Identity fraud: Protecting your customers from the new kids in town
It’s one thing to have your credit card stolen, but your identity is a whole other ball game. The worst thing is, it’s a lot more common than you’d think. Identity fraud affects around one in 15 people in the US and has never been higher in the UK. The fraudsters have built their own subculture as new tools and channels lower the bar for entry. It’s time to strap in, because the challenge will only grow in the next few years.
When a customer calls to say their account has been hijacked, their confidence in you and your security measures is shot. How you respond is vital, but it would’ve been far better if it had never happened in the first place.
While it seems surprising, there is a way to turn identity fraud into a positive customer experience. However, it all depends on your ability to detect and prevent the fraud before it can do any damage. For this, you need an intelligent screening process and the right joined-up systems in place.
Culture shock
Fraud is nearly as old as money itself. The reason we haven’t managed to put a stop to it is because fraudsters have been able to adapt. When we clamp down on one form, the fraudsters have moved to another. In the US, while we were busy tackling cheque fraud, the fraudsters were starting to create synthetic IDs.
To combat fraud effectively, financial companies need to know what they’re up against. Fraud has changed in recent years, and it continues to evolve. Organizations don’t just face isolated lone wolves and criminal outfits, they’re taking on an entire online subculture of fraudsters.
Social media has created countless online communities, some good and some bad. But what we’re seeing now is the rise of the new kids on the block – the next generation of tech-enabled fraudsters. This crowdsourced community is truly international, able to share techniques, tools, warnings and opportunities online. Rap artist Teejayx6 has even been able to hide fraud lessons in his song lyrics, turning him into a fraud folk hero.
What’s happening is that fraud is being democratized. Where resources and experience used to be key to success, anyone with an internet connection can access the dark web tools they need to pull it off. For organizations, this means fraud attacks will be coming from every direction and across every channel non-stop.
The only way to protect yourself and your customers from these new fraud attacks is by having technology in place that lets you adapt. Systems should be integrated and agile, and your methods for fraud detection should be intelligent and dynamic to change.
Knowledge is power
As financial companies have moved online, so have the fraudsters. A criminal doesn’t have to search through garbage bags for bank statements to steal a person’s identity – they can now get all the info they need on social media or even a phone call.
The customer is always the weakest link when it comes to security. It’s no accident that 70% of successful fraud attacks begin on the telephone, and 10% through direct email. Fraudsters will target them relentlessly, tricking them into sharing personal info, passwords and account numbers. They may go as far as stealing victims’ personal devices.
The first line of defense will fail: fraudsters will get what they need from their target and can start and exploiting their online accounts. It’s here that a company has to step in to protect the customer.
To do this, you need a truly intelligent, insight-driven screening process for every channel. Have a way to accurately identify and verify each customer interaction, to ensure the user is who they say they are. Data is the most important thing, but so many authentication systems only make use of a fraction of what’s available.
A secure and efficient verification system needs to assess a lot of different typologies. Only confirming that a user is using a familiar device doesn’t mean they are being honest. You should check them against multiple typologies – like experiential information, user behavior and public records – before you give them access.
Organizations don’t have to check for every data type, but they do need to be exact. Identity fraudsters build entire synthetic identities on top of their victim’s – they’ll change personal details, addresses and public information to make their identity more believable. If you check for more factors, you’re more likely to catch them out.
If the user passes these checks, they can safely be let in. If they don’t, it’s time to give the customer a call, either for further authentication or to tell them their identity is in danger. When you have the data-driven insight to warn a customer about fraud before it happens, you turn it into a positive customer experience. They’ll be sure that their identity and business is safe with you.