Next-Gen Fraud Strategies Use Data to Onboard Customers Safely

Business need to fight fraud with data, says Bryan Lewis, CEO of Intellicheck. He breaks it down in the new PYMNTS eBook, “The Implications of Uncertainty.”

 

Data breaches and mail theft have resulted in a record level of available compromised identity information, payment information, login information and even stolen checks. It has been said that “At this point, all of our information is out on the dark web and it’s now just a matter of when it is going to be used against us.”

Combined with inadequate fraud strategies, fraudsters have the key to the castle; it’s a perfect scenario of having the answers to the quiz ahead of time.

Let’s talk about how it’s done:

  • Identity theft and identity impersonation: The onslaught started in 2017 with 147MM records breached and has multiplied every year since then. Last year, there were over 3,200 separate data breaches that resulted in over 353 million records being released on the dark web.
  • Rapid increases in mail theft provide more compromised information as well as valid documents that are used for identity theft and check fraud.
  • This breached data is shared online, where a criminal can purchase a complete identity that includes name, address, Social Security number, DOB, credit score and current open account information for less than $30 per identity. (The amount of data now available online is abundant.)
  • Armed with this trove of real data they purchase a fake ID from overseas for less than $100. These IDs have their picture on it with the PII data of their victim and pass the traditional ID verification checks which allows them to assume and impersonate the identity of the victim they targeted. These high-quality fakes even fool law enforcement.

From there, they can:

  • Open new accounts: By impersonating a victim with no previous instances of fraud having been reported through the traditional credit agencies they are able to open multiple accounts within a 30-day period before the victim or issuing lender is ever alerted.
  • Account takeover attacks: ATO attacks increased 354% year over year in 2023. Fraudsters know this is the easier path since no credit pulls are needed and knowledge-based answers are what is often deployed to verify account information. Contact and call centers are often used to explore the defenses in place and then social media is leveraged to gain additional information needed for successful ATO attempts.

What are some of the inadequate fraud strategies still being used?

  • Confirming the exact same data sources that the criminals use — which is the valid personal identifiable information that they have purchased through the dark web. Fraudsters are highly effective at gathering accurate information and using it to impersonate their targets. We must go beyond confirming the same data.
  • Depending on ID verification tools that are highly susceptible to false positives and false negatives due to templating models that rely on image quality and OCR processing. Fraudsters bypass ID Verification processes by submitting low-quality images which forces manual reviews that now rely on the human eye — and that is never good.

How does Intellicheck implement next-gen fraud strategies?

  • By using authoritative data sources to verify the validity and ownership of the presented document. This includes verification of the hidden encoded security features that are not public knowledge versus templating models that are widely available online.
  • Implementing passive datasets that empower platforms to move beyond submitted personal identifiable information:
    • Proxy detection: What is the IP address they are coming in from if online?
    • Geo location: where is the transaction really taking place?
    • Device fingerprinting: how many times has this device been seen?
  • Behavioral analytics: Behavioral models comprise all available datasets and serve to shed a true light on the situation beyond traditional data checks.
  • And finally, building data consortiums:
    • Coming together to build a network of trust and certainty by sharing passive and transactional data.
    • Better understanding the tools that fraudsters use, which now includes artificial intelligence (AI) and data sharing. They are well coordinated, and we must be as well to win the war.

 What are the benefits of implementing these next-gen fraud strategies?

  • You shatter the traditional glass ceiling put in place with previous outdated fraud strategies.
  • You stop the bad guys in their tracks by not continuing to use the strategies that they have depended on to be successful.
  • We take the answer book away from them by instead using authoritative and passive datasets.
  • You create strategies designed for customers, not fraudsters. This creates lower-friction processes that do not make your real customers feel like criminals.
  • This leads to lower abandonment and Increased conversion rates – customers are no longer frustrated by your KYC processes.
  • We help our customers achieve on average a 20% increase in new account openings while mitigating fraud losses to less than 1% on those new account openings.
  • You protect your customer base which creates more customer loyalty.
  • Stopping the bad guys from creating a devastating path of destruction with your customers. Customers who are victims of identity theft face heavy financial losses but also endless hours of time and energy trying to dispute and repair
  • At the end of the day, everyone has a budget in place for acceptable fraud losses — but no has a limit in place for the number of new customers they want to acquire.