To really beat someone, or something, one must respect and understand that person or organization, even if they dislike or loathe them. That’s ancient wisdom — “know thy enemy” — that not only applies to martial situations, but to the biggest challenges in life.
OK, enough of the generalities.
Payment and commerce fraudsters are becoming terrifyingly sophisticated. They are able to use cutting-edge technology, black-market websites and top-level, nimble and well-secured global networks to work their craft. Those fraudsters can learn new techniques and keep a step ahead of companies, regulators, law enforcement and governments. This is only likely to get worse. At the least, it won’t get any better — not according to any anti-fraud expert who is worth their rate.
Every business must decide its comfort level with fraud and how much risk to take on, a concept discussed in depth during a new PYMNTS digital discussion, featuring Karen Webster and Kevin Trilli, chief product officer at Onfido. In the webinar, entitled “5 Ways Fraudsters Fake IDs — And How Your Face Can Stop Them,” Trilli not only offered an up-to-date primer on the latest criminal techniques to steal online data and identities, but gave practical and hopeful advice on how to prevent much of that fraud, even as the people behind it keep raising their game.
ID theft stands as the fastest-growing crime in the United States, and, globally, one in 60 transactions are fraudulent. In the U.S., there were 16.7 million fraud crimes in 2017, Trilli said, and $22.1 billion worth of fraud losses. As if that were not enough, Webster told about a man who managed to steal some 500 physical identities, in part, by assuming the personas of missing persons. Even his French accent was not enough to prevent him from working his way into the lives of people who were not French.
Why Friction Is Needed
The first choice in fraud prevention, he said, comes down to risk. How much fraud will an organization absorb without having its business model break down or its reputation destroyed?
A related early step is just an acceptance of reality, an understanding that involves not only businesses, such as retailers, but consumers as well. “Friction is a part of our life at this point,” Trilli said, offering — upon superficial consideration — what sounds almost like heresy in this age of one- or two-click transactions, as well as massive investments that make it possible for consumers to shop with ease from multiple devices or open financial accounts with digital-only firms.
“We have to accept some part of that [friction] for the online world. If it’s not there, can you even trust that organization?” he said, adding that it’s a “fine line” between offering an appealing level of data and ID security, and making the consumer experience as seamless as possible.
Those calculations are pretty much unique to every merchant or payment services provider, and depend on balancing such factors as cost, convenience and reliability. There is no use in counting on some one-size-fits-all technological solution for that problem. “There is no digital identity nirvana,” he told Webster.
Biometric Promise
However, biometric authentication technology offers a strong defense, one that promises to become even stronger with technological development and increased consumer acceptance of its forms.
Consumers are already getting used to using mathematical representations of their fingerprints for access to their mobile devices, computers, financial accounts and for other tasks. The seeming ubiquity of high-resolution video — available on smartphones and online, and increasingly used for personal expression, marketing and retail activity — promises to bring a needed familiarity with facial-recognition fraud defenses, Trilli said.
In fact, “mobile phones are the game-changing technology” for the rise of facial recognition, he said. Of course, criminals are able to keep up with developments in that biometric area. Trilli talked about how copies of photos taken from social media and other sources — with 3D applied after cutting the eyes out — are among the tools that help the most sophisticated fraudsters stay ahead of authorities.
That just means fraud prevention needs to, and does, continue to advance. Among examples offered by Trilli, mounting defenses include vocal response technology that bolsters confidence that the person undergoing facial recognition is legitimate, and software that employs “heat mapping” techniques and algorithms to spot spoofing attempts by criminals — or, more accurately, determine that the odds of fraud are high.
Defensive Cooperation
A good defense against ongoing and emerging fraud comes down to cooperation, and perhaps some governmental prodding. Much like the response to payments fraud over the years, the commerce and payments industries will have to find ways to work more closely to learn best practices, as well as share ideas and case studies.
“This cannot be solved in isolation,” Trilli said. Businesses and other organizations “need to be pulling together and sharing.” After all, a determined enemy, even if much smaller than their target, will have an advantage against unorganized or lethargic foes more worried about each other than a common threat.
Human beings have a top role, too, even as computers and software get smarter. Trilli explained how the “hybrid approach” — by which he meant a fraud prevention process that combines machine learning with human expertise — is needed to thwart digital criminals. One can say what they will about the inherent biases and blind spots of human nature, but the right training and experience can turn human logic, and even gut instinct, into powerful anti-fraud weapons when combined with good software and algorithms.
“It’s a human challenge” Trilli said of fighting fraud and ID theft. “We are trying to take our offline ID and use it online.”
The game will never change. There will always be people who prefer to steal, and who put enough practice into becoming very good at doing so. There will always be victims, real and potential. However, knowledge and smarts are the first and most important requirements for successful fraud prevention, and there will always be ways to keep the odds in favor of the retailers and payments services providers.