Tag: Identity & Fraud

The first of a two-part series on our Insights in Action podcast, Nick Maynard, Juniper Research, and David Britton, our VP of Industry Solutions for Global Decision Analytics, discuss the latest developments around online payment fraud, and what the implications look like for consumers and businesses. Following the publication of the latest report on online payment fraud from Juniper Research, this episode takes a closer look at how the mobile revolution has created both opportunities and risks when it comes to online payment. "We're seeing a massive digitalization of existing payment methods and retail, which is being driven for a number of reasons. Convenience is a massive driver, and mobile wallets in particular offer a very convenient solution for payments, and they're being used very widely around the world. Other drivers include the ongoing Coronavirus pandemic, which is having a role in driving the increased usage of the online channel."Nick Maynard, Juniper Research Topics covered in part 1 include: The online payment revolution has been led by mobile, with half of the world’s population estimated to use mobile wallets in the next four years. How this transformation is shaping the new online payment experience. ​ Covid-19 has pushed organizations to prioritize their digital transformation. We look at what the implications will be as a result of the rush to digital. With higher convenience, normally comes a higher risk of fraud – what we can expect to see as a part of this shift to mobile. ​ What businesses can do in the short term to mitigate those rising types of fraud, and what their key operational and strategic considerations should be for the future. ​ Listen to the full podcast here, and look out for what’s new in online payment fraud Part 2: How AI and evolving regulation are driving change

In this episode of Insights in Action, David Britton, Vice President of Global Identity & Fraud Solutions, discusses how the Covid-19 pandemic has prompted a massive shift to online for both consumers and businesses, and examines what implications have emerged across the online fraud landscape because of this. "As with any moment like Covid-19, fraudsters are very quick to pick up on possible areas of vulnerability that they can exploit in the market and in the ecosystem. And fraudsters always like to go where the weakest point is in the ecosystem or the weakest link in the chain. So fraudsters are absolutely taking advantage of this."David Britton Phishing is on the rise - fraudsters are impersonating key institutions and their communication channels to manipulate consumers Account takeover fraud - fraudsters are hiding in the traffic peak, posing as consumers using their credentials How businesses can counter the trend: Keeping online fraud at baySecuring our digital identitiesEnsuring a secure, transparent and meaningful treatment of data "The first thing to do is to ensure businesses are pulling together soft signals to define a better risk strategy and authentication strategy because then you can immediately identify if there's an anomolous actor that's trying to impersonate that 'known' good customer."David Britton Listen to this episode of the Insights in Action podcast

The opportunistic nature of hackers means that a global crisis can create the perfect breeding ground for fraudulent activity, meaning businesses and consumers need to be even more vigilant. View Infographic

There’s a digital payments revolution, and mobile is leading the charge. But at what cost does convenience come? Juniper Research’s latest online payment fraud report explores key issues around increased cybercrime and what that means for businesses looking to invest in fraud prevention. View infographic

Digital interactions between businesses and consumers are on the rise. The ability to authenticate and recognize customers provides a convenient and secure experience. However, the latest Global ID & Fraud Report shows a significant disparity in perception between businesses and consumers when it comes to recognition. View Infographic

The interesting thing about fraud is that it’s always changing. Fraudsters are getting smarter, and fraud threats are constantly evolving. Businesses need to be agile and prepared to quickly shift their fraud strategies to stay a step ahead of emerging fraud threats. Traditionally, it's been very difficult for businesses to keep up – every time they see a shift, new fraud signals must be employed, which means looking at new intelligence signals in order to counter that fraud and then moving through a process of procurement and qualification, and then implementation and integration, of fraud services in order to manage the change. With time of the essence, businesses can no longer wait months to react. They need to be able to react in real-time. Biggest threats for 2020 Covid-19 has accelerated online payment transactions, making way for massive cyber security and data fraud concerns among banks and retailers. The idea of doing more digital business, picking up customers digitally, providing a great digital experience is going to be more and more important as we move through the pandemic. Even businesses which traditionally see most of their customer traffic through bricks and mortar might start to see that shift. All of this means that there is more opportunity for fraudsters to be part of the process and to take advantage of that digital interaction. The risk of fraud is going to increase as more people go digital – In part because of sheer numbers, and in part because more of the people who are going online now maybe doing so for the first time. So companies and consumers alike are less prepared for that kind of interaction. Account opening is likely to drop because of Covid-19, but we should expect to see a sharp increase in account take over fraud. There are a lot of people who are being forced to go online now to transact. They may need to turn to ecommerce. They may need to look at online banking to move their banking online. But the point is, they may never have gone online to perform these tasks before. Many vendors have been rapidly rolling out new technology solutions to help banks and retailers manage this new online demand, which has potentially exacerbated digital fragmentation, privacy concerns, and governance expectations. The importance of continuous risking and self-service The speed at which fraudsters adapt to new technology and behavior has always been a problem, but now that we are seeing sudden and unpredictable change, reacting at speed with new fraud strategies has never been more important for businesses. Typically, businesses need to move through validation, contract and then integration in order to do this – making for a long and tedious (not to mention expensive) process. The new release of CrossCore will pre-qualify fraud and intelligence services so that they are pre-integrated meaning that businesses can choose how they want their transactions to be processed, which fraud and identity services they want to use, and they can do so through simple self-service. There is also a feedback loop where reports are generated on how much fraud was detected. Businesses can access their feedback loop almost in real-time and see if their fraud strategies are working or not, and then adjust things as they go. Customer experience when all of your customers are online The ability to passively and strongly identify a customer is a difficult balance to strike when the goal is not to inconvenience the user. And now that most consumers are running their lives online, they demand not only a secure experience, but a convenient one too. To achieve this, a lot of signals about that person are collected. These range from device characteristics and who it is registered with, to behavior on the device and whether these signals match up to the same person. In order to process this data, the signal streams that come in must be considered and then almost in real-time, fraud analytics allow a decision to be made on whether the interaction is with a genuine person or a fraudster. To be able to reduce friction while passively and strongly identifying a person, advanced analytics becomes integral. More about how our latest upgrades can help your business

In a report made available this month, Juniper Research anticipates that in 2024, remote purchases for digital and physical goods will exceed 285 billion transactions per annum; an 80% increase on the figure for 2019.  And, that values will increase by nearly 60% to over $9 trillion. It’s impossible to look at these numbers without considering the impact of the massive migration to digital channels that businesses and their customers made to stay engaged during the early response to Covid-19. Finding ways to support customers and their needs remotely has been met with a lot of creative solutions and we see new trends taking hold. For example, “buy online and pick up in-store” and “buy now and pay later” provides customers the access they need for goods and services now with a lot of conveniences. Convenience is a significant part of the customer experience but unfortunately can expose a business to a lot of fraud. According to David Britton, “Fraudsters will always be at the forefront of technology exploitation.” There is evidence of this not only in technological innovation but in the manipulation of human behavior, otherwise known as social engineering. According to Juniper, new technologies such as artificial intelligence will take social engineering to unseen levels of success, like the rise we're seeing in fictitious or synthetic identities. But while it might seem like an impossible problem to manage, businesses have solutions available to them to prevent fraud, including using AI against cybercriminals. In fact, Experian believes that there the layered approach to fraud detection and prevention can significantly protect businesses, and their customers, throughout the credit lifecycle, and withstand the changing face of fraud. Check out the report on key trends and capabilities required for securing digital payments and find out more about Experian's solution on the Juniper Research Leaderboard. Related content: Protect your family from potential fraud when kids are playing video games Getting to grips with the shifting fraud landscape

Depending on location, social distancing has been in full effect for 8-9 weeks and it’s taken its toll on parents juggling work, school and keeping kids busy. Many parents have eased up on video gaming restrictions as way to let their kids and teens to connect with friends outside of remote learning classroom activities. According to Verizon, video game-related streaming was up 75% in the first week of quarantine and has experienced double-digit increases over typical day figures pre-Covid. Bloomberg reported that Italy’s largest telecommunications company, Telecom Italia, had a 70% increase in Internet traffic, due in large part to streaming video games. The uptick in video game usage means not only an increase in kids’ screen time but greater fraud risks as younger gamers are especially vulnerable to hackers. Anywhere there’s transferable value, there’s a high potential for fraud to occur. Many of the traditional fraud methods we’ve seen in other payment types also apply to video game accounts, such as stolen credentials to open new accounts or unauthorized purchases made using an existing account. Gaming fraud also has unique features like compromising another players’ account to use their resources, whether it’s virtual money, like v-bucks or star coins, or other rewards, like exclusive tools, skins, or power-ups. Unlike a bank or credit card lender, unraveling and finding the source of fraudulent behavior in video games is difficult.  That’s why it’s important to be aware of the security measures that video game companies offer, what indicators to look for if you think your account has been hacked, and what more you and your kids can do to protect payment information.  Many online video games use passwords, and in some cases two-factor authentication, to protect your kids’ gaming accounts. If you believe your account has been seriously compromised, there are ways to contact the software developer and remediation services are provided. But despite these security measures, there’s more that can be done. Most importantly, don’t share any personal information when talking to other players. Some gamers are also social engineers who try to gain information on the real people playing the games – whether it’s your real name, location and age or it’s details about your life, your dog’s name, where you moved from, or email address. What may seem like a harmless exchange of information could lead to a social engineering fraud attack where an account is opened using your kids (or their parents’) information to impersonate them. The information exchanged could also be sold for cash on the Dark Web, where personal information is collected and sold to career fraudsters. What businesses can do: Explore the use of behavioral biometrics to add another layer to simple password protectionsUnderstand the role device identity can play, like exposing which vulnerable accounts have been accessed by a known fraudster but where digital goods have not yet been movedReview your risk policies and consider a layered security approach that will level up or down based on the type of in-game transaction What kids can do: Talk about the game and strategy only and don’t give away any personal informationPut yourself on mute when talking to someone in the same physical room while playing games Don’t gift rewards or virtual money with anyone you don’t know in real-life What parents can do: Make sure you practice good password hygiene Turn on any additional security features offered, like two-factor authenticationScrutinize every transaction in your account history With the usage increase of tools to connect with people, there’s also a trend worth mentioning that doesn’t necessarily lead to financial loss but worth a word of warning: opportunistic disruption.  Put simply, some hackers are simply trying to get into your account because they can and occasionally flash up or post inappropriate images and messages or simply push irrelevant advertising (aka click fraud). This can be especially harmful to younger gamers. The good news is that game makers seem to be aware and acting against these sorts of behaviors with increased priority and use of advanced security technologies. This same disruption has been seen in conferencing services used for schools and businesses. Whether you grew up playing the original Nintendo games or are an avid gamer family now, gaming trends among kids and adults continue to grow despite being in the throws of self-isolation.  The answer isn’t to turn off the gaming system but rather be aware that online video games are also vulnerable to the fraud attacks often seen in other industries.   Related stories: Q&A: Biometrics as the catalyst for trust in a socially distant world Are traditional online identification methods becoming obsolete?

In many respects, the explosion in the type and volume of customer data businesses gather to facilitate security, ensure a convenient, user-friendly approach to customer interactions, and personalize interactions is a double-edged sword. In an era when businesses are awash in data, customers' expectations regarding its use continue to grow. Nonetheless, when it comes time to recognize a consumer by utilizing the data, there is a disconnect between how confident businesses are in their ability to recognize the consumer and the consumer's confidence in businesses' ability to do the same. In our latest Global Identity and Fraud Report, where input from over 6,500 consumers and 650 businesses worldwide was gathered, 95% of businesses expressed confidence in their ability to recognize their customers whereas only 55% of consumers reported that they don't feel recognized by businesses. So why do businesses feel they are recognizing their customers better than customers think they are? At the heart of the problem, many businesses fail to appreciate the risks and shortcomings associated with weak or no identity verification and customer authentication tools, including their inability to prevent criminal activity or offer seamless processes that minimize customer friction. And while businesses possess the means of gathering data from customers through a multitude of identity verification and authentication touchpoints, they sometimes struggle to develop an overarching picture of individual customers, in conjunction with their needs during each phase of the customer lifecycle. This, in turn, results in a myopic view of the customer, despite the existence of extensive data. A never-ending torrent of data Due to the rapid increases in the number of connected devices, there is exponential growth occurring in the amount of data generated, with some estimates predicting an excess of 79.5 zettabytes (or 79.5 billion terabytes) of generated data by 2025. With these facts in mind, many companies experience the shortcomings of big data solutions and their ability to make sense of the unprecedented growth in consumer data at the fingerprints. This inability to provide actionable insight means that what started as promising data lakes now resemble data swamps, meaning that companies possess unfathomable amounts of data but struggle with how to put it to good use. The security implications for business and consumers While businesses rush to embrace digitization by gathering all manner of data from customers at every stage of their journey, vast amounts of data continue to be exposed. Furthermore, as stated earlier, when it comes to customer engagement, there are expectations that businesses must meet regarding security, convenience, and personalization, yet many businesses struggle to understand the interrelationship between these three elements. In specific terms, as a customer interacts with a company, they provide additional data, with each interaction. This helps paint a more accurate picture of their identity and behaviors. In turn, this increasingly detailed, data-driven portrait improves an organization's ability to recognize them in subsequent interactions. Moreover, with a more detailed understanding of the customer, the need for burdensome security processes lessens, resulting in less friction for the customer. In a nutshell, security, convenience, and personalization form individual legs of the same stool. Consequently, failing to consider this fact, leads to isolated security measures, peppered throughout the customer lifecycle. For example, while browsing online, a customer may receive recommendations regarding the products or services they may like. However, when they access their account profile during the same session, the company may force them to reauthenticate their access. Using this example, since the company had sufficient data to personalize the customer's experience, in theory, at least, they also possessed sufficient information about the customer and their identity to grant unfettered access to their profile. Was there a genuine need to reauthenticate the customer in this scenario? At the heart of that interaction lies the customer's identity, which forms the basis for any interactions. When disparate systems capture various elements of a customer's digital identity, a mechanism must exist to aggregate the elements, to minimize the friction customers experience when interacting with businesses at different points in the lifecycle. And while relatively sophisticated CRM systems exist to memorialize customer preferences, due to their inability to capture a holistic view of the customer's identity and subsequent activity during all touchpoint in the customer lifecycle, they often fall short as in their ability to deliver a cohesive, consistent and appealing approach when it comes to security. The power of layers and analytics When fractured infrastructures are in place, businesses often subject their customers to a complicated and disjointed approach to security and risk requests, while simultaneously bombarding them with attempts to up-sell or cross-sell products and services. So, while the goal of data gathering and analysis should in part facilitate convenience, that is far from the customer experience when interacting with certain businesses. Conversely, when customer identity and recognition involves layers of data gathered from across business units, coupled with advanced analytics and quality identity verification tools, businesses can present a more compelling, user-friendly approach that minimizes the stress placed on the customer while providing a positive customer experience. With this approach in mind, businesses can do a great deal to foster engagement which is secure and trusted by the customer. Our research determined that 86 percent of businesses state that advanced analytics is a strategic priority. Yet only 67 percent of businesses consider the use of advanced analytics, like artificial intelligence, to be important for fraud prevention, whereas only 57 percent deem advanced analytics as important for identifying customers. Even fewer respondents see a reason to adopt a hybrid approach involving machine learning involving both unsupervised and supervised models with business rule logic – 45 percent globally and with the United States and Japan as the outliers at 58 percent. However, when businesses pursue the adoption of more sophisticated authentication strategies and advanced fraud detection tools, they will improve their ability to identify and their customers, reducing their exposure to risk and ultimately leading to increased trust. Trust is the linchpin for any transaction and while it's easy to underestimate the importance of trust, given how difficult it is to measure and maintain, without it consumers and businesses will part ways. In a world with no shortage of data, with the right tools and methodology in place, businesses can mitigate various forms of risk, refine the customer experience, and foster the trust needed to support a mutually beneficial relationship between businesses and the customers they serve.

The decisioning landscape is changing rapidly. In parallel to this, digital continues to redefine the customer experience with a big focus on removing friction from the customer journey. Mounting expectations around online customer experience mean that we are seeing a digital transformation both in terms of consumer interaction, and what the businesses are processing in the background. The front and back end are no longer mutually exclusive, and the driving force behind this transformation is digital, and it’s enabled by the cloud. How the pandemic has shifted priorities Before the Covid-19 pandemic took hold, businesses were well on their way to recognizing this. Digitizing more workflows while incorporating a truly customer-centric view was the goal of 2020. A Gartner report shows that in January, priorities for CIOs centered around Cloud and DevOps. This push to shorten the development lifecycle by combining software development and IT operations into a single discipline, alongside demand for Robotic Process Automation, using bots to focus on automating high volume repetitive tasks, were top of the list for businesses. By April, these priorities had changed. Businesses quickly shifted their focus to the pandemic, and with that, the need to enable remote or home working. But Cloud remains firmly within the top three. We look at why cloud-first decisioning remains critical to digital transformation, now more than ever. Why Cloud-first is even more important now Managing cash flow: When a CIO is in the cost optimization mode and trying to conserve cash, scaling back on the use of existing Cloud technology can afford immediate cost savings. Cloud cost for infrastructure of the service, or platform of the service, and even some software of the service is often tied to the business. The less usage, the more savings. When a CIO needs to implement new technologies in 2020, Cloud can offer the most cash flow optimized needs to do so. Less cash is spent upfront to acquire Cloud technology than to buy data center systems or licensed software. Business agility: Cloud technology makes it much easier to keep systems up to date and secure, alongside feature enhancements and new releases. The Cloud minimizes lengthy and costly delivery projects with solutions that can be deployed in weeks, not months and years. Customer journey: Many established market leaders are running digital transformation programs that re-orientate their business away from functional and product silos to focus on customer journeys enabled by Cloud services. Keeping it simple: Simplification is crucial. Simplifying the IT environment with Cloud services that eliminate the need to manage hardware and other infrastructure. Using Cloud-native architecture to support auto-scaling, zero downtime for upgrade. Security is paramount: The challenge to identify and fight fraud by analyzing behavior during the data capture process is ever-present. Software needs to evolve all the time to adapt to threats, and it needs to continuously update with new features to help businesses remain competitive. Businesses need to protect consumer digital accounts from Account Takeover threats while balancing consumer convenience. Cloud-first impacts all layers, from consumer interactions to data sourcing and processing, from fraud detection to identity verification, and at the heart of areas like credit and decisioning. Integrated decisioning, and decisioning that is governed and can be clearly explained to both the auditor and to the regulator is the goal of every business, and it is enabled by the cloud.

“Password Incorrect"Are businesses making progress identifying customers online, or are they continuing to frustrate those customers with archaic identification and authentication methods? Businesses engaging with their customers online walk a precarious tightrope between offering a frictionless experience and securing user accounts against fraud. But with ever-evolving technology, we look at how businesses can get a grip on the changing world of fraud while offering a great customer experience. While easy digital experiences matter to end-users, especially now that any physical customer interaction is temporarily on hold, make no mistake about it: security is the most important factor when it comes to building trust with your customers. In fact, our annual Global Identity & Fraud report, published in February 2020, found that 74% of consumers consider security the most important factor related to their willingness to conduct business online. Moreover, ease of access to their accounts was a close second, with 72% of respondents saying they want less friction and more user-friendly solutions. But keeping track of multiple, complex passwords across hundreds of digital accounts and running a gauntlet of authentication hurdles is the antithesis of what customers want. The Evolution of Identification Businesses that are truly committed to providing customers with a secure and frictionless experience online are moving beyond traditional fraud mitigation methods when it comes to customer identity. They're adding multiple intelligent layers, many of which are completely invisible to end users, to add security and enable the fast, easy access customers expect. Traditional analogue measures, like signature cards and face-to-face interactions with customers by a bank employee, are nearly extinct. Now, like those dinosaurs of the pre-internet world, many digital fraud protection measures are also being rendered obsolete because they just aren't robust enough to confidently identify customers. But technology can help businesses address this disparity. More sophisticated strategies, such as the development of machine learning and artificial intelligence, can provide faster and more accurate authentication – while being less intrusive user experiences. Technology for Trust Thanks in large part to the rapid growth of smartphones and mobile devices, we've seen more sophisticated methods of authentication. One of the most common forms of two-factor authentication today are the nearly ubiquitous one-time passcodes that are sent by email or text. This second layer of authentication ensures that the user is in possession of the hardware being used for access and has access to a confirmed email account or mobile device. A downside of using these codes for verification, however, is that the user has to access email or messaging, which adds friction to the process, and is still not (on its own) immune to fraudsters. There is no one-size-fits-all solution The white knight of trust is a dynamic approach to both identity verification and authentication. To accomplish this, businesses need to layer solutions that provide insight into devices and behaviors on top of traditional two-factor options. Then apply advanced analytics to stop fraud while allowing 99% of customers to breeze through sign-up and ongoing account access. Many of the latest identity authentication controls are 'passive', so customers won't even notice that they are happening, making the customer experience both secure and smooth. Passive authentication can include behavioral risk assessments that compare the device against historical activities from the customer as well as evaluate how the customer is inputting information or navigating the page. This, paired with other measures such as enrolling customers' biometrics and using them for ongoing account accesses, can help ensure a seamless online experience. Looking for the right signals across data sources can quickly flag risk and move the customer through the digital enrolment or login without unnecessary friction. Related articles: Covid-19 as a Gateway to Fraud: Top 5 Global Fraud Trends to Watch Out for in 2020

Awareness is key for both businesses and their workforce when it comes to phishing fraud. But in a world where digital engagement has suddenly ramped up a notch (or ten), it is becoming increasingly difficult to differentiate between what's real and what's not. Mike Gross, Head of Global Identity and Fraud at Experian, recently spoke to Jill Malandrino at Nasdaq Trade Talks about the key things to watch out for when it comes to phishing scams. Here's a round-up of what was discussed: New opportunities for phishing The global pandemic has opened up new routes for phishing scams. Fraudsters are great marketeers in a crisis, and they thrive on people's curiosity. From fake charity organizations claiming to be investing in Covid-19 related treatment to new government support schemes - if it sounds too good to be true, it probably is. Remote working Individuals are now forced to work from home but still have a responsibility to protect customer data. New processes have exposed gaps that fraudsters can exploit as there are typically fewer controls on home networks. Businesses must ensure that the right security is in place for their employees. regardless of the business size. Habits have shifted, and so have the fraudsters The pandemic will change the way we operate forever - how businesses enable remote workers, how consumers interact with commerce and how kids learn today - this is impacting our lives on the social side as well as the work side. Fraud will follow suit. Reacting to the crisis with a layered defense Phishing has dramatically increased, but phishing itself doesn't cause losses. It's the gaps in the controls - organizations may not have proper layered controls in place to defend themselves against these more sophisticated, or multi-channel attacks - that's what leads to the increases in losses. No one had a chance to prepare for this crisis - everything is different now than it was a month ago, from customer service, online demand, a flood of certain types of applications - businesses are not set up for the scale of demand. Listen to the full interview