Experian has been named a leader in Liminal’s Link Index for Account Takeover Prevention in Banking.
Advances in technology have increased the scale and sophistication of fraud attacks for businesses around the globe with a significant increase in recent years in account takeover fraud (ATO). During the pandemic there was a rise in account opening attacks as the world moved in lockstep to digital channels, creating huge growth in online digital accounts. Now fraudsters are attempting to takeover those digital accounts and are leveraging AI tools to convince consumers to give away their login credentials, creating an enormous financial risk and loss for banks and other service providers.
In a March 2024 survey of bank buyers across North America, Europe, Latin America, Asia Pacific, and the Middle East, Liminal found that ATO attacks now average $6,232 per incident, while fraud teams have reported a 66.8% increase in social engineering attacks in the past two years. However, Liminal also found that despite the growing exposure, only 44% of banks are leveraging mobile device signals. The opportunity for banks to implement more effective tools is the result of a combination of factors:
- 96% are worried about balancing ATO prevention with privacy laws.
- 82% say customization was necessary to comply with regional regulations.
- 96% have concerns about limitations on device signals stemming from data restrictions with consumer technologies.
As a result, banks are faced with a three-pronged problem: simultaneously solving for authentication, identity and fraud prevention.
Identity across the customer lifecycle
Truly understanding a customer, especially in a digital-first environment where hundreds of billions of events occur each year, requires much more than ensuring a name matches a social security number and a physical address. The customer, their account information, the device they use, the network they are coming from, the geolocation of their device, and the behavior they exhibit are intertwined. Banks must now assess more information than ever before to try to distinguish between a legitimate customer and fraudsters. This challenge only gets harder when businesses require more complex passwords, which users promptly forget. Fraudsters, ever creative, exploit the password reset processes to impersonate the customer and convince businesses to give them the new reset password.
In ATO attacks, often the only data presented to a business by the user at the time of login is a username and password. However, there are hundreds of other variables that may be passed back and forth between the device and the business in that digital moment, which can be useful for identifying potential threats or legitimate users. This exercise can be a monumental task that involves capturing vast data sets, knowing the difference between critical data and data that increases workload, analyzing that data and then marrying that back to what you know about the customer, all in a few milliseconds. And this is where one of the biggest hurdles exists.
These vast data sets sit across a complex set of systems and technologies that have been implemented (but not fully integrated) over time. And consider within this context, the authentication team managing ATO that would otherwise benefit from a cohesive set of data isn’t usually aligned with the general fraud teams and is even further separated from the credit risk or compliance teams. These gaps in technologies and teams hinder ATO prevention and provide zero support for any interdependencies with other critical functions – and fraudsters are more than happy to exploit this weakness. On the other hand, managing a more complete view of the customer (which allows the business to streamline operational costs, data costs, and infrastructure costs) to prevent more ATO attacks and provide a more seamless experiences for the consumer has never been more possible.
A fundamental shift in mindset is required to prevent fraudsters from exploiting gaps between business functions. Legitimate customers do not care about these internal divisions; they only see the inconsistency when one part of the business has no knowledge of them compared to another. This disconnect not only frustrates customers but also undermines trust and security.
To effectively combat ATO attacks, financial institutions must leverage comprehensive data insights that cover various touchpoints. Integrating identity verification, device intelligence, and behavioral analytics is essential for distinguishing legitimate users from fraudsters. Breaking down traditional silos and enabling seamless data sharing ensures a holistic approach to fraud prevention, delivering a secure and frictionless customer experience.
Liminal, a leading market intelligence firm specialising in digital identity, cybersecurity, and fintech markets, recently named Experian as a leader in its Link Index for ATO Prevention in Banking.
Leading in ATO prevention
The report highlights vendors that lead in authentication, fraud and identity and based on two primary criteria: product execution and strategic positioning. As a top-ranked vendor overall and in product execution, Experian’s performance underscores the effective integration of identity management in our solutions, positioning us as a leader in shaping strategies for account takeover prevention over the next five years.
Download Liminal’s Link Index for ATO Prevention in Banking
The report details the trends that are fundamentally reshaping the ATO threat landscape and today’s specific challenges, as well as those on the horizon, that banks must overcome, while also meeting an increasing expectation of customer satisfaction. Key statistics detail a prescriptive assessment of the market landscape and total addressable market, as well as findings from a March 2024 survey of banks conducted by Liminal, which includes:
- Specific key purchasing criteria (KPC).
- The scale and average cost (by volume and per incident) of ATO attacks.
- A descriptive methodology for calculating fraud loss opportunity costs.
- A priority-tiered description of ATO solution capabilities.
As banks continue to operate in a competitive digital environment that favours excellent customer experience in parallel with fraud prevention, it is crucial to recognize that the front-end experience mirrors back-end operations; therefore, creating seamless integration on both sides is critical.
CrossCoreR provides a fully-featured toolkit that leverages a wide range of capabilities for highly accurate and scalable ATO prevention.