Financial fraud is growing faster and more sophisticated, making smart defense crucial for today’s organizations.
Still, as the world grows ever more digital, so too do consumers’ and corporations’ identities, as well as the authentication controls around them.
This transition period has provided bad actors with a wealth of opportunities to combine real, stolen credentials with fabricated personally identifiable information to create new identities for committing financial fraud.
“We continue to see a hockey stick increase in digital identity information being compromised and used for synthetic identity fraud, account takeover fraud and other types of digital identity abuse,” Erika Dietrich, head of risk services for payments systems company ACI Worldwide, told PYMNTS.
Organizations’ defenses of their exposure points need to constantly be evolving, leveraging sophisticated strategies that employ a potent mix of future-fit technology, data and analytics, and educational best practices.
As the payment landscape becomes faster and more digital, cybercriminals are staying in step with the pace of innovation by transforming their own historical fraud methodologies by increasingly integrating emergent tools like generative artificial intelligence (AI) for new attack strategies.
Dietrich said new AI tools like ChatGPT have been like a “steroid pill” for bad actors looking to commit digital identity fraud.
“For one, individuals can create synthetic email accounts, use various [AI-powered] techniques and tools to not only obtain data but create partial and synthetic identity attributes,” she explained. “Secondly, [AI tools] make it incredibly simplistic and increasingly scalable for criminals to create bots to use in their attacks.”
She emphasized the importance of “using proper digital hygiene” for consumers while underscoring the importance of businesses deploying “orchestrated, multilayered solutions” to authenticate and validate any information being inputted into their systems.
Given the frothiness in the fraud landscape, it is also more mission-critical than ever for merchants and billers to communicate with their customers that “this is how we will interact with you, and this is how we will not interact with you,” Dietrich added.
She noted that “only one in around every 700 digital identity crimes committed end up being prosecuted,” meaning that organizations or individuals subjected to fraud usually have to just write off the loss.
Managing risk to an organization while balancing a streamlined customer experience and operational expenses requires the effective orchestration of data elements, data sources, profiling and data association techniques, and modern tools like predictive AI and machine learning (ML) all used intelligently and at the right moment.
“It’s a balance between establishing trusted authentication while creating little to no friction and only causing friction along the consumer journey when there is, in fact, something about that profile’s identity,” Dietrich said. “It is paramount that the customer journey is an easy and frictionless one when there is trust.”
She explained that behind effectively establishing that trusted authentication lies the combination of a “scientific approach, an analytical approach, and there’s definitely an art to it as well.”
That’s because organizations using a multilayered solution need to take a multilayered approach to their anti-fraud and risk controls.
“You’re taking historical data that has been used to profile a customer and inputting that into a strategy based on where they are paying, how they are paying, and what device or account they are using,” Dietrich explained. “… It takes a lot of knowledge and experience and comes down to monitoring what is going on at an account level and then leveling up.”
Never take your eye off the ball and rely on sophisticated tools, solutions and systems, she added.
Asked whether digital tools will ever replace the need for humans when it comes to effectively fighting fraud, particularly today’s variety of hyper-fast and hyper-scalable attack strategies, Dietrich said, “there will always be a human in the loop.”
In her view, the human element will evolve to serve as “more of a guide and a coach” overseeing the entire data orchestration and response management systems.
“We saw COVID change the landscape of genuine consumer behavior, and we have to ensure that not only are our models trained to understand future fraudulent behavior, but also trained to understand future, other genuine consumer changes and not create false frictions around those genuine changes,” Dietrich explained.