New customer acquisition: How to manage fraud risk in an age of digital migration

Gemma Staite from BioCatch provides key insights on how behavioural biometrics can be used to reduce online fraud and protect against cybercriminals

The financial services industry has been at the forefront of digital transformation, but investment in digital channels was accelerated due to the COVID-19 pandemic. With access to physical branches greatly limited, or even completely shut down, consumers had no choice but to move their business online.  

According to McKinsey, there was a 10% to 20% rise in digital banking across Europe in one month alone, growth which would typically take two to three years. Besides everyday banking transactions, such as checking their balance, bill pay or sending a payment, online account opening has more than doubled at most banks since last year.  Recent studies suggest that consumers are voicing a growing demand for more online services and touchless banking since the pandemic with 79% of consumers citing a preference for their banks to offer more all-digital services. 

These consumer lifestyle changes are presenting a great opportunity for many banks to grow their customer base and attract new or underbanked populations.  This is good news from a cost-efficiency perspective as the acquisition cost for a digital customer is USD 77 per account while the cost for acquiring a non-digital customer is more than 50% higher, or USD 138 per account. 

Digital migration opens the door to fraud risk

There is no question that digital channels offer banks a tremendous business opportunity to acquire more customers at a fraction of the cost.  But this digital migration has also opened up more risks as cybercriminals follow the money.  From credit cards and bank accounts to a wide range of lending products, cybercriminals are sparing no effort to turn a profit by exploiting weaknesses in the account opening process. Several challenges have emerged when it comes to managing fraud risk in account opening including:

• Synthetic identity fraud.  This occurs when a cybercriminal combines legitimate data with synthetic data not associated with a real person to create a whole new identity. According to the Federal Reserve Bank, synthetic identity fraud cost lenders around USD 6 billion and was cited as 20% of all credit losses in 2016, the most recently available numbers. 
• Mule accounts. While typically used as a means to move stolen funds from compromised accounts, mule accounts are increasingly being opened to establish a relationship with a bank and later applying for credit. One large bank in Asia found that 70% of their credit card lending fraud cases had come from “trusted” customers that were later identified as mule accounts. The lack of industry standards and best practices for detection and monitoring has contributed to an ideal environment for mule accounts to flourish.
• Buy Now, Pay Later.  The “buy now, pay later” financial model is booming globally. These services offer an interest-free platform for consumers to make purchases at online storefronts and pay the costs in small, affordable installments over time with a debit or credit card or bank account.  Cybercriminals are able to use stolen identities and financial information to open new accounts and initiate fraudulent purchases.  These fintech platforms are still in their infancy so there is little data that has been reported on estimated fraud losses tied to the service. However, it is one to watch.

A new perspective for new challenges

Strengthening digital channels to meet customer demands requires a new perspective, one that emphasizes streamlining the user experience while also providing top security. Behavioural biometrics is an artificial intelligence-powered technology that studies digital behaviour to distinguish between “the good” and “the bad” based on analysis of cognitive traits such as short-term and long-term memory and how that presents itself in human-device interaction.  However, a good behavioural biometrics solution requires more than just good machine learning models.  

Expertise in online user behaviour as well as the psychology of cybercrime and social engineering is key for developing the models that produce highly accurate behavioural biometric profiling to detect account opening fraud.

Let’s consider this from the perspective of data familiarity and how that translates to differences in digital behaviour.  A legitimate user is familiar with their personal data so entering it into an online form is intuitive.  However, a cybercriminal is not familiar with the personal data and may display excessive deleting or rely on cut and paste techniques or automated tools to enter information.  This will clearly present itself in digital behaviour patterns, for example, toggling between applications to copy data from a list of stolen identities.

Behavioural insights that suggest low familiarity with data is a powerful indicator for detecting risk in the account opening process.  According to BioCatch analysis, 64% of confirmed account opening fraud cases showed behaviours indicating a lack of familiarity with data. When you start including other behavioural insights, you can see how powerful behavioural biometrics is in predicting the likelihood of fraud events.

It has become easier than ever for cybercriminals to spoof location, IP address and device attributes.  Whether through publicly available tools or advanced malware, they are able to circumvent traditional identity proofing and fraud prevention controls to appear as a legitimate user.  On the other hand, attempting to spoof someone’s physical and cognitive digital behaviour is near impossible.

Register now for a live webinar with BioCatch, and hosted by The Paypers, on November 19. This interactive session will walk through a series of real-world cases and demonstrate how behavioural biometrics can be used to decide who to let into your digital door. 

About Gemma Staite

Gemma is a Lead Threat Analyst at BioCatch where she works closely with customers to maximise the value they get from their technology investments.  Gemma has spent 17 years working in fraud and financial crime roles within the UK banking sector.  Prior to joining BioCatch, she led a Fraud Analytics team specialising in Data Analytics for online banking fraud prevention and managed a number of fraud tools, including BioCatch.

About BioCatch

BioCatch pioneered behavioural biometrics, which analyses an online user’s physical and cognitive digital behaviour to protect users and their assets, all the while protecting user privacy. Today, customers around the globe leverage BioCatch’s unique insights to more effectively fight fraud, drive digital transformation and accelerate business growth. With nearly a decade of data, over 50 global patents and unparalleled experience analysing online behavior, BioCatch is the leader in behavioural biometrics. For more information, please visit www.biocatch.com