Finding a Credit Union’s Fraud Feng Shui

Card fraud and account takeovers remain widespread, while phishing schemes and mobile scams have climbed. But the real organizational challenge appears to be finding a balance between fraud prevention and consumer friction.

The 6th Annual Fraud Report from the Atlanta, Ga.-based fraud prevention firm IDology revealed the effects of fraud across multiple industries including financial services, health care, insurance and e-commerce.

“This year’s report reflects growing threat vectors in digital channels. The frequency and depth of data breaches, and thus the availability of more personal information than ever on the dark web, have made customer-not-present fraud more attractive to bad actors,” John Dancu, CEO of IDology, said. He added whether they’re usernames and passwords, Social Security numbers, addresses, phone numbers or account information, criminals can access the information.

Among the industries surveyed, banking experienced the largest increase, with 71% experiencing more fraud than the previous year, followed by the fintech (60%), health care (57%) and insurance (56%) industries.

Banking also led for the largest year-over-year growth in every channel. IDology reported above-average increases in online (81%), mobile (72%) and contact center fraud (52%). Other industries also saw increases in digital channels, including insurance (65% online, 64% mobile) fintech (56% online, 69% mobile) and lending (64% online, 56% mobile).

Dancu said, “In our modern connected world, it’s no surprise that fraud is on the rise and becoming more sophisticated. Winning businesses will be the ones that take a strategic approach to identity verification with the realization that they can offer frictionless customer convenience and effective fraud deterrence to ultimately cultivate customer trust.”

The report discovered the biggest challenge was balancing fraud prevention and consumer friction, a jump of 65% to 66% among respondents. Businesses are struggling to consolidate two prevailing but conflicting mindsets: Keeping fraud out by making verification harder and bringing in more consumers by making it easier.

“Friction and prevention don’t have to be mutually exclusive; businesses can have their cake and eat it too,” the report stated. “Instead of a balancing act, businesses should think about verification on a per-customer basis: What is the right amount of friction for this specific person, and when is the right time to introduce it?”

IDology proposed implementing a multi-layered identity verification solution, which examines an assortment of attributes and can dynamically make decisions based on a variety of parameters, as the most effective way to ensure consumers only experience resistance when necessary while still maintaining strong protection. “It also positions organizations to be ready for tomorrow’s customers, economy and fraud trends.”

It also disclosed fraudsters are doubling down on and optimizing proven techniques that are still effective and hard to detect – such as account takeovers, synthetic identities and mobile-based schemes.

Although fraud schemes didn’t shift as much this year as they have in the past, there’s still cause for concern. There was growth across the board for fraud businesses felt their industries were ill-prepared to handle. They felt particularly unequipped to deal with mobile attacks (32%), synthetic identity fraud (32%) and account takeovers (25%).

Credit, debit and prepaid card fraud continued as the most prevalent fraud across industries (67%), affecting everybody from financial institutions and lenders to health care organizations. Although 2017 saw a dip in card fraud (down 8% from 2016), it has gone back up by 3% this year. Account takeovers also continued as a widespread problem, and although they did not increase this year, they’ve been steadily rising since 2014.

Digital channels remain the hardest hit by fraud. With plenty of breached data to use, faceless online interactions are the easiest and most profitable for criminals, crime rings and nation states. Sixty-seven percent of companies saw fraud increase in online channels, and 63% saw an increase in mobile channels. Only 38% saw an increase in contact center fraud, although 53% reported fraud in that channel stayed the same.

Mobile fraud increased 117% over the previous year. The number of businesses that feel their industry is least prepared to detect and prevent mobile device attacks increased 167% compared to a year ago. Businesses reported a 63% increase in mobile fraud. All types, including porting, spoofing, hacking and fraudulent change events, are on the rise. Caller ID spoofing increased by 74%, porting by 69% and SMS interception by 50% compared to 2017.

Phishing, linked to 93% of last year’s security breaches, has steadily risen each year, increasing in prevalence by 66%. While this is not a new fraud technique, it continues to be an effective one: 93% of security breaches last year connect back to phishing.

Once thought of as a compliance checkbox measure, 85% of businesses now consider identity verification a strategic differentiator due to rising, more sophisticated forms of fraud, competitive pressures and consumer expectations for fast, easy digital onboarding.

Although verification of identity remained steady at 51%, the prepaid (86%), insurance (82%) and banking (80%) industries felt most strongly that identity verification has become more complex.

IDology noted companies are realizing they need to move toward more robust, comprehensive, multi-layered identity verification solutions that examine a full spectrum of identity attributes. They see the utilization of mobile device attributes for verification, artificial intelligence, machine learning and mobile document capture as the most relevant new trends in identity verification.

Survey respondents were asked a new question this year: What did they think would be trending in identity verification in the next few years? The utilization of mobile device attributes for verification took the lead (44%), followed by artificial intelligence (42%), machine learning (41%) and submitting identity documents via mobile (40%).

“Importantly, these tools will not just make legitimate customers and businesses safer, they will also improve the overall customer experience,” the report maintained. For example, utilizing mobile network carrier data (in real time) to verify the device belongs to the right person allows for seamless entry and ongoing authentication, and can even be used to flag risk factors and fraud indicators.

The report also pointed out employing a smartphone’s camera function to capture identity documents is an easy and accessible way to automate the onboarding process. In addition, artificial intelligence and machine learning have proven to be effective systems when coupled with human intelligence and data transparency, and within the realm of identity can be used to predict and track fraud trends and reduce false positives.”

Last year’s report focused on what it described as the new era of fraud: The emerging fraud landscape driven by the adoption of EMV chips and data breaches. This year saw the full effect of that (now well-established) landscape. Data breaches continue and are getting larger in scale. Online and mobile fraud grows, and tactics that have been simmering (such as synthetic identity fraud and SIM swapping) are gaining greater awareness among both businesses and consumers.

Consumers want to be protected, but they also want convenience. “While fighting fraud, it’s important to remember that the vast majority of transactions that occur each day aren’t attempted fraud; they’re legitimate customers,” the report suggested. It recognized fraud deterrence as an increasingly important business function, but customer experience is paramount. “That’s why the key to preventing fraud and friction is for businesses to deploy a layered approach in addition to an array of dynamic step-up escalation methods.”

IDology recommended validating identities with behind-the-scenes methods and applying friction only when needed in order to facilitate faster onboarding while still deterring fraud. Finally, it said joining a consortium network adds additional protections by providing insights into the fraud that other organizations experience and making trends across industries easier to spot.