Tech Today

The year 2020 will go down in history. That much is certain. Businesses are acting quickly to revise strategic and operational plans that seemed perfectly valid in January – now almost impossible to imagine, just a few months later.   However, predictions around fraud trends still stand. The opportunistic nature of hackers means that a global crisis can create the perfect breeding ground for fraudulent activity, and with users increasingly seeking solace and communication via digital means, businesses and consumers need to be even more vigilant.       Here’s what we found earlier in the year. Investment in fraud prevention is on the rise. According to our 2020 Global Identity & Fraud report, 84% of businesses say they are either investing more or maintaining the same budgets when it comes to identity-related fraud prevention. But with a complex digital landscape, rapid changes in consumer behavior, and customer experience playing a central role, how can businesses be sure that they are investing in the right place? We identified the top 5 global fraud trends to watch out for in 2020: 1. Authorized push (or wire transfer) payment fraud In the past 12 months, the most common fraud attack encountered by businesses were authorized push or wire transfer payment fraud (41%). Set to continue into 2020, authorized push payment fraud (or APP) is where victims are tricked into authorizing a payment from their own account to another account which is being controlled by a criminal. Fraudsters can socially engineer consumers or intercept communications, changing key information such as account details, leaving victims believing that they are authorizing a legitimate transaction when in fact they are making a payment into a criminal's account. Validation is crucial in tackling APP fraud Push payment fraud can be prevented with a validation exercise which carries out real-time checks, dramatically reducing the chances of payment fraud and error. It can be used to confirm that the beneficiary of a payment owns the bank account to which a payment needs to be sent to. As with many fraud prevention methods, one layer of verification is rarely enough so it's important that techniques like real-time validation sit within a wider fraud prevention and authentication strategy. 2. Account takeover fraud Next in line is account takeover fraud (37%), which is expected to significantly increase in light of the recent global pandemic. This is when a fraudster gains access to an account that doesn't belong to them and makes unauthorized transactions, sometimes changing key credentials of the account such as the rightful account owner's personal information or log-in details. This type of attack often involves phishing attempts to compromise customer data is much more likely in light of various government assistance programs due to the crisis. In recent years, fraudsters have done a great job of taking over bank login credentials, getting access to a user's account, then calling that account holder to inform them a fraudulent transfer is being attempted from their account. Since customers know that banks typically send SMS one-time-passwords for customers to verify transactions, the attackers use that layer against the account holder. Know Your Customer (KYC), Customer Identification Program (CIP), use of passwords and physical biometrics make up the top solutions currently used by businesses to detect and protect against fraud based on regulatory requirements. Although businesses seem confident in the ability of their existing solutions used to detect and protect against fraud, they are reporting 57% higher losses associated with account takeover fraud, so what's going wrong? Businesses must confidently engage customers using holistic and advanced, risk-based identity and device authentication, as well as targeted, knowledge-based authentication that allows good customers to move throughout the process and frustrate fraudsters. 3. Account opening fraud The third key fraud trend to watch out for in 2020 is account opening fraud. This takes place when criminals use stolen personal information to open new accounts for fraudulent activity such as borrowing money in another person's name. Identity verification is often the easiest control to bypass because so much identity data is compromised. Averting account opening risk requires strong identity authentication, proving that the person applying for the account (often digitally) is indeed the legitimate consumer. Acquiring legitimate customers from the beginning, whilst balancing a seamless customer experience is the challenge businesses face when it comes to account opening fraud. By improving the application process and identity-based authentication measures, businesses can decrease customer acquisition costs, reduce false positive rates, and save manual reviews for when they're really needed. 4. Transaction payment fraud Transactional payment fraud is any unauthorized transaction using stolen payment details or data. Fraudsters involved in this kind of criminal activity can range from small-scale amateurs to large-scale cyber-criminal rings. Criminals access stolen details in many ways, including phishing emails, and even direct contact with the victim. The key to combatting transactional payment fraud is the ability for businesses to quickly detect irregular activity, and then distinguish between legitimate and fraudulent transactions in real-time. In transactional fraud, strong fraud machine learning models and pattern and anomaly detection logic are key passive controls, with step-up challenge layers requiring customers to provide additional identity authentication when trying to complete high-risk activities or anomalous transfers. 5. Synthetic identity fraud (also known as fictitious identity fraud) One of the newest types of fraud, synthetic identity fraud uses a blend of fake information and real data to create brand new fake identities that expert-level criminals use to establish and build up an online credit history. Businesses can invest time and money in chasing people that turn out to not even exist. Synthetic identity fraud is an insight into the evolving world of fraud, and a reflection of how the criminal world reacts to sophisticated fraud prevention by becoming ever more sophisticated themselves. The role of advanced analytics The deployment of robust link analysis that monitors over time the use of identity elements such as name and Social Security/National Insurance, plus many other forms of personal information is paramount in tackling fraud. The ability to detect when identity elements look to be used inconsistently or at high velocities can be an indication of larger identity compromises or synthetics. Businesses should also utilize device intelligence to monitor common access points through which more organized fraud schemes may be occurring. In some instances, synthetic identity detection scores can also make up identity verification and fraud prevention layers, providing businesses with a separate synthetic identity score with each account opening event. This is because synthetic identity is difficult to detect with traditional verification controls or risk models. The good news is that the strategy to protect your customers and your business from these different trending types of fraud is similar - organizations need a strong layered series of defenses to both to recognise legitimate customers and to quickly pinpoint attackers if they want to combat fraudsters. New research available: The global impact of Covid-19 on businesses and consumers - September/October 2020  

It’s possible the global Covid-19 pandemic will forever change the way we connect with others both personally and professionally. It seems the whole world went digital in a few weeks and it rapidly changed the way consumers and businesses engage with each other. Whether going digital was a part of your strategic plans or not, business leaders of all company sizes must rapidly adapt to this new normal and be prepared for the future post-pandemic. But where do you start? Lead with empathy and over-communicate Every life has been touched by the pandemic in some way or another which makes this rare event one of those truly shared experiences that happens globally. The way we conduct ourselves as leaders, employees, partners and customers requires empathy. Empathy for people that have been pushed to their limit juggling work and family. Empathy for programs and processes that are struggling to create or fulfill customer demand. And, empathy for business plans that were once designed for growth and now being redefined for resiliency. This duty of care for your employees and customers has the potential to create trusted, lifetime relationships with your brand. In fact, there is a tremendous opportunity for businesses to segment and use their data to tailor programs or communications strategies that will help customers access and manage their accounts easier at this difficult time. It might mean acknowledging customer service wait times are longer than usual and encouraging customer to go digital. Or, reminding customers to be diligent about their protecting their information and what to do if they are a victim of fraud.  Re-think your plans and pivot quickly We’re in the middle of this change now – alternative operating conditions (e.g. remote working, call centers closed), shifting consumer behaviors (e.g. going digital, unemployment), potential new regulations and temporary changes to credit reporting – and it means that speed of adaptation to the new normal is critical. Here are four major pivot points all business leaders should be considering: 1. Customer engagement: With many operational centers closed, customer servicing necessitates a holistic omni-channel approach to customer management. Building trust with customers facing a crisis also requires businesses to deliver financial solutions that are bespoke to their needs. 2. Risk management challenges: A big question on every risk officer’s mind is: How can I accurately project the impact on my customer’s behaviors and my portfolio results? Model performance review and re-calibration will be necessary and implementing advanced analytics (e.g. machine learning) may speed up its impact.   3. Operational re-alignment: The ability to intelligently reallocate resources between an ever-increasing list of priorities is keeping up most technology officers. Everything from managing a dispersed workforce to onboarding new customers or small businesses. Embracing a cloud-first strategy could mean the difference between business continuity and resilience. 4. Protecting against fraud: Fraudsters will seize on the opportunity to exploit any signs of weakness for financial gain. Knowing where the blind spots area and putting in place the right size solution for the problem are necessary to protect your customer’s from fraud. Want to learn more about what Experian is doing to help consumers and businesses during covid19?  Visit Experian’s Covid-19 Support page.

Birger Thorburn reviews the effectiveness, efficiency and evolution of the password. He examines current challenges facing business' current online authentication security measures.