Even prior to the outbreak of COVID-19, instances of digital identity fraud and theft were increasing at an alarming rate.
Experian’s Global Identity and Fraud report, launched in January 2020, found that 3 in 5 businesses had reported an increase in fraud incidents over the past 12 months. In the UK, fraud prevention service Cifas revealed that cases of digital identity fraud increased by nearly a third from 2014 until the end of 2019.
With easy access to consumer data and the latest technological tools at their fingertips, cyber-criminals have been able to exploit system vulnerabilities with increasing sophistication. The growth in digital financial services and online banking has increased the number of potential attack vectors, driving up instances of digital identity fraud. Even the growth of social media has a role to play, making it all too easy for consumer’s personally identifiable information to fall into the wrong hands.
The cost to individual victims can be extremely damaging, while the cost for businesses can be devastating. According to Juniper research, online payment fraud for e-commerce, banking services, airline ticketing and money transfer businesses, will generate cumulative losses of more than $200 billion, from 2020 to 2024.
The impact of COVID-19 on online identity fraud
Unfortunately, the disruption caused by the international pandemic has only exacerbated the situation. Fraudsters have taken full advantage of the chaos, exploiting a sudden increase in digital payments to take advantage of vulnerable individuals, groups and companies. Especially susceptible are those customer bases who have long been accustomed to in-person interaction and have suddenly found themselves navigating an unfamiliar digital economy.
Meanwhile, consumers and financial institutions alike, have had little time to get to grips with the stimulus cheques, furlough payments, increasing unemployment benefits and other measures brought in to ease financial hardship. In the US alone, the FTC report that consumers have lost more than $300 million to COVID-19 related financial fraud since January 2020. Put simply, uncertainty and upheaval have created the perfect storm for scammers to exploit.
As the financial sector grapples with a rise in authorised push payments, account takeover, identity theft, phishing and spoofing, the need for greater fraud resilience is clear. Traditional security methods such as passwords, knowledge-based authentication and digital signatures are no longer sufficient protection against fraudsters, who are nothing if not adaptable. COVID-19 has only accelerated a shift in favour of advanced solutions, which have long been necessary in effectively mitigating financial crime.
A multi-factor approach to fraud prevention
Account credentials and payment card details remain vulnerable to phishing and data hacks, leading to account takeover or online transaction fraud. Developments in open banking and real-time payments, for all their many advantages, are readily exploited by fraudsters who can transfer funds from a victims account before they have time to notice suspicious activity. Two factor authentication goes some way towards preventing this but can still be bypassed by the use of advanced phishing, malware and browser imitation technologies.
Regulators are now pushing for stronger, multi-factor authentication approaches, requiring a user to prove their identity through knowledge, possession and inherence. Inherence, a characteristic unique to who the user is, is particularly difficult to fake and biometrics are increasingly considered a valuable authentication factor. Consumer appetite for the use of biometrics seems to have taken off, with a Visa survey in January 2020 highlighting 52% of consumers would actually change financial provider should their bank not offer biometric authentication in future.
Where secure authentication is compromised, real-time monitoring of transactions becomes crucial to preventing fraudsters from achieving their aim. Many banks are now leveraging the power of machine learning, to immediately recognise suspicious activity, catching on to a criminal’s methods far faster than traditional fraud prevention methods could. Advanced analytics also allow for adaptive authentication – adding additional levels of security to transactions depending on their perceived risk level, making it harder for fraudsters to plan attacks.
Data-driven insights, consumer education, secure KYC… Or all of the above in the fight against fraud?
Data is a powerful tool at a bank’s disposal. Intelligent insights drawn from a customer’s behavioural patterns will reveal the context behind an authentication request, establishing, not only that the credentials used are correct, but that the nature of the request is genuine. Real-time behavioural biometrics even have the potential to identify instances of automated push payment (APP) fraud, by flagging behaviour that may suggest a user is following instructions when carrying out a transaction.
Unfortunately, far too many customers are being duped into actually giving away their credentials, or transferring funds directly to fraudsters. While technology has a key role to play, it’s important to also note that importance of improving consumer awareness. Educating consumers to recognize when they are dealing with fraudsters impersonating individuals and businesses, is a key preventative measure.
While scammers continue to succeed with phishing attacks, many are also turning to sophisticated synthetic identity frauds. A combination of legitimate, modified and false identity information (usually obtained from a data hack, phishing attack or on the dark web) is used to create a new identity. If successful, this kind of fraud can go undetected for months, or even years. Unlike in cases of account takeover, consumers’ PII is being used without their knowledge, meaning they won’t alert financial institutions.
Effective digital identity proofing in the KYC process is crucial in preventing synthetic fraud, enabling banks and fintechs to verify a user at the point of account opening. One increasingly influential verification solution is the use of document verification alongside facial comparison. This approach will assess the validity of an identity document, identifying any falsified or altered credentials, while also deterring fraudsters who cannot use an image of their own face, when using a falsely obtained genuine document to commit fraud.
Keeping pace in a rapidly evolving threat landscape
Of course, as fast as technology is developed to deter fraud, criminals adapt and use the power of technology to their own advantage. For example, particularly advanced scammers are able to spoof recognition systems using realistic deep fakes, meaning effective liveness detection also has to be incorporated into fraud prevention.
Keeping pace with fraudsters is an ever-evolving challenge for financial institutions fighting financial crime. As techniques for attack become more tactical, banks will need the right technology in place to match the threat.
A multi-layered approach involving advanced identity verification, intelligent data use and continuous behavioural monitoring, could give the financial sector the power to fight back, against fraud.
The discussion continues at FTT Identity on 17th March, as we look at which technologies, innovations and approaches promise improved detection and prevention of financial crime. Join international Rockstar Speakers from banks, governments, technology providers and policy institutions.