In this month’s “Monetizing Digital Intent Tracker,” Angie Dobbs, VP of fraud and risk at Wave Financial, tells PYMNTS how multilayered authentications are proving to be more effective in fighting fraud than their single-door counterparts.
Digital fraud is a clear and present danger to banks, businesses and organizations of all kinds. Bad actors deploy stolen identities, synthetic identities, account takeovers, botnets, denial of service attacks and numerous other techniques against any target they deem vulnerable, all in the name of stealing customers’ funds or personally identifiable information (PII).
Preventing a variety of fraud types is a full-time job, but even with the very best efforts, subpar authentication systems can let companies down. Some of the most effective techniques involve leveraging both post-submit authentication data and pre-submit behavioral data, as exemplified by software company Wave Financial.
“Our models take into account behavioral data, like how users navigate our sites, combined with the hard production metadata, such as PII of the cardholder and geographic information of their devices,” said Angie Dobbs, vice president of fraud and risk for Wave.
In a recent PYMNTS interview, Dobbs offered an inside look at the dangerous fraud threats facing organizations today and why a multilayered authentication system combining pre- and post-submit data is one of the most effective fraud prevention methods available.
Pressing Fraud Threats
The most pressing type of fraud facing the financial industry on a daily basis is new account fraud, according to Dobbs. Fraudsters steal or develop new identities out of whole cloth and attempt to create fake accounts, bypassing traditional verification checks, such as Social Security numbers, because they already possess the information.
“The majority of fraud we experience is new account fraud, consisting of stolen or synthetic identities used to create payments accounts which are then used to process stolen card data,” she explained. “We also experienced your typical account takeover fraud, but by and large, it’s a new account fraud problem.”
These bad actors are primarily attempting to drain customers’ accounts of funds, either by hijacking their accounts directly or tricking them into sending money into their fake accounts. Stopping this fraud after it occurs is difficult, as the money is already gone from victims’ bank accounts and fraudsters shut down fake ones as soon as they hit paydirt.
“They steal an identity or create an identity of a business owner and a fake, fictitious business,” said Dobbs. “They generate invoices for those businesses and charge the stolen credit cards on those. So if we don’t detect it, then they take the funds, and once they charge back, we’re at a loss.”
Preventing this type of fraud requires ironclad customer verification, but it cannot scare away legitimate customers in the process. Wave employs behavioral data to augment post-submit data, such as passwords, to strike this balance.
Leveraging Behavioral Data to Augment Existing Post-Submit Defenses
Multiple defensive layers are vital to stopping fraud, as an enterprising bad actor armed with a workaround for a single defensive system can run rampant within companies’ systems. Fraudsters constantly innovate new techniques, potentially developing countermeasures for existing authentication systems with zero warning.
“There is no silver bullet,” said Dobbs. “There are varying types of data breaches, and our identities are becoming more complex. Physical data is being compromised and less reliable as a verification method. Devices are playing a bigger part — we’ve always got our phones by our side — but even those are being doctored or phone numbers being forwarded.”
The most effective method to shore up existing post-submit defensive layers is by leveraging behavioral data, she said. Wave’s technique involves observing how users navigate its website and determining their likelihood of being legitimate users or fraudsters.
“A real user is going to peruse, they’re going to click around, they’re going to try to understand what they’re here for,” said Dobbs. “But a fraudster, typically, is familiar with our site, and they know exactly how to go for the goods.”
Leveraging this pre-submit behavioral data and the post-submit data in tandem will be vital in preventing bad actors from gaining access to valuable funds and personal information. Either deployed in isolation will be far less effective.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More