Fighting fraudulent account opening

Fraud takes place in many forms and many industries and has been rising in recent years. According to KPMG Global Banking Fraud Survey 2019, over half of the respondents recover less than 25% of fraud losses, thus proving that fraud prevention is key.

It is increasingly important to detect fraud at its earliest part of the financial lifecycle, which in many cases is at the time of application for an account. Application fraud is a rapidly growing issue for organisations in industries such as banking, mortgages, auto lending, financial lending, credit card applications, instant store credit, and retail, to name a few.

US CNP fraud caused by multiple factors will rise 80% over the next four years, to USD 7.2 billion from USD 4.5 billion, Aite forecasts.

Synthetic identity fraud (when a criminal combines real and fake information to create a new identity) accounts for 80–85% of all identity fraud, and ID Analytics estimates that 20% of loan charge-offs and 80% of credit card losses can be attributed to these synthetic identities. Aite forecasts the losses to rise another 53%, to almost USD 1.3 billion, by 2020.

The reason for the rise in application fraud

The sheer volume of personally identifiable information (PII) available on the black market for fraudsters to use as a result of thousands of data breaches over the years. Armed with even a few key pieces of compromised information, fraudsters can open a fake account with a real or synthetic identity.

Growing consumer expectations for 24/7 digital access, as well as competitive pressures, have forced many organisations, such as financial institutions and merchants, to abandon more stringent manual application review processes to open accounts more quickly.

Fraudsters are using stolen identity data combined with bots to open accounts at a very fast rate.

What can companies do to mitigate application fraud, particularly in digital channels?

The best way to prevent account opening fraud is to have robust protections in place across the customer lifecycle and close the door on fraudsters before they can gain access to any account opening processes. Watching for bot attacks is critical, since they involve velocity attacks enabled by automation—usually hijacking a computer to attempt to open hundreds of accounts in a short amount of time, often using the same device repeatedly to perform the fraudulent transaction until the device is detected and disabled. Due to the large volumes of activity generated by a bot attack, simple observation for a spike in traffic can help identify it.

Device authentication is an important part of thwarting fraudulent account opening, as it enables organizations to verify the identity of a device by the device’s unique characteristics. Device authentication technology uses certain unique attributes to create a device ID. By creating and calling on this device ID for subsequent transactions, organisations can more quickly authenticate trusted consumers with the least amount of friction, providing a positive customer experience. Transactions from risky devices can be flagged for next-level review or denied altogether. If the same ID is opening many accounts in a short amount of time, this is potentially a harmful bot. Another important tool in preventing application and new account opening fraud is user behavioural analytics. By quickly recognising typical from atypical behaviours online, businesses can quickly identify potential fraud and prevent it before it becomes a loss.

Also, there are certain behaviours that valid customers tend to do that fraudsters do not. If a person looks at the terms and conditions, for example, it is a good signal that the application is coming from a true prospective customer. Fraudsters do not tend to look at terms and conditions, but they do, however, tend to copy and paste all the information in the forms. Legitimate customers may not do that.

Solution: End-to-end risk platform to thwart AO fraud

By using Accertify’s risk engine, device intelligence, behavioural analytics and machine learning, businesses have unparalleled insights to thousands of device and transaction attributes – across all channels – to assess the riskiness of an application and make a truly informed decision. Accertify performs critical checks that could indicate that a fraudster may be working behind the scenes and helps validate whether additional review is necessary for the account opening process, such as bot detection, spoofing tool detection, malware detection, and the ability to use negative lists for devices associated to fraud.

By looking beyond the user-entered information and examining anonymised site navigation data, customers can quickly identify and stop the complex fraud attacks, such as, identity theft, bot traffic and automated attacks that might be missed by other solutions.

There is no shortage of fraud prevention solutions on the market, but it is important to partner with those solution providers proven to deliver results. Accertify works with the largest global banks, merchants, and airlines and helps turn large volumes of disparate data into actionable intelligence to prevent online account opening fraud, while protecting the user experience.

This editorial was first published in the Fraud Prevention and Online Authentication Report 2019/2020. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Jeff Wixted

Jeff Wixted is VP of Marketing overseeing brand awareness, communication, content, lead generation, and our Digital Identity launch. At Accertify Jeff brings over a decade of experience in card-not-present fraud and related use cases, he also serves as the Treasurer on the Merchant Risk Council Global.

About Accertify

Accertify is a wholly owned subsidiary of American Express and has been working with the largest brands in the world for the past decade to prevent fraud before it happens. Accertify’s elite technological capabilities are built by fraud prevention experts and the solutions have been delivering increased fraud detection, so banks and merchants can prevent fraud while growing their business.