New Account Fraud is generally defined as fraud that occurs when an account is less than 90 days old and opened with the intention of stealing funds. And with 48% of all fraud value stemming from accounts that are less than a day old (according to RSA Security), it is fast becoming one of the biggest problems in the digital banking era, costing the financial services industry billions each year, with Javelin reporting 2018’s losses at USD 3.4 bln. Yet, on the face of it, banks seem a little reluctant to tackle the issue.
Customers want a frictionless online experience, and the banks know it. With the market becoming more saturated due to Open Banking initiatives and the success of several challenger banks, financial services companies are more eager than ever to find ways to keep the onboarding process as quick and easy as possible, ensuring it is attractive to prospective customers.
According to analysis from electronicid.eu, a bank’s onboarding conversion ratio can be increased by more than 60% simply through making it easier to do. Banks prioritise optimising the onboarding process to stop customers from giving up before they have even signed up to services.
However, the easier banks make it for legitimate customers to onboard with them, congruently the easier it is for fraudsters to open illicit accounts. The big question, then, is: how does a bank create a frictionless online experience for real customers while at the same time effectively identifying and counteracting New Account Fraud?
Many use customer service agents as a first line of defence – there are 15 red flags that banks can watch out for when a new customer is opening an account, according to the Association of Certified Fraud Examiners (ACFE), such as mismatched names and addresses, or as overly friendly applicants. However, it goes without saying that this manual, human-driven identification process is not 100% reliable and is even less scalable.
Some banks will deploy anti-fraud solutions based on threat intelligence feeds. These work by analysing an application for previously seen suspicious patterns and making a decision about the fraud risk based on this information.
The problem with threat intelligence is that it cannot detect against unknown threats, for example when a synthetic or stolen identity is being used. A synthetic identity is when legitimate information is blended with fake data to create a new, fraudulent identity, which often slips through traditional security measures unnoticed.
Bear in mind that it isn’t small-time crooks performing these scams. New Account Fraud happens on an industrial scale. For example, organised crime rings often open numerous new accounts using synthetic identities, therefore controlling these accounts from day one. Then they cycle the cash between them, extending credit lines before ‘busting out’; when they withdraw money up to the credit limit with no intention of repaying the loan.
The way to protect against New Account Fraud is through additional identity checks to certify that the customer is in fact who they say they are. However, introducing identity proofing solutions where users need to provide ID documents when signing up online will clog up the onboarding process or discourage users from completing it.
How to stop New Account Fraud in its tracks
A new, integrated strategy is needed. The most comprehensive way in which to combat New Account Fraud without negatively affecting the end user experience is with a holistic, multi-layered approach to financial security founded in behavioral biometrics.
Behavioral biometrics can authenticate a user continuously and invisibly in the background during an online banking session. The behavior of each user – for example the way in which they hold their phone, the speed and rhythm with which they type their details (analysing their physical-brain response, i.e. if they are using their long-term or short-term memory), or how they navigate the online banking session – is checked to see if the customer is suspiciously aware of the process or using fake or stolen identity information. Those behavior parameters are contrasted with other similar customers at the same bank. This contextualised detection also works by comparing a new user’s interactions to the modus operandi of known criminals who have targeted the bank previously.
Through continuous profiling of users, analysing how each new user behaves themselves and how they behave compared to both legitimate customers and known fraudsters, it becomes possible to ‘weed out’ the criminals in real time. Behavioral biometrics thus allows the customer to be unobtrusively authenticated from login to logout, and during the entire onboarding process. New account fraud is stopped before it has occurred.
About Tim Ayling
Tim Ayling is currently the Vice-President EMEA at buguroo. With over 20 years’ experience in the cybersecurity and anti-fraud industry, Ayling began his career in technical support, and moved on to System Engineering. He started his leadership career when he established Entrust Inc. in Australia in 2003 and was made Vice-President Asia Pacific in 2006. Ayling has held numerous leadership roles in large cybersecurity vendors, including serving as the Global Head of Fraud Prevention Solutions at Kaspersky Labs, as EMEA Director of Fraud & Risk Intelligence at RSA Security, as well as spending time in the cyber-security practice of KPMG.
About buguroo
Headquartered in Madrid, Spain, with offices across Europe and America, buguroo helps protect more than 50 million banking customers from online fraud. The company’s flagship anti-fraud solution, bugFraud, utilises deep learning technology combined with behavioral biometrics, device assessment, and advanced malware detection to profile each customer interaction, enabling banks to continuously check that any online user is who they claim to be and is not being manipulated by fraudsters.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now