Fraud is always evolving. Beyond the hack in its rawest form — breaking into systems or hardware to steal individuals’ personal data — criminals are using their wily ways to manipulate consumer behavior.
And the weapons by which bad actors manipulate their unwitting victims into giving up personal information or handing over money outright are proving to be varied as well, stretching across email and text messages and even the old-fashioned phone call.
In an omnichannel world, merchants and financial institutions must be vigilant and watchful across commerce conduits. Of course, omnichannel means omniscience is out of the question, but firms can use behavioral analytic technology, such as machine learning and artificial intelligence, to gain real-time insight into whether consumer behavior merits suspicion.
In an interview with Luke Reynolds, chief product officer at Featurespace, the executive noted that fraudsters have historically been silo-based in their approaches – focused, for example, on cards or credit and debit accounts.
“What we are seeing more now is that fraudsters are pivoting across channels, to mobile telephony, online or still through point of sale,” he told PYMNTS.
Opportunities for fraud multiply as companies seek to reduce friction and add more channels and payment options.
But with the growing avenues by which consumers can be attacked, they might not be aware that their identities are being compromised until the damage is done, said Reynolds.
In addition, fraudsters are banding together to share details across the dark web, ranging from static data like Social Security numbers and login details to “best practices” with which they can get around companies’ defenses.
Against that backdrop, he said, companies and consumers need to change the way they approach fraud and efforts to stop it in its tracks.
Reynolds noted to PYMNTS that financial institutions have been more active in communicating with their customers about what to expect in terms of alerts — covering transactions or fraud activity in general — but the bad guys are intercepting those email and phone channels too. In the end, that communication may be coming from the bad apple looking to pilfer credentials or account details.
For the companies themselves, said Reynolds, anti-fraud efforts have historically been focused on a “black box” approach in terms of technology, which tends to be inefficient when coping with changing consumer behavior – especially when it comes to online and mobile consumption.
“What [financial institutions] need to do,” he said, “is understand more about the device that they are working from, how they use that device and how that behavior on an ongoing basis is maturing; this richness of behavioral data, coupled with core transactional, gives you more insight and context about your customer and enables better decisions.”
In addition, static security questions (the tried-and-true mother’s maiden name, for example), do not offer a robust line of defense. So, multi-factor questions are a better option.
He noted that when fraud does occur, it sets a lot of friction in motion. The bank or financial institution must repair the account, issue a new card and set new authentication protocols in place.
Companies can form a better idea of what “normal” consumer behavior looks like, spanning the times of day they like to shop or their preferred payment methods. Such insight can dramatically reduce false positives.
“What we are finding at the moment is that fraudsters are going back to basics,” he told PYMNTS. “They’ve actually gone back [to] speaking to humans … moving back to the telephony channels and passing ID&V, this then manifests itself into wider account and/or identity compromise.”
In other words, fraudsters are trying to dupe call center agents or other staffers to change details of accounts or move money away from consumer accounts.
“We all know how competitive the landscape is,” Reynolds said of financial institutions. “Many consumers have … many cards in their wallets. They have two or three banking relationships. Having a good relationship with the bank in terms of minimizing friction and declines and having good transactions accepted 99 percent of the time is critical … and when fraud occurs on the account, it is a moment of truth.”