looking for cheap and fast mitigation can end up impeding customers trying to onboard to sweep out the bad actors, Ryan explains. "How do you get the bad people without interrupting the good people?" Ryan asks. "That's the million-dollar question." Q: What are some other problems with how organizations traditionally combat DDA fraud? Unfortunately, traditional attempts to combat DDA fraud are inefficient due to the fragmentation of technology. Ryan says this was revealed by Liminal, an industry analyst think tank. "Nearly half of institutions use four-or-more-point solutions to manage identity and fraud-related risk," Ryan explains. "But all of those point solutions were meant to work on their own. They weren't developed to work together. So, there's a lot of overlap. And in the case of fraud, there's a high likelihood that the multiple solutions are going to find the same fraud. So, you create a huge inefficiency." To solve this challenge, institutions need to shift to integrated identity platforms, such as Experian CrossCore®. Q: How is Experian trying to change the way organizations approach DDA fraud? Experian is pushing a paradigm shift for institutions that will increase fraud detection efficiency and accuracy, without sacrificing customer experience. "Organizations need to start thinking of identity through a different lens," Ryan says. Experian has developed an identity graph that aggregates consumer information in a manner that reaches far beyond what an institution can create on its own. "Experian is able to bring the entire breadth of every identity presentation we see into an identity graph," Ryan says. "It's a cross-industry view of identity behavior." This is important because people who commit fraud manipulate data, and those manipulations can get lost in a busy marketplace. For example, Ryan explains, if you're newly married, you may have recently presented your identity using two different surnames: one under your maiden name and one under your married name. Traditional data sources may show that your identity was presented twice, but they won’t accurately reflect the underlying details; like the fact that different surnames were used. The same holds true for thousands of other details seen at each presentation but not captured in a way that enables changes over time to be visible, such as information related to IP addresses, email accounts, online devices, or phone numbers. "Our identity graph is unlocking the details behind those identity presentations," Ryan says. "This way, when a customer comes to us with a DDA application, we can say, 'That's Chris's identity, and he's consistently presenting the same information, and all that underlying data remains very stable.'" This identity graph, part of Experian's suite of fraud management solutions — also connects unique identity details to known instances of fraud, helping catch fraudulent attempts much faster than traditional methods. "Let's say you and your spouse share an address, phone numbers, all the identity details that married couples typically share," Ryan explains. "If an identity thief steals your identity and uses it along with a brand-new email and IP address not associated with your spouse, that might be concerning. However, perhaps you started a new job, and the email/IP data is legitimate. Or maybe it’s a personal email using a risky internet service provider that shares a format commonly used by a known ring of identity thieves. Traditional data might flag the email and IP information as new, but our identity graph would go several layers deeper to confirm the possible risks that the new information brings. Q: Why is this approach superior to traditional methods of fraud detection? "Historically, organizations were interested in whether an identity was real,” Ryan says. "The next question was if the provided data (I.e., addresses, date of birth, Social Security numbers, etc.) have been historically associated with the identity. Last, the question would be whether there’s known risk associated with any of the identity components.” The identity graph turns that approach upside down. "The identity graph allows us to pull in insights from past identity presentations, " Ryan says. "Maybe the current presentation doesn’t include a phone number. Our identity graph should still recognize previously provided phone numbers and the risks associated with them. Instead of looking at identity as a small handful of pieces of data that were given at the time of the presentation, we use the data given to us to get to the identity graph and see the whole picture." Q: How are businesses applying this new paradigm? The identity graph is part of Experian's Ascend Fraud Platform™ and a full suite of fraud management solutions. Experian's approach allows companies to clean out fraud that already occurred and stop new fraudulent actors before they're onboarded. "Ideally, you want to start with cleaning up the house, and then figure out how to protect the front door," Ryan says. In other words, institutions can start by applying this view to recently opened accounts to identify problematic identities that they missed. The next step would be to bring these insights into the new account onboarding process. Q: Is this new fraud platform accessible to both small and large businesses? The Ascend Fraud Platform will support several use cases that will bring value to a broad range of businesses, Ryan explains. It can not only enable Experian experts to build and deliver better tools but can enable self-serve analytical development too. "Larger organizations that have robust, internal data science capabilities will find that it’s an ideal environment for them to work in," Ryan says. "They can add their own internal data assets to ours, and then have a better place to develop analytics. Today, organizations spend months assembling data to develop analytics internally. Our Ascend Fraud Platform will reduce the timeline of the data assembly and analytical development process to weeks, and speed to market is critical when confronting continually changing fraud threats. "But for customers who have less robust analytical teams, we're able to do that on their behalf and bring solutions out to the marketplace for them," Ryan explains. Q: What type of return on investment (ROI) are businesses experiencing? "Some customers recover their investment in days," Ryan says. "Part of this is from mitigating fraud risks among recently opened accounts that slipped through existing defenses.” "In addition to reducing losses, institutions we're working with are also seeing potentially millions of dollars a month in additional bookings, as well as significant cost savings in their account opening processes," Ryan says. "We're able to help clients go back and audit the people who had fallen out of their process, to figure out how to fine-tune their tools to keep those people in," Ryan says. “By reducing risks among existing accounts, better protecting the front door against future fraud, and growing more efficiently, we’re helping clients Q: What are Experian's plans for this service? "We're working with top-tier financial institutions on the do-it-yourself techniques," Ryan says. "In parallel, we're launching our first offerings that are created for the broader marketplace. That will start with the portfolio review capability, along with making the most predictive attributes available through our integrated identity resolution platform. And while the Ascend Fraud Platform has a strong use case for DDA fraud, its uses extend beyond that to small business lending and other products. In fact, Experian offers an entire suite of fraud management solutions to help keep your DDA accounts secure and your customers happy. Experian can help optimize your DDA fraud detection Experian is revolutionizing the approach to combating DDA fraud, helping institutions create a faster onboarding process that retains more customers, while also stopping more bad actors from gaining access. It's a win-win for everyone. Experian's full suite of fraud management solutions can optimize your business's DDA fraud detection, from scrubbing your current portfolio to gatekeeping bad actors before they're onboarded. Learn more Speak with a specialist About our expert: Chris Ryan has over 20 years of experience in fraud prevention and uses this knowledge to identify the most critical fraud issues facing individuals and businesses in North America, and he guides Experian’s application of technology to mitigate fraud risk.
In today's fast-paced digital world, the risk of fraud across all industries is a constant threat. The traditional methods of fraud detection are no longer sufficient, as fraudsters become increasingly sophisticated in their attacks. However, with artificial intelligence (AI) and machine learning (ML) solutions, financial institutions can stay one step ahead of fraudsters. AI and machine learning-equipped fraud detection tools have the ability to identify suspicious activity and patterns of fraud that are imperceptible to the human brain. In this blog post, we’ll dive into the significance of AI and machine learning in fraud detection and how these solutions are uniquely equipped to handle the demands of modern-day risk management. Understanding artificial intelligence and machine learning AI and machine learning solutions are transformative technologies that are reshaping the landscape of many industries. AI, at its core, is a field of computer science that simulates human intelligence in machines, enabling them to learn from experience and perform tasks that normally require human intellect. Machine learning, a subset of AI, is the science of getting computers to learn and act like humans do, but with minimal human intervention. They can analyze vast amounts of data within seconds, identifying patterns and trends that would be impossible for a human to recognize. When it comes to fraud detection, this ability is invaluable. Advantages of fraud detection using machine learning AI and machine learning have several benefits that make them valuable in fraud detection. One significant advantage is that these technologies can recognize patterns that are too complex for humans to identify. By running through a vast set of data points, these solutions can pinpoint anomalous behavior, and thereby prevent financial losses. AI analytics tools are adept at monitoring complex networks, detecting the dispersion of attacks that may involve multiple individuals and entities, and correlating activity patterns that would otherwise be hidden. Machine learning algorithms can take these patterns and turn them into mathematical models that help identify instances of fraud before the damage takes place. Secondly, they continuously learn from new data, which allows them to become more efficient in identifying fraud as they process more data. Thirdly, they automate fraud mitigation processes, which significantly reduces the need for manual interventions that may consume valuable time and resources. Another significant benefit of machine learning is its analytics capabilities, which allow organizations to gain valuable insights into customer behavior and fraud patterns. With AI analytics, they can detect and investigate fraudulent activities in real-time, and combine it with other tools to help detect and mitigate fraud risk. For example, in financial services, AI fraud detection can help banks and financial service providers detect and prevent fraud in their systems, add value to their services and improve customer satisfaction. The future of fraud detection and machine learning The rate at which technology is evolving means that machine learning and AI fraud detection will become increasingly important in the future. In the next few years, we can expect a more sophisticated level of fraud detection using unmanned machine systems, robotics process automation, and more. Ultimately, this will improve the efficiency and effectiveness of fraud detection. AI-based fraud management solutions are taking center stage. Organizations must leverage advanced machine learning and AI analytics solutions to prevent and mitigate cyber risks and comply with regulatory mandates. The benefits extend far beyond the financial bottom line to improving the safety and security of customers. AI and machine learning solutions offer accurate, efficient and proactive routes to managing the risk of fraud in an ever-changing environment. How can Experian® help Integrating machine learning for fraud detection represents a significant advancement in cybersecurity. Fraud management solutions detect, prevent and manage fraud across all industries, including financial services, healthcare and telecommunications. With the advancement of technology, fraud management solutions now integrate machine learning to improve their processes. Experian® provides fraud prevention solutions, including machine learning models and AI analytics, which can help more effectively mitigate fraud risk, streamline fraud investigations and create a more secure digital environment for all. With Experian’s AI analytics, risk mitigation tools and fraud management solutions, organizations can stay one step ahead of fraudsters and protect their brand reputation, customer trustworthiness and corporate data. Embracing these solutions can save organizations from significant losses, reputational damage and regulatory scrutiny. To learn more about how to future-proof your business and safeguard your customers from fraud, check out Experian’s robust suite of fraud prevention solutions. Want to hear what our industry experts think? Check out this on-demand webinar on artificial intelligence and machine learning strategies. Learn more Watch webinar *This article includes content created by an AI language model and is intended to provide general information.
Sometimes logging into an account feels a bit like playing 20 questions. Security is vital for a positive customer experience, and engaging the right identity verification strategies is essential to proactive fraud prevention. For financial institutions and businesses, secure authentication is more important than ever. It is imperative for customer safety – which drives retention and loyalty – and your bottom line – as fraud has determinantal effects on and off the balance sheet. Information sharing has proliferated, as has the number of times consumers are prompted to provide access to sensitive information. While today’s consumer has grown accustomed to providing such information, there’s also a heightened demand for security. According to Experian’s 2023 U.S. Identity and Fraud Report, nearly two-thirds (64%) of consumers say they’re very or somewhat concerned with online safety, listing identity theft, stolen card information and online privacy as top concerns. Customers want to know who they are providing access to and whether that entity will have their safety in mind. From a business perspective, one way to ensure that only the right people can get in is by using (KBA). KBA takes traditional authentication methods, like passwords and Personal Identification Numbers (PINs), one step further by creating an additional layer of security through collecting private facts from each user. In this post, we'll look at how KBA works, what its benefits are as a form of identity verification, and how it can improve customer trust. Introducing Knowledge Based Authentication (KBA): What it is and how it works Knowledge Based Authentication can be part of a multifactor authentication solution and is one way to stay on top of privacy and security for your customers – existing and new. KBA is a feature designed to protect online accounts by verifying the account holder’s identity. It involves answering a series of personal questions, such as mother's maiden name or first pet's name, that only the account holder should know. This system has become increasingly popular due to its effectiveness in preventing fraud and identity theft. With KBA, businesses and individuals can have peace of mind that their information is protected by a reliable authentication system that is difficult for unauthorized users to breach. Benefits of implementing KBA and a multifactor authentication strategy By implementing KBA into your business, customers experience an additional layer of security by verifying the identity of users through personalized questions. This reduces the risk of fraud and enhances customer trust and confidence. Secondly, it improves the customer experience by making the authentication process faster and user-friendly. Lastly, KBA reduces costs by automating the authentication process and reducing the need for manual intervention. However, KBA is just one facet of an ideal strategy. Multifactor authentication provides confidence while reducing friction. Risk-based authentication tools allow organizations to assess risk to apply the appropriate level of security. Factors to consider adding to your authentication processes include: Generating unique one-time passwords (OTPs): By creating a new OTP for each transaction, you can increase the level of security. Confirm device ownership: A multifactored approach applies device intelligence checks to increase confidence that the message is reaching the correct user. Maintain low friction with secondary options: If the OTP fails or can’t be attempted by the user, working with a provider who allows an automatic default to another authentication service, such as a knowledge-based authentication solution, decreases end-user friction. Identifying potential security risks associated with KBA KBA relies on personal information that may easily be discovered via social media and other public records, which makes it vulnerable to fraud and identity theft. This highlights the need for a multilayered fraud and identity solution. The landscape of digital security is constantly changing, leveraging an arsenal of fraud and identity prevention strategies, like document verification, one-time passcode, and various identity authentication and verification measures, is critical for keeping your customers and business safe. Commonly used technologies for enhancing KBA security With the rising need for secure authentication, KBA systems have become increasingly popular. However, cyberthreats evolve at an alarming rate, making it imperative to stay current with the latest fraud schemes and how to enhance and supplement your security. Biometrics, like facial recognition and fingerprint scans, as a tactic is gaining traction, as evidenced by “85% of consumers report physical biometrics as the most trusted and secure authentication method they have recently encountered,” according to Experian’s 2023 U.S. Identity and Fraud Report. Additionally, machine learning algorithms detect patterns and anomalies in user behavior and flag any potential security breaches. Multi-factor authentication is another tool that adds an extra layer of security by requiring users to provide multiple forms of identification before logging in. Keeping up with these and other technological advancements can help ensure your KBA system stays one step ahead of potential cyberattacks. Interestingly, there’s a disconnect between the technologies consumers feel safe with and/or are prepared to use versus the technologies and strategies that organizations implement. According to the U.S. Identity and Fraud Report, biometrics are only currently used by 33% of businesses to detect and protect against fraud. An opportunity for business differentiation and driving customer loyalty through a better customer experience may be tapping into some of these lesser used – but sought after – technologies. Compliance with industry standards regarding KBA Ensuring that your system complies with industry standards regarding KBA is crucial for protecting sensitive information from unauthorized access. By implementing the following tips, you can stay ahead of the game and safeguard your organization's data. Analyze your system's current authentication methods and evaluate if they meet industry standards. Additionally, follow standard guidelines for data storage and encryption, limit access to only authorized personnel, and y current with regulations. Lastly, conduct frequent security audits and perform vulnerability tests to identify and address any potential threats. Knowledge-based authentication offers a robust security solution for businesses of all sizes, and incorporating KBA as part of a multifactor authentication strategy is a winning course of action. It provides an added layer of protection for personal data, encourages user accountability, and safeguards against unauthorized access. By leveraging appropriate KBA technologies and maintaining compliance with industry standards, it is possible to create a secure system for customers that gives you peace of mind for your business and bottom line. Experian can help you with knowledge-based authentication offerings, a multifactor authentication strategy and everything in between to enhance your existing authentication process without causing user fatigue. Increase your pass rates, confirm device ownership and add security to risky or high-value transactions, all while executing identity verification and fraud detection to protect your business from risk. The most important step is getting started. Learn more
It's that magical time of the year! The holiday season is fast approaching, and folks everywhere are gearing up for festive travels and family reunions. Unfortunately, holiday travel can sometimes lead to unforeseen circumstances, such as fraudulent activities orchestrated by scammers who impersonate property owners on well-known vacation rental platforms. These fraudsters employ schemes designed to deceive unsuspecting travelers into making payments through unsecured channels, resulting in significant financial losses for the gullible victims. Digital identity and hotel fraud Airline and hotel fraud encompasses illicit activities aimed at airlines, hotels, booking platforms, and other travel accommodation services, including car rentals and excursions. These services often utilize loyalty programs to incentivize repeat patronage through point-based rewards. The widespread adoption of such loyalty programs has extended their appeal beyond the travel and hospitality sectors, consequently attracting fraudulent activities. Perpetrators of airline and hospitality fraud employ a range of tactics and different techniques to execute their schemes, leveraging various online forums, marketplaces, shops, and public messaging platforms. Hotels are custodians of valuable guest data, encompassing contact information and payment details. Their operational model involves serving a large pool of potential customers who are making limited visits. Consequently, compromising a hospitality employee's account could grant an identity thief access to millions of consumer records. Moreover, hotel employees are frequent targets of foreign governments aiming to procure confidential travel records to facilitate the tracking of specific individuals and groups. In contrast, restaurants primarily store transaction records with fewer customer details. However, the landscape is evolving as more establishments adopt online ordering capabilities and loyalty programs. At present, cybercriminals typically focus on the high volume of point-of-sale transactions. As travel booms, fraudsters find new paths According to a recent Deloitte survey, Intent to travel between Thanksgiving and mid-January is up across all age and income groups. While reconnecting with friends and family remains paramount to travel during the holidays, fewer Americans are restricting their travel to visiting loved ones. The share of travelers planning to stay in hotels surged to 56%. Fraudsters will always take advantage of current circumstances, and with more people traveling again, they have taken notice — and action. The following techniques have been identified as the most employed by cybercriminals to target customers of airlines, hotels, and hospitality-related organizations: Travel-themed phishing and fraudulent travel agency operations, sales, and advertisements of travel fraud-related tutorials. Sales of compromised networks, user accounts, and databases containing reward/loyalty points and personally identifiable information (PII) that could be utilized for social engineering, money laundering, and other attack vectors. Since the emergence of cyber-enabled crime, services and activities facilitating travel fraud have been extensively promoted and sought after by threat actors. Cybercriminals mainly leverage stolen card-not-present (CNP) data and reward/loyalty points obtained from compromised bank accounts to procure flights, accommodations, and other travel-related services. Furthermore, threat actors persistently refine their strategies for harvesting reward/loyalty points through compromised accounts, deceiving victims into disclosing their travel-related documentation and data and circulating updated guidelines for circumventing hotel and airline reservation services, amongst other activities. Protecting travelers and improving the customer experience Combatting hospitality and hotel fraud requires collaboration between industry stakeholders, government entities, and financial institutions. Travel professionals should focus on: Enhancing data security: Invest in robust cybersecurity measures to protect guest information, payment systems for CNP, and loyalty programs. Implementing identity verification: Utilize advanced technologies, such as biometric authentication and behavioral analytics, to verify guests' identities and prevent account fraud. Educating staff and guests: Provide comprehensive training to employees on recognizing and reporting suspicious activities. Educate guests about potential scams and advise them to book directly through official channels. Sharing information: Establish platforms to share intelligence and best practices to stay ahead of evolving fraud techniques. Acting with the right solution As the travel and hospitality industry continues to thrive, so does the risk of hospitality fraud. Travelers and hoteliers alike must remain vigilant to protect their finances from various fraud schemes prevalent today. By staying informed, taking proactive measures, and fostering collaborative efforts, we can create a safer and more secure environment within the travel industry. Experian’s identity verification solutions power advanced capabilities across the travel lifecycle. With trusted data and advanced analytics, you can gain a complete view of your future guest to improve risk management and offer an enhanced, frictionless customer experience. Learn more *This article leverages/includes content created by an AI language model and is intended to provide general information.
This article was updated on November 9, 2023. Fraud – it’s a word that comes up in conversations across every industry. While there’s a general awareness that fraud is on the rise and is constantly evolving, for many the full impact of fraud is misunderstood and underestimated. At the heart of this challenge is the tendency to lump different types of fraud together into one big problem, and then look for a single solution that addresses it. It’s as if we’re trying to figure out how to un-bake a terrible cake instead of thinking about the ingredients and the process needed to put them together in the first place. This is the first of a series of articles in which we’ll look at some of the key ingredients that create different types of fraud, including first party, third party, synthetic identity, and account takeover. We’ll talk about why they’re unique and why we need to approach each one differently. At the end of the series, we’ll get a result that’s easier to digest. I had second thoughts about the cake metaphor, but in truth it really works. Creating a good fraud risk management process is a lot like baking. We need to know the ingredients and some tried-and-true methods to get the best result. With that foundation in place, we can look for ways to improve the outcome every time. Let’s start with a look at the best known type of fraud, third party. What is third-party fraud? Third-party fraud – generally known as identity theft – occurs when a malicious actor uses another person’s identifying information to open new accounts without the knowledge of the individual whose information is being used. When you consider first-party vs third-party fraud, or synthetic identity fraud, third-party stands out because it involves an identifiable victim that’s willing to collaborate in the investigation and resolution, for the simple reason that they don’t want to be responsible for the obligation made under their name. Third-party fraud is often the only type of activity that’s classified as fraud by financial institutions. The presence of an identifiable victim creates a high level of certainty that fraud has indeed occurred. That certainty enables financial institutions to properly categorize the losses. Since there is a victim associated with it, third party fraud tends to have a shorter lifespan than other types. When victims become aware of what’s happening, they generally take steps to protect themselves and intervene where they know their identity has been potentially misused. As a result, the timeline for third-party fraud is shorter, with fraudsters acting quickly to maximize the funds they’re able to amass before busting out. How does third-party fraud impact me? As the digital transformation continues, more and more personally identifiable information (PII) is available on the dark web due to data breaches and phishing scams. Given that consumer spending is expected to increase1, we anticipate that the amount of PII readily available to criminals will only continue to grow. All of this will lead to identity theft and increase the risk of third-party fraud. More than $43 billion in total losses was reported due to identity theft and fraud in the U.S. in 2022.2 Solving the third-party fraud problem We’ve examined one part of the fraud problem, and it is a complex one. With Experian as your partner, solving for it isn’t. Continuing my cake metaphor, by following the right steps and including the right ingredients, businesses can detect and prevent fraud. Third-party fraud detection and prevention involves two distinct steps. Analytics: Driven by extensive data that captures the ways in which people present their identity—plus artificial intelligence and machine learning—good analytics can detect inconsistencies, and patterns of usage that are out of character for the person, or similar to past instances of known fraud. Verification: The advantage of dealing with third-party fraud is the availability of a victim that will confirm when fraud is happening. The verification step refers to the process of making contact with the identity owner to obtain that confirmation and may involve identity resolution. It does require some thought and discipline to make sure that the contact information used leads to the identity owner—and not to the fraudster. In a series of articles, we’ll be exploring first-party fraud, synthetic identity fraud, and account takeover fraud and how a layered fraud management solution can help keep your business and customers safe and manage third-party fraud detection, first-party fraud, synthetic identity fraud, and account takeover fraud prevention. Let us know if you’d like to learn more about how Experian is using our identity expertise, data, and analytics to create robust fraud prevention solutions. Contact us 1 Experian Ascend Sandbox 2 2023 U.S. Identity and Fraud Report, Experian.
For companies that regularly engage in financial transactions, having a customer identification program (CIP) is mandatory to comply with the regulations around identity verification requirements across the customer lifecycle. In this blog post, we will delve into the essentials of a customer identification program, what it entails, and why it is important for businesses to implement one. What is a customer identification program? A CIP is a set of procedures implemented by financial institutions to verify the identity of their customers. The purpose of a CIP is to be a part of a financial institution’s fraud management solutions, with similar goals as to detect and prevent fraud like money laundering, identity theft, and other fraudulent activities. The program enables financial institutions to assess the risk level associated with a particular customer and determine whether their business dealings are legitimate. An effective CIP program should check the following boxes: Confidently verify customer identities Seamless authentication Understand and anticipate customer activities Where does Know Your Customer (KYC) fit in? KYC policies must include a robust CIP across the customer lifecycle from initial onboarding through portfolio management. KYC solutions encompass the financial institution’s customer identification program, customer due diligence and ongoing monitoring. What are the requirements for a CIP? Customer identification program requirements vary depending on the type of financial institution, the type of account opened, and other factors. However, the essential components of a CIP include verifying the customer's identity using government-issued identification, obtaining and verifying the customer's address, and checking the customer against a list of known criminals, terrorists, or suspicious individuals. These measures help detect and prevent financial crimes. Why is a CIP important for businesses? CIP helps businesses mitigate risk by ensuring they have accurate and up-to-date information about their customers. This also helps financial institutions comply with laws and regulations that require them to monitor financial transactions for any suspicious activities. By having a robust CIP in place, businesses can establish trust and rapport with their customers. According to Experian’s 2024 U.S. Identity and Fraud Report, 63% of consumers say it's extremely or very important for businesses to recognize them online. Having an effective CIP in place is part of financial institutions showing their consumers that they have their best interests top of mind. Finding the right partner It’s important to find a partner you trust when working to establish processes and procedures for verifying customer identity, address, and other relevant information. Companies can also utilize specialized software that can help streamline the CIP process and ensure that it is being carried out accurately and consistently. Experian’s proprietary and partner data sources and flexible monitoring and segmentation tools allow you to resolve CIP discrepancies and fraud risk in a single step, all while keeping pace with emerging fraud threats with effective customer identification software. Putting consumers first is paramount. The security of their identity is priority one, but financial institutions must pay equal attention to their consumers’ preferences and experiences. It is not just enough to verify customer identities. Leading financial institutions will automate customer identification to reduce manual intervention and verify with a reasonable belief that the identity is valid and eligible to use the services you provide. Seamless experiences with the right amount of friction (I.e., multi-factor authentication) should also be pursued to preserve the quality of the customer experience. Putting it all together As cybersecurity threats are becoming more sophisticated, it is essential for financial institutions to protect their customerinformation and level up their fraud prevention solutions. Implementing a customer identification program is an essential component in achieving that objective. A robust CIP helps organizations detect, prevent, and deter fraudulent activities while ensuring compliance with regulatory requirements. While implementing a CIP can be complex, having a solid plan and establishing clear guidelines is the best way for companies to safeguard customer information and maintain their reputation. CIPs are an integral part of financial institutions security infrastructures and must be a business priority. By ensuring that they have accurate and up-to-date data on their customers, they can mitigate risk, establish trust, and comply with regulatory requirements. A sound CIP program can help financial institutions detect and prevent financial crimes and cyber threats while ensuring that legitimate business transactions are not disrupted, therefore safeguarding their customers' information and protecting their own reputation. Learn more
In today’s fast-paced world, the telecommunications industry is not just about connecting calls or sending messages. It’s about creating seamless digital experiences, especially when onboarding new customers. However, with the rise of digital services, the industry faces an increasing challenge: the need to mitigate fraud while streamlining the onboarding process. The digital onboarding revolution Digital onboarding has transformed the way customers join telecommunications services. No longer are people required to visit a physical store or wait for lengthy paperwork. Instead, they can sign up for mobile, internet or TV services from the comfort of their homes, often within minutes. The convenience, however, has opened new doors for fraudsters. As the onboarding process happens online, the risk of identity theft, synthetic identity fraud and other fraudulent activities has surged. So, how can telecom companies provide fritctionless experiences while keeping fraud at bay? Mitigating fraud in telecommunications onboarding Know your customer (KYC) verification: Implement robust KYC solutions to verify the identity of new customers. This may include identity document checks, facial recognition or biometric authentication. Device and location data; and velocity: Analyze the device and location data of applicants. Does the device match the customer’s claimed location? Unusual patterns could signal potential fraud. Behavioral analysis: Monitor user behavior during the onboarding process. Frequent changes in information or suspicious browsing activity may indicate fraudulent intent. Machine learning (ML) and artificial intelligence (AI): Leverage AI/ML algorithms to detect patterns and anomalies humans might miss. These technologies can adapt and evolve to stay ahead of fraudsters. Document verification: Use document verification services to ensure that documents provided by customers are genuine. This can include checks for altered or forged documents. Industry data sharing–consortia: Collaborate with industry databases and share fraud-related information to help identify applicants with a history of fraudulent activity or reveal patterns. The balancing act While it’s crucial to mitigate fraud, telecommunication companies must strike a balance between security and a seamless onboarding experience. Customers demand a hassle-free process, and overly stringent security measures can deter potential subscribers. By combining advanced technology, behavioral analysis and proactive fraud prevention strategies, telecom companies can create a secure digital onboarding journey that minimizes risk without compromising user experience. In doing so, they empower customers to embrace the convenience of digital services while staying one step ahead of fraudsters in today’s interconnected world. Learn more about Experian and the telecom industry Learn more about our fraud and identity solutions
Authorized Push Payment fraud, also known as APP fraud or APP scams, involves a fraudster persuading a victim to willingly deposit funds to their account or to the account of a complicit third party, also known as a money mule. This type of fraud often includes social engineering of the victim using fake investment schemes, impersonation scams, purchase scams or other schemes. Social engineering clouds victims' judgments and encourages them to make payments willingly to one or more money mules, with funds eventually reaching fraudsters' accounts. This type of fraud has become more attractive to criminals since the advent of real-time payment systems, which are now a reality worldwide. Fraud fueled by real-time payments Authorized push payment fraud is becoming more prevalent, and it is imperative that you know how to detect and prevent it to safeguard your organization. Real-time payment systems, such as Faster Payments in the United Kingdom (UK), PIX in Brazil, the New Payments Platform in Australia, and FedNow in the USA, make real-time payment fraud a reality. APP fraud is notoriously difficult for banks to prevent because the victim is sending the money themselves, and steps that banks take to authenticate customers are ineffective, as the customer will pass identity checks. The victims cannot reverse a payment once they realize they have been conned, as payments made using real-time payment schemes are irrevocable. APP fraud is particularly prevalent in countries where banks have an infrastructure that facilitates fast or immediate transfers, like the UK. Learn more about the new UK legislation around APP fraud Reimbursment is vital to victims Some common types of authorized push payment fraud include attacks on individuals like romance scams, family emergency swindles, targeting property transactions, and intercepting supplier payments. To protect against APP fraud, it is important to employ layered fraud protection across all products and channels used to manage real-time payments. But that alone is not enough. Reimbursement is vital in reversing the financial distress caused by APP scams, but it cannot reverse the emotional distress these scams cause. Prevention, detection, and awareness measures must be moved up on the agenda for banks, non-traditional lenders, PSPs (Payment Service Providers), and customers alike to ensure that the customer is protected at every stage of the payment journey. Effective alerts are a key focus area for preventing customers from falling victim to APP scams. An effective warning is one that is dynamic and tailored to the customer’s payment journey. Recent research indicates that minor changes to notifications across banking apps can have the potential to drastically reduce the number of individuals that fall victim to APP fraud. The biggest effects were achieved when a combination of risk-based and Call to Action (CTA) warnings were implemented over a period of time. A collective effort across the banking industry and beyond is crucial to protect customers and tackle the fight against APP fraud. Banks, non-traditional lenders, and PSPs can raise awareness to educate their customers on the signs and risks of APP scams, and work with industry oversight bodies to commit to voluntary standards and codes to ensure good customer outcomes. Online forums, social media platforms, and influential voices also have a role to play in raising awareness of and preventing scams. Customers can also help by being vigilant and reading and acting upon warnings and information presented to them. Authorized push payment fraud prevention To effectively combat authorized push payment fraud, financial institutions must implement a range of measures, including: Direct communication with consumers. Enhanced transaction monitoring. Effective risk mitigation and management. Improved employee education. Public awareness campaigns. In response to this growing threat, banks have introduced various checks and balances, such as the Confirmation of Payee (CoP) service in the UK, which cross-references bank details with the account holder's name when processing online payments. Banks are also leveraging sophisticated fraud prevention software stacks, incorporating machine learning and contextual data to identify and flag suspicious transactions. By utilizing AI technologies, financial institutions can process data points faster and enhance their fraud detection capabilities, mitigating identity risk and safeguarding customer accounts. Clear communication with customers is essential in the fight against APP fraud. Higher-risk companies now include warnings in their communications, advising customers not to act on messages that request payment into new bank accounts. Financial institutions can also offer cool-off periods before payments are sent, increase due diligence around payment destinations, and monitor accounts that regularly receive high-value payments. Additionally, financial institutions can play a crucial role in educating their customers and promoting awareness around this increasingly common type of fraud. By combining these approaches with robust fraud prevention software, the public can fight against this type of fraudulent attack. Taking the next steps with the right partner At Experian, we offer rich data sources, advanced analytics capabilities, and the consultancy services needed to rapidly adopt data analytics solutions that mitigate fraud risks. Our solutions are used by PSPs of all types and sizes – including some of the largest banks – to identify potentially fraudulent customers and transactions, and to ensure that action is taken in real time to prevent fraudulent payments being made. Learn more about our fraud management solutions *This article leverages/includes content created by an AI language model and is intended to provide general information.
Have you heard about the mischievous ghosts haunting our educational institutions? No, I am not talking about Casper's misfit pals. These are the infamous ghost students! They are not here for a spooky study session, oh no! They are cunning fraudsters lurking in the shadows, pretending to be students who never attend classes. It is taking ghosting to a whole new level. Understanding ghost student fraud Ghost student fraud is a serious and alarming issue in the educational sector. The rise of online classes due to the pandemic has made it easier for fraudsters to exploit application systems and steal government aid meant for genuine students. Community colleges have become primary targets due to slower adoption of cybersecurity defenses. It is concerning to hear that a considerable number of applications, such as in California (where Social Security numbers are not required at enrollment), are fictitious, with potential losses in financial aid meant for students in need. The use of stolen or synthetic identities in creating bot-powered applications further exacerbates the problem. The consequences of enrollment fraud can have a profound impact on institutions and students. The recent indictment of individuals involved in enrollment fraud, where identities were stolen to receive federal student loans, highlights the severity of the issue. Unfortunately, the lack of awareness and inadequate identity document verification processes in many institutions make it difficult to fully grasp the extent of the problem. What is a ghost student? Scammers use different methods to commit ghost student loan fraud, including creating fake schools or enrolling in real colleges. Some fraudsters use deceitful tactics to obtain the real identities of students, and then they use it to fabricate loan applications. Types of ghost loan fraud, include: Fake loan offers: Fraudsters contact students via various channels, claiming to offer exclusive student loan opportunities with attractive terms and low interest rates. They often request personal and financial information including their SSN and bank account information and use it to create ghost loans. Identity theft: Threat actors will steal personal info through data breaches or phishing. They will then forge loan applications using the victim’s identity. Targeting vulnerable individuals: Ghost student loan fraud tends to prey on those already burdened by debt. Scammers may target borrowers with poor credit history, promising loan forgiveness or debt consolidation plans in exchange for a fee. Once the victim pays, the fraudsters disappear. Ultimately, addressing ghost student fraud requires a multi-faceted approach involving collaboration between educational institutions, government agencies, and law enforcement to safeguard the accessibility and integrity of education for all deserving students. Safeguarding the financial integrity of educational institutions One powerful weapon in the battle against ghost student fraudsters is the implementation of robust identity verification solutions. Financial institutions, online marketplaces, and government entities have long employed such tools to verify the authenticity of individuals, and their application in the educational domain can be highly effective. By leveraging these tools, institutions can swiftly and securely carry out synthetic fraud detection and confirm the identity of applicants by cross-referencing multiple credible sources of information. For instance, government-issued IDs can be verified against real-time selfies, email addresses can be screened against reliable databases, and personally identifiable information (PII) can be compared to third-party dark web data to detect compromised identities. Clinching evidence from various sources renders it nearly impossible for fraudsters to slip past the watchful eyes of enrollment officers. Moreover, implementation of identity verification measures can be facilitated through low-code implementation, ensuring seamless integration into existing enrollment workflows without requiring extensive technical expertise or incurring exorbitant development costs. To further fortify security measures, educational institutions may consider incorporating biometric enrollment and authentication solutions. By requiring face or voice biometrics for accessing school resources, institutions can create an additional layer of protection against fraudsters and their ethereal counterparts. The reluctance of fraudsters to enroll their own biometric data serves as a powerful deterrent against their intrusive activities. Taking action By adopting these robust measures, higher educational institutions can fortify their defenses against ghost student fraud and maintain the integrity of their finances. The use of online identity verification methods and biometric authentication systems not only strengthens the enrollment process but serves as a stringent reminder that there is no resting place for fraudsters within the hallowed halls of education. To learn more about how Experian can help you leverage fraud prevention solutions, visit us online or request a call. *The SSN Verification tool, better known as eCBSV is also a tool that can be utilized to verify SSN. *This article leverages/includes content created by an AI language model and is intended to provide general information.
In financial crime, fraudsters are always looking for new avenues to exploit. The mortgage industry has traditionally been a primary target for fraudsters. But with the 30-year fixed-mortgage rate average above 7.19% for the month of September, it has caused an inherent slowdown in the volume of home purchases. As a result, criminals are turning to other lucrative opportunities in mortgage transactions. They have evolved their techniques to capitalize on unsuspecting homeowners and lenders by shifting their focus from home purchases to Home Equity Line of Credit (HELOC), as they see it as a more compelling option. Understanding mortgage fraud Mortgage fraud occurs when individuals or groups intentionally misrepresent information during the mortgage application process for personal gain. The most common forms of mortgage fraud include income misrepresentation, false identity, property flipping schemes, and inflated property appraisals. Over the years, financial institutions and regulatory bodies have implemented robust measures to combat such fraudulent activities. As the mortgage industry adapts to counter established forms of fraud, perpetrators are constantly seeking new opportunities to circumvent detection. This has led to a shift in fraud trends, with fraudsters turning their focus to alternative aspects of the mortgage market. One area that has captured recent attention is HELOC fraud, also known as home equity loan fraud. HELOC fraud: An attractive target for fraudsters What is a HELOC? HELOCs are financial products that allow homeowners to borrow against the equity in their homes, often providing flexible access to funds. While HELOCs can be a valuable financial tool for homeowners, they also present an attractive opportunity for fraudsters due to their unique characteristics. HELOC fraud schemes An example of a home equity loan fraud scheme is a fraudster misrepresenting himself to deceive a credit union call center employee into changing a member’s address and phone number. Three days later, the fraudster calls back to reset the member’s online banking password, allowing the fraudster to login to the member’s account. Once logged in, the fraudster orders share drafts to be delivered to the new address they now control. The fraudster then forges three share drafts totaling $309,000 and funds them through unauthorized advances against the member’s HELOC through online banking platforms. Why HELOCs are becoming the next target for mortgage fraud Rising popularity: HELOCs have gained significant popularity in recent years, enticing fraudsters seeking out opportunities with larger potential payouts. Vulnerabilities in verification: The verification process for HELOCs might be less rigorous than traditional mortgages. Fraudsters could exploit these vulnerabilities to manipulate property valuations, income statements, or other critical information. Lack of awareness: Unlike conventional mortgages, there may be a lack of awareness among homeowners and lenders regarding the specific risks associated with HELOCs. This knowledge gap can make it easier for fraudsters to perpetrate their schemes undetected. Home equity loans do not have the same arduous process that traditional first mortgages do. These loans do not require title insurance, have less arduous underwriting processes, and do not always require the applicant to be physically present at a closing table to gain access to cash. The result is that those looking to defraud banks can apply for multiple HELOC loans simultaneously while escaping detection. Prevention and safeguards There are several preventive measures and fraud prevention solutions that can be established to help mitigate the risks associated with HELOCs. These include: Education and awareness: Homeowners and lenders must stay informed about the evolving landscape of mortgage fraud, including the specific risks posed by HELOCs. Awareness campaigns and educational materials can play a significant role in spreading knowledge and promoting caution. Enhanced verification protocols: Lenders should implement advanced verification processes and leverage data analytics and modeling thorough property appraisals, income verification, and rigorous background checks. Proper due diligence can significantly reduce the chances of falling victim to HELOC-related fraud. Collaboration and information sharing: Collaboration between financial institutions, regulators, and law enforcement agencies is essential to combat mortgage fraud effectively. Sharing information, best practices, and intelligence can help identify emerging fraud trends and deploy appropriate countermeasures. Acting with the right solution Mortgage fraud is a constant threat that demands ongoing vigilance and adaptability. As fraudsters evolve their tactics, the mortgage industry must stay one step ahead to safeguard homeowners and lenders alike. With concerns over HELOC-related fraud rising, it is vital to raise awareness, strengthen preventive measures, and foster collaboration to protect the integrity of the mortgage market. By staying informed and implementing robust safeguards, we can collectively combat and prevent mortgage fraud from disrupting the financial security of individuals and the industry. Experian mortgage is powering advanced capabilities across the mortgage lifecycle by gaining market intelligence, enhancing customer experience to remove friction and tapping into industry leading data sources to gain a complete view of borrower behavior. To learn more about our HELOC fraud prevention solutions, visit us online or request a call. *This article leverages/includes content created by an AI language model and is intended to provide general information.