With so much highbrow industry chatter about topics like payments fraud detection, it’s good to remember that this is actual crime-fighting. On the FBI’s Cyber Most-Wanted list are nationals of at least a half-dozen countries, some with state-level backing. Check it out.
These cybercriminals are determined professionals who continue successfully evading arguably the most effective law enforcement agency anywhere. The enemy is real. And real smart.
Because hackers have really good gear too, the PYMNTS FI Fraud Decisioning Playbook sponsored by Simility, a PayPal service, gets a bit technical in parts, describing the mechanics of detecting elaborate “synthetic” fraud, and spins through the horrible hit parade of account takeovers (ATOs) and other fraud attack types that are popular in the season of COVID.
“Traditional fraud-fighting approaches often fail against scammers who use synthetic IDs to trick financial institutions (FIs) into letting them open new accounts. These malicious actors steal and combine genuine customer information to create realistic IDs that they then use to gain access to banking services and open credit card accounts,” the new Playbook states.
Because driven criminals patiently wait, sometimes years, to harvest fake credit lines and bank accounts, financial institutions have to take decisive steps using advanced platform-based systems that can analyze millions of signals to detect the nuances of e-fakery and stop it.
The Fatigue-Fraud Connection
Sick of hearing about COVID? Of course. That’s the “psychological transmission” factor at work, and it all adds to injudiciousness like replying to weird emails, clicking the wrong link, or just getting screen-scraped from halfway around the world without your knowledge.
For FIs, that COVID carelessness and fatigue takes the form of not adequately safeguarding the process end to end as new account volumes spikes, by starting with onboarding. This crucial step is too easily gamed by fraudsters with a combination of synthetic IDs and other “tools.”
“The U.S. Federal Reserve recently weighed in on synthetic ID fraud … advising FIs to confirm whether the personal details on new customers’ applications share any common elements with those belonging to other account holders at any of the FIs’ divisions or at other banks,” according to the July Playbook.
“Data silos can prevent FIs from detecting when two different customers share the same Social Security number (SSN), for example, which could be a red flag indicative of synthetic ID fraud.”
John Kelly, chief administrative officer at Pentagon Federal Credit Union, addressed that data deficiency, telling PYMNTS, “[The] unstructured or nontraditional data that is available allows us to not be reliant on what traditionally might be bureau-based data or only-on-us transactional-based data. There are other types of ... behavioral data out there that allow us to really understand and authenticate the real you.”
Pay Me Now Or Pay Me Later
Device data is growing in importance as a primary way for FIs to detect and prevent cybercrime, if they’re capable of collecting and interpreting smartphone “signals.”
“That ability to do predictive analytics and leverage AI and machine learning and those capabilities really allows us to string together what would have been distinct, separate events that, in and of themselves, may not have appeared to be risky,” Kelly told PYMNTS.
“We can now very rapidly connect those dots [and] stitch those together to very quickly tell a risk story that allows us to begin to identify synthetic IDs.”
FIs that fail to prepare now are facing a potential perfect storm of 2020 credit defaults, new account fraud and ATOs. These attacks cost FIs $10.2 billion in 2019, but they’re “expected to spend $781 million by 2022 on just fighting credit application fraud,” per the Playbook, and those investments will help stem and stop the current tide of rampant online theft.