Tag: FraudNet

Digital channels undoubtedly create convenient experiences for consumers. We have the luxury of applying for loans or creating investment accounts from the comfort of home. However, the same opportunities are available to fraudsters. Fraudsters continue to find creative and innovative ways to expose vulnerabilities across all types of businesses. They prey on inexperienced or low-bandwidth teams that have not invested in the appropriate fraud tools in the past. Despite the imminent fraud risk involved, both consumers and businesses continue to embrace digital channels. With 90 percent of consumers worldwide conducting personal banking online, how do we protect these digital platforms with finite resources? A leading digital financial services company was forced to address this question when they experienced a large-scale fraud attack. But they weren’t in this fight alone. Download the full case study to see how our risk analyst used FraudNet to prevent millions of dollars in fraudulent funding. Client: A leading digital financial services company that operates with zero in-person branches with more than 7,000 employees Challenge/Objective: In October 2018, fraudsters deployed a large-scale, scripted attack against a North American financial services company. The fraud team was extremely understaffed. The fraud team was unable to detect and respond to the attack quickly. The fraudulent account opening activities eventually blended into account takeovers. Resolution: Our risk analyst worked quickly to analyze the geolocation, velocity and device rules firing within FraudNet for Account Opening. By having these rules in place, FraudNet was able to flag and outsort thousands of suspicious applications. Despite being a small team, the fraud investigators were able to work efficiently within the FraudNet workbench and review the true, high-risk applications. Results: Thanks to our risk analyst’s quick remediation and the FraudNet proprietary device rules: 23,800 fraudulent applications were outsorted for review. An estimated $35.7 million in fraudulent funding was prevented. However, the fight against fraud is ongoing. Our risk analyst continues to work closely with the fraud team to develop an effective strategy to prepare against future attacks.

A recent survey reveals that 30 percent of travelers have experienced identity theft while traveling or know someone who has.

As we discussed in our earlier Heartbleed post, there are several new vulnerabilities online and in the mobile space increasing the challenges that security professionals face. Fraud education is a necessity for companies to help mitigate future fraud occurrences and another critical component when assessing online and mobile fraud is device intelligence. In order to be fraud-ready, there are three areas within device intelligence that companies must understand and address: device recognition, device configuration and device behavior. Device recognition Online situational awareness starts with device recognition. In fraudulent activity there are no human users on online sites, only devices claiming to represent them. Companies need to be able to detect high-risk fraud events. A number of analytical capabilities are built on top of device recognition: Tracking the device’s history with the user and evaluating its trust level. ​Tracking the device across multiple users and evaluating whether the device is impersonating them. Maintaining a list of devices previously associated with confirmed fraud. Correlation of seemingly unrelated frauds to a common fraud ring and profiling its method of operation. Device configuration The next level of situational awareness is built around the ability to evaluate a device’s configuration in order to identify fraudulent access attempts. This analysis should include the following capabilities: Make sure the configuration is compatible with the user it claims to represent. Check out internal inconsistencies suggesting an attempt to deceive. Review whether there any indications of malware present. Device behavior Finally, online situational awareness should include robust capabilities for profiling a device’s behavior both within individual accounts and across multiple users: Validate that the device focus is not on activity types often associated with fraud staging. Confirm that the timing of the activities do not seem designed to avoid detection rules. By proactively managing online channel risk and combining device recognition with a powerful risk engine, organizations can uncover and prevent future fraud trends and potential attacks. Learn more about Experian fraud intelligence products and services from 41st Parameter, a part of Experian.