The pandemic has altered day-to-day life in countless ways, driving a digital shift in banking, commerce and countless other services. For the first time, eCommerce sales are expected to hit $1 trillion this year, a significant milestone that exemplifies the titanic role of the internet in the modern economy.
However, this increased online engagement has its downsides, particularly when it comes to digital fraud. Every onboarding, money transfer or sale is a potential entry point for criminals, many of whom leverage identity fraud techniques to dupe automated systems and steal funds or data.
Traditional fraud techniques have major shortcomings in detecting identity fraud, but new solutions have significant upside potential. This month, PYMNTS Intelligence examines the identity fraud methods that bad actors use and how new technologies such as behavioral analytics can detect and stop them.
Businesses, Banks Face Diverse Identity Fraud Threats
Banks and businesses contend with a huge array of fraud threats, with various forms of identity fraud comprising some of the most widespread techniques. A recent study found that stolen identities were the top fraud threat faced by financial institutions (FIs) over the past year at 55%, with synthetic identities taking second place at 44%. Both forms consist of fraudsters assuming false identities, but the specifics differ significantly: While the former method involves fraudsters stealing the identities of real people, the latter sees bad actors constructing new identities out of whole cloth. Unlike fraud committed with stolen identities, synthetic identity fraud has no theft victims to notify organizations of fraudulent applications or purchases made in their names, leaving companies utterly reliant on their own security systems to catch it. This type of fraud costs organizations up to $20 billion per year, and traditional identity verification solutions miss up to 95% of synthetic identity fraud instances.
A related threat that can be even more dangerous is account takeover (ATO) fraud, which consists of bad actors assuming complete control over customer accounts for nefarious purposes. Fraudsters could use stored payment information to make fraudulent purchases, drain accounts of reward points or even steal personal data such as usernames, passwords and email addresses and sell it on dark web marketplaces. ATO attempts skyrocketed 282% last year, and each successful attack cost consumers $290 on average and takes 15 hours to resolve. The opportunity cost of lost customer loyalty is incalculable, as a customer who is defrauded on a business’s platform is unlikely to shop there again.
Businesses have an urgent need to stop these types of identity fraud and prevent the resulting data loss, stolen funds and customer abandonment. Creative fraudsters can bypass many forms of identity verification, but behavioral analytics can stop them cold.
Fighting Identity Fraud via Behavioral Analytics
Businesses generally agree on the need to protect themselves and their customers from fraud attacks, with recent PYMNTS’ research finding that more than 77% of firms felt that using digital processes to authenticate customer identities is as important or more important now than it was in the past.
There are plenty of potential sticking points in customer authentication, however. Many identity verification systems have high levels of customer friction, requiring users to enter multiple pieces of information or stopping a purchase or application process entirely to double-check the user’s identity. A case study found that an online lender suffered up to 70% attrition in the completion of a simple loan process, with the vast majority of customers deciding to abandon the application entirely rather than undergo an identity verification procedure. This level of abandonment can potentially be even worse than the losses from simply allowing fraud to go unchecked — obviously not a reasonable option.
Behavioral analytics can do away with much of this friction without compromising fraud detection. Unlike other intrusive verification systems such as multifactor authentication (MFA), behavioral analytics does not require customers to perform added steps but instead observes their entry of names, usernames, addresses or other identifying details that are already required. Legitimate customers will enter their own names quickly and with few errors, for example, while a fraudster might introduce misspellings or might copy-paste the name from another form. One behavioral analytics case study found the system saved the user more than $800,000 in fraud losses, including those from fraud methods that its existing cybersecurity system missed.
Many forms of identity fraud are almost invisible to modern fraud detection systems, making behavioral analytics an ideal second line of defense. The funds saved in stopping fraud are matched only by those gained in preventing customer abandonment.