Fraud and Friction: Fighting Two Significant Challenges
By viewing fraud and friction in new ways, credit unions can improve member value while reducing risk.
Credit unions have recently experienced a period of significant growth. But this also means increased risk. As some larger banks continue to receive negative press, credit unions have an opportunity to capture more members who are looking for alternatives to the big bank experience – but along with new members come fraudsters.
Two of the most significant fraud challenges facing credit unions today are the rise of synthetic identity fraud at account opening and the resurgence of account takeover fraud. Both of these scenarios pose technology, resourcing and friction challenges.
The Rise of Synthetic Fraud
Credit unions are experiencing a greater volume of fraud attacks at account opening than ever before. With valid personally identifiable information readily available from data breaches and digital attacks, application fraud techniques are becoming more sophisticated and widespread. This puts credit unions in a precarious position. They must do all they can to identify fraud during new account opening, while being mindful that overly aggressive or inefficient fraud detection strategies may also present a risk to their organization.
The new breed of synthetic identity is one of the most difficult fraud threats faced by institutions, and it is becoming harder to stop. Once an identity is established, a fraudster can develop a positive credit history over time – often eventually appearing as an established near-prime or prime consumer. The longer the identity is cultivated, the harder it becomes to categorize the identity as fraudulent. These fraudsters can operate for years undetected, building higher credit limits at numerous institutions before maxing out their credit lines and disappearing without a trace.
With no identifiable perpetrator or self-reporting victim, the brunt of the damage caused by synthetic fraud often hides in credit losses. But the scope of synthetic fraud losses is staggering – by one estimate, financial institutions lost $6 billion to synthetic identity fraud in 2016 alone.
Effective Identity Verification
In recent years, identity fraudsters have begun to target lenders’ reliance on driver’s licenses. Unfortunately, today fake IDs with legitimate information are easy to obtain due to forgery technology and the availability of PII from data breaches. Now more than ever, credit unions that rely on driver’s licenses to validate identities need a layered defense.
As fraudsters become more sophisticated and their techniques change, a more comprehensive identity verification is necessary. In a world competing on customer experience – one-click ordering, instant payments, same-day delivery – speed and convenience are expected. How can credit unions deliver fraud protection while meeting consumer expectations for convenience?
Identity verification using photo capture technology is one method that can be used to help authenticate individuals and fight synthetic fraud while preserving the consumer experience, both online and in the branch. This approach to identity verification allows consumers to capture an image of their driver’s license (or other government-issued ID). While this approach can be effective, many photo-capture (or “OCR”) solutions are constrained by their inability to evaluate the identity data on the license. As fraudsters become more sophisticated, fraud rings have been seen using fake IDs capable of fooling OCR technology. To be truly effective for identity verification, photo-capture solutions need to both validate the document and the identity asserted on the document. By verifying an applicant through a quick photo of the driver’s license, credit unions can create strong identity proofing and a great member experience.
Fighting Account Takeover Fraud
Account takeover (ATO) fraud tripled over the past year, reaching a four-year high, according to Javelin Strategy & Research. Total ATO losses reached $5.1 billion, a 120% increase from 2016. Account takeover fraud knows no boundaries, and combating it requires a comprehensive, real-time understanding of normal and abnormal account maintenance activity across a credit union’s channels and product areas.
Think of account takeover prevention as a quilt, not a blanket. In other words, credit unions need to assemble multiple protections and complementary solutions to help prevent attacks – there isn’t one blanket solution or silver bullet.
Overcoming the Top Challenge
Evolving threats like synthetic fraud and ATO often necessitate new fraud defenses – but adopting new technologies can be easier said than done for many lenders.
Based on our conversations with risk officers at credit unions of all sizes, reluctance to adopt new defenses often comes down to one thing – concerns about increasing friction. The member experience is paramount at credit unions even more than it is at banks. Many risk officers report that the level of authentication truly required to prevent fraud could significantly increase user friction, impacting both the quality of the member experience and opportunity for upsells. There are also concerns over incurring internal friction through the allocation of resources and time investments required for system upgrades.
These concerns are valid – but credit unions can overcome these hurdles. The right processes, driven by solutions from the right partners, should allow you to efficiently implement effective defenses capable of balancing fraud prevention and member friction.
Our experience with hundreds of financial institutions has found that the most efficient fraud management strategies:
- Isolate risk to a small population of applications or log-in attempts, allowing the vast majority of valid members to proceed automatically. This allows credit unions to balance fraud protection with the imperative to deliver a high quality, low-friction experience to members.
- Diagnose the threat posed by high-risk applications or logins, so authentication efforts can be tailored to maximize protection, reduce resource costs and minimize friction.
- Meet the organization’s compliance and regulatory review needs – not only by providing solutions that meet and exceed these standards, but by providing up-front documentation and on-demand support to limit the compliance burden on the lender.
Too many institutions are reluctant to take action due to concerns over friction or resource requirements, but the right strategies and solutions can reduce, if not remove, these tradeoffs. The industry is evolving and fraud management needs to evolve as well. Some vendors offer free industry benchmarks to provide real-world fraud defense comparisons as a way to determine what solution will work best for a credit union’s specific needs. By viewing fraud and friction in new ways, credit unions can better capitalize on their opportunities and improve member value while reducing risk.
Kevin King is Director, Product Marketing for ID Analytics. He can be reached at 858-312-6256 or kevin_king@symantec.com.