Synthetic identity fraud and phishing scams are growing in complexity and scale, and companies can no longer rely on a single line of defense to keep them in check. In this month’s Monetizing Digital Intent Tracker, Harris Chen, senior product developer at identity decisioning platform Alloy, discusses how behavioral analytics can play an integral role in helping businesses round out their fraud prevention strategies.
Digital fraudsters have grown creative their tactics, leveraging everything from synthetic identities to social engineering to brute-force bonnet attacks, and the number of potential attack vectors swells by the year. Companies that attempt to keep their customers safe with a single security stack are beginning to find themselves overwhelmed by the sheer number of schemes in play.
Many companies find that a multilayered defense offers a superior approach, as various security measures work in tandem to cover all potential attack vectors. One key facet of this defense-in-depth approach is behavioral analytics, according to Harris Chen, senior product manager at identity decisioning platform Alloy.
“It’s always good to never put all your eggs in one basket,” Chen said in a recent interview with PYMNTS. “Behavioral analytics is great because it allows good actors to have less friction and allows you to add friction to potential bad actors.”
Chen offered PYMNTS an in-depth look into the multifaceted threats that companies in the digital ecosystem face. He also explained how behavioral analytics could be integral to multilayered fraud prevention protocols.
Pressing Digital Fraud Threats
One of the biggest threats organizations face these days is synthetic identity fraud, Chen said. Synthetic identities are created from scratch and are wholly fictional. This type of fraud differs from traditional identity fraud, which involves bad actors stealing an identity and using it for schemes that rely on impersonation.
“The thing about synthetic fraud is that it’s not perpetrated very easily,” Chen said. “They’ll create a fake identification, then accumulate experience as a person and build a credit history, and then, once they have the requisite credit experience, they’ll use that identity to perpetrate fraud.”
Account takeovers represent another pressing threat. These scams occur when a bad actor seizes control of a legitimate customer’s account and steals data, funds or other information. Fraudsters can even assume the account holder’s identity, accessing the email address associated with the account and using it to defraud others who may have a personal relationship with the victim.
“Account takeover and account theft are huge because we’re all at home [because of the pandemic],” Chen explained. “If I see an email from my CEO, I’m not right next to them, so I can’t say, ‘Hey, did you send me this?’ Unless we have our guard on all the time, it’s a lot easier to fall victim to these sorts of phishing attacks that are getting more and more sophisticated.”
These are just two of the hundreds of schemes that fraudsters deploy daily against companies of all types. Facing these varied threats requires a multifaceted defense system that harnesses behavioral analytics as a key component.
Behavioral Analytics as a Defense in Depth
Fighting a staggering variety of fraud schemes requires a cybersecurity system with overlap and redundancies, as any attack that makes it past one defensive layer can be stopped by another. Relying on a one-size-fits-all security stack could backfire if a fraudster finds a way around it.
“If you have some sort of security breach at a data provider, for example, and a lot of information was compromised, you don’t have to rely on just them,” Chen explained. “You can have another provider, or you can have redundancies. You can step up verifications. It just keeps you a little bit more covered in case something goes wrong.”
Behavioral analytics can be an integral part of these multilayered security systems. A fraudster that manages to gain a customer’s username or address will have to enter this information, for example, and the analytics system can stop them dead in their tracks by analyzing their typing patterns for this stolen data.
“Every time they’re putting in a new address or a new email, you can see if this person is copy-pasting a whole lot of [personally identifiable information],” Chen said. “[A legitimate customer] should probably know this information, so why would they be doing that? Is it being auto-filled?”
Any company dealing with the entry of personal information could be well served by adding another defensive layer that analyzes how this information is entered. Failing to catch a fraudster could have devastating consequences, making technologies such as behavioral analytics worthy additions to companies’ fraud-fighting lineups.