Voice of the Industry

Why fraud attacks will become increasingly account-centric

Monday 12 November 2018 08:24 CET | Voice of the industry

As bad actors never quit their act, Amador Testa of Emailage explains the importance of implementing processes which address the continued rise of synthetic ID fraud.

Recently, I’ve spoke with several customers and other companies who are showing an increased focus on new account application fraud as well as other similar registration processes. A lot of opportunity exists in this segment as more channels and new regulations will lead to a diversification of threats, which many of us are already experiencing.

We are seeing a very clear shift in the market as well, with companies increasingly seeking answers to the digital identity problem.

The big conversation revolves around a single question.

How can companies successfully ID someone, with minimal friction, when opening a new account or making a CNP transaction?

The answer is yet unclear. Current developments point to solutions which analyze underlying transactional data as well as any type of biometrics.

As the saying goes, history doesn’t repeat itself but it does rhyme. There are echoes of the EMV rollout here. When physical card security became more robust, the vast majority of fraud events shifted online to CNP transactions, fraudulent applications and more.

As I write this article, the big players in the space are now working to make online commerce more secure. Regulators are also hard at work on initiatives, such as PSD2, which feature focus on much stronger authentication for CNP transactions. There will be disruptions and unforeseen circumstances this time as well.

Fraud trends continue to shift

From our viewpoint, we believe that these realities will drive even more fraudulent to account applications and registrations.

Customer data is a key enabler for large-scale fraud attacks. The frequency of data breaches and other successful attack types has provided fraudsters with valuable sources of personal information to use in account takeover or synthetic identity fraud.

These account-centric attacks can result in many other losses, including brand damage and diminished customer trust. Mitigation of these clear and present threats is as important as ever for businesses and financial services customers alike.

Fraudsters exploit existing relationships for profit.

Fraudsters know that you have controls based on the tenure of an account. In order to outflank these controls, they create accounts then “sit” on them for enough time for them to appear legit. En masse, these farmed accounts are called “sleeping cells” and they are a major threat to your business.

What is a sleeping cell? Think of these as dormant accounts that are anything but. Instead, they are being intentionally aged to lend an air of credibility.

That time could be 3 months, or 6 months. The actual amount of time will be based around how much they have tested your control points. And you can be sure that they have tested them, much more than you know. At the end of the day, fraudsters are attempting to give you an impression that these accounts represent “good customers” with tenure, so your controls become irrelevant.

How much could you lose to an attack by sleeping cells?

First you have to determine your average fraud loss, per account. Then, determine the percentage of accounts that are potential sleeping cells, or otherwise “at risk” based on tenure.

Think of it this way: If your average fraud loss is USD 2,000 and even as little as 5% of your account portfolio is at risk (let’s say that‘s 100 accounts total), losses would represent USD 200,000.

Food for thought: the Association of Certified Fraud Examiners estimates that organizations suffer annual fraud losses equal to 5% of their revenues.

How we fight back

For our side, our solution has been evolving on several front. One being the identity space, we have initiatives connect elements coming from a transaction in order to better understand user behaviors so our customers can approve transactions with minimal risk.

Additional analytics-based solutions can combat synthetic ID fraud by delivering insight that detects linkages and suspicious patterns, which help determine that the applicant is a real person.

These models leverage advanced keying logic to validate components of an applicant’s identity beyond an SSN. Keying technology drives down the number of false positives that normally accompany fraud products.

The most sophisticated solutions provide information that helps determine if there are inconsistencies with the applicant’s behavior across a consortium of data or if the application has high-risk variables that are known to be predictive of fraud.

Fraudsters are highly motivated to innovate their approaches as rapidly as possible, and it’s important to implement processes which address the continued rise of synthetic ID fraud from multiple engagement points.

About Amador Testa

Amador is a fraud prevention expert with extensive experience in leading product management and strategy to combat fraud. He is an industry leader in online fraud, identity theft mitigation and cybercrime investigations.



About Emailage

Founded in 2012 and with offices in Phoenix, London and Sao Paulo, Emailage is a leader in helping companies significantly reduce online fraud. Through key partnerships, proprietary data, and machine-learning technology, Emailage builds a multi-dimensional profile associated with a customer’s email address and renders a predictive risk score.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: machine learning, Account fraud, synthetic ID, data breaches, iD, identity theft, retailers, Amador Testa, Emailage
Countries: World