Rising identity theft casts a shadow over fraud prevention

New fraud threats continue to challenge financial services organisations as the pandemic continues. Most notably, identify theft and its companion, synthetic identity, are continually escalating fraud types that target consumers and frustrate anti-financial crime analysts. Identity fraud, and the use of synthetic identity methods, kept pace as consumers adopted instant and digital payment methods and dramatically shifted the way they shopped and interacted online. As a result, these threats became so dominant that around 18 million people were targeted by fraudsters through P2P payments systems and digital wallets in 2020.

Indeed, these threats have characteristics that make these types of fraud challenging to shut down. For example, data breaches, the increasing availability of intelligent technology and computing power, and the volume of personally identifiable information (PII) available through online sources have created a virtual playground for bad actors to conduct fraud at a massive scale.

Fraudsters make identity theft look so easy. Savvy fraudsters or cybercriminals steal protected personal information (PPI) via data breaches or appropriating a driver's license or other forms of ID and then using the information to commit fraud by posing as a real person to access their credit information. A bad actor also targets a consumer directly by using techniques like phishing emails, skimming, or robocalls to steal sensitive information. Even during the pandemic, as people posted their COVID shot proof online, the warnings went out to mask identification for fear that fraudsters could connect the dots back to a complete identity profile. 

Automatic synthetic fraud at scale

There are two primary categories of synthetic fraud. First, there is simple manipulated fraud, where minimal alterations are made to a legitimate identity. Second, there is also manufactured fraud, which is a little more complicated, where data is pieced together from multiple real identities to create a new false identity. The main targets for these fraud scenarios are vulnerable demographics representing identity groups that may be challenging for the financial institution to authenticate. These targets could include young adults just starting out; the homeless with shifting addresses; the elderly, faced with a range of issues; and even the recently divorced who may be going through name and address changes.

Cybercriminals and fraudsters go to extreme lengths to lure these at-risk populations, deploying sophisticated techniques and practices to collect information and elude detection. They build systems and processes to do this automatically and at scale and even familiarise themselves with the authentication controls and technologies used by FSOs so that they can more easily bypass these deterrents.

The fraudster has a tried and true process, first compiling as much data about an individual identity as possible through a combination of widely available online sources, primarily the dark web. The dark web is a resource where the fraudster may inexpensively purchase PPI about an individual, including addresses, mother's maiden name, and phone numbers. In addition, underground services are often used to augment the synthetic identity, such as virtual phone numbers, to help fraudsters get through application processes requiring tokens by phone. Finally, with all this information in hand, the criminal can start applying for accounts at multiple FSOs by using tools and browsers that emulate the characteristics expected to be associated with that identity, adding a convincing level of authenticity to the synthetic identity.

Leveraging analytics early on

How are FSOs fighting these types of fraud? First, FSOs are leveraging advanced analytics-based tools to detect fraud early on. Proactive fraud detection requires predictive using advanced machine learning (ML) models trained on comprehensive data sets to discern behavioural patterns. Fraud teams can then understand and identify the types of fraud perpetrated against the organisation and make accurate, data-driven decisions. In addition, organisations are exploring the potential of technology beyond an instrument for reducing fraud losses and operational costs and as an enabler for digital banking and differentiating customer experiences.

Financial services organisations need to focus on data collection, data integration, and data enrichment to add value for passive authentication solutions when addressing identity fraud and synthetic identity fraud. This approach will help deliver the right amount of friction based on customer risk level while simultaneously securing channels. Passively collecting data and building digital identity profiles around the data points of every good interaction, and using this as a baseline to verify against, can mitigate the need for cumbersome friction touchpoints across every transaction - which ultimately results in a poor user experience. Instead, FSOs should smoothly usher customers along to the application page or product and provide an experience that aligns with that customer risk level.

The key to deploying a tailored degree of friction per individual customer is using abundant data to authenticate identities and augment any missing information with advanced analytics to recognise and manage risk across the customer lifecycle. FSOs can then mitigate fraud based on a holistic view of risk and identify legitimate customers to streamline conversion. When layered with dark web monitoring, FSOs can transform from reactive to proactive fraud prevention and apply the proper controls to render identity fraud and synthetic identity fraud threats ineffective.

All financial institutions have some form of identity verification solution. In many cases, they have several, with institutions regularly adding new data and point solutions to adapt to new and emerging threats. This fragmented and reactive approach is not sustainable and ultimately impacts account conversion rates. Partnering with industry leaders in the fraud prevention domain can provide the necessary guidance and capabilities to leverage advanced analytics-powered fraud prevention at scale, with the agility to adapt quickly. Ultimately, this action will reduce synthetic identity fraud and increase customer satisfaction.

About Glenn Fratangelo

Glenn Fratangelo, NICE Actimize Director of Fraud Product Marketing, is a marketing leader with a deep understanding of technology markets, building and launching technology products, services, and alliances.

About NICE Actimize

NICE Actimize, the industry’s largest and broadest provider of financial crime, anti-money laundering, enterprise fraud and compliance solutions is the leader in Autonomous Financial Crime Management. NICE Actimize drives the Autonomous journey with ActOne for investigation and case management, as well as X-Sight, a cloud-based Financial Crime Risk Management Platform-as-a-Service.