To Catch A Thief: Identifying Fraudster Behaviors Before The Act

There’s data — and then there’s the information that comes as data is being transmitted. It’s the digital version of body language and it’s all over the Dark Web. It’s awash in bits and pieces of consumer identity like Social Security numbers, names, addresses, schools and passwords. Name it, and it’s likely out there.

For financial institutions (FIs) seeking to combat ever-more-sophisticated fraudsters, the battle must boil down to more than just seeing if the “correct” data is being entered, because, after all, the criminals already have that data. It’s how they enter the data that might be the “tell.” For example, the fraudster who lingers over typing a name or Social Security number, or backtracks over an address, or hesitates as he or she cuts and pastes info into a field — well, that can be valuable info to a bank that already knows what the “good” customer would do (namely, enter all that info with nary a pause, because it’s so deeply ingrained).

That intent behind the data has drawn the attention of Jack Alton, CEO of Neuro-ID, and Tommy Nicholas, CEO of Alloy, who told PYMNTS’ Karen Webster that it can become the clues that signal good customer behavior and the fraudster who is trying to impersonate them.

The companies said April 2 they had struck a strategic integration partnership where Neuro-ID’s “behavior as a service” offering is integrated into identity decisioning platform Alloy’s API. The integration, the two CEOs told Webster, will let FIs gain access to real-time insight that leads to optimal decision making as eCommerce continues to explode.

The goal, in unlocking access to behavioral data for banks, is to let FIs optimize their ID efforts and understand if they are letting good customers (and their transactions) through with a minimal amount of friction, while stopping bad actors in their tracks.

The Way It’s Done Now 

At present, explained Alloy’s Nicholas, the typical “identity stack” process as employed by banks as they examine digital transactions is still a manual construct and is still research-based. The end consumer who is on their phone or device tapping in information and hitting “submit” is still entering data like SSNs, which the bank can check against credit  bureaus, for example. And he noted that banks have been layering on alternative approaches to stop fraud (especially third-party fraud, where criminals steal identities to gain access to bank accounts and steal money or make illicit transactions).

“They’re usually layering on some combination of phone carrier data, email address, device data, and they may go as far as to add in some third-party scores or models from other partners out there,” said Nicholas. “And the FI will  try to come up with some kind of combination of those things and get them into an optimal decisioning flow.”

Maybe the FI may even ask the consumer to take a picture of their driver’s license or passport and look to “auto verify” that ID with yet another provider.

But that combination of static data and additive information still does not fill in some critical gaps for the financial institution, namely informing them whether they are using the right tools, or if they are in fact turning away “good” customers.

“How do you make sure you’re saying yes to the right people and no to the wrong people?” he asked. “If you turn somebody away using one of those new tools, you’ll never know if they were actually fraudulent or not.”

The Human Touch

As Neuro-ID’s Alton explained, as digital customers go through the actual motions of inputting data — tapping, typing and swiping through fields and cells, looking at how they submit information can be used to show FIs a customer’s intent. That insight comes through the Neuro-ID’s Human Analytics, he said.

“The easiest way to think about it is if we’re onboarding a new customer for a bank, they’ve had the last answer that the applicant has put in there for the last 10 years … what we’re doing is, is we’re unlocking those in-session behaviors to not just look at what they input, but rather how they input it.”

Along the way, by monitoring timing and other factors, Human Analytics can help FIs determine if the information is being input with confidence, with muscle memory (you likely could type your email, or your first name or last name in your sleep). The information flow, then, will be quick and will have few mistakes. Any lags or hiccups in that process — or “cut and paste” activities — are akin to red flags and can alert the bank that additional layers of friction or authentication are warranted. Behavioral data becomes a sort of “tie breaker” in separating good customers from bad.

“What we bring to the table is a new layer of behavior that allows you to see your first- and third-party fraud and your genuine customers,” said Alton. That insight also has led to the creation of a “friction index dashboard” that can help FIs think about broadening the suite of services they provide as they let more consumers through the “funnel” of digital interactions.

FIs can use the dashboard, explained Alton, to understand aggregate and subpopulations of people that were genuine that might have encountered on unnecessary friction.

“It really starts facilitating cross-departmental collaboration,” Alton said of the dashboard. “You now have a source of data that supersedes the visibility from the moment they arrive to the site, to the moment they completed journey. And now product can now have meaningful conversations and interactions with risk and production departments” as banks (especially smaller ones) take on more customers.

The combination of Neuro-ID and Alloy, he said, illustrates how far tech has come in the service of helping banks determine who on the other side of an online interaction is legit and who is not:

“We used to be able to look at your email address and see if it was fraudulent. Now we can look at your behavior,” Nicholas told Webster, adding, “It’s just so powerful for leveling up the confidence you can get to on the ‘yes’ or the ‘no.’”