Republished: September 13, 2018, updated to reflect the latest industry news, trends and insights.
In the olden days, you knew who you were doing business with. You knew their name, their family, where they lived and how much you could trust them. That era is long gone, as we live in larger and larger cities. Now, eCommerce is a $1.9 trillion business and growing at 23.7% per year. Business happens across the globe, so how can you know who you are dealing with? How can you prevent fraud and mitigate risk when the potential for identity fraud is a click away?
Identity fraud, according to Wikipedia, “is a crime where one person uses another person's personal data, without authorization, to deceive or defraud someone else.” To put numbers on it, a Javelin Strategy and Research report states financial fraud using false identity in 2016 added up to a cost of $16 billion. The fastest rising category was online, with card-not-present (CNP) fraud rising by 40 percent. Another study, by CSIdentity, found that the cost of identity fraud to US businesses is in excess of $50 billion a year.
With so much of our lives now occurring online, treasure troves of PII (Personally Identifiable Information) are on numerous databases, only one data breach away from being in the hands of fraudsters or organized crime ring. The problem is so prevalent now that you can buy an ID for as little as five dollars on the dark web. Or, fraudsters can create synthetic identities based on data points of real ID’s to use for activities.
The onus is on your business to protect your customer’s information and take all reasonable precautions to prevent any data breaches. The costs of prevention are nothing when compared to the costs of a breach, both financially and to your reputation.
Your business also needs to take all reasonable precautions to prevent identity fraudsters from opening accounts, purchasing goods, or using your systems to perpetrate or extend their scheme. Depending on how the identity fraud takes place, you can bear the financial liability and take the loss directly. Even if you can chargeback, there’s the time and expense to deal with the issue, as well as potentially damaging your relationship with your payment provider.
If the fraud is an isolated issue, that’s one thing. However, if it becomes a frequent occurrence, it can negatively impact your business because payment providers may stop doing business with you. If a fraudster successfully opens an account with you, they can lie in wait and build up the credit on that account to perform a credit bust-out fraud, cashing out for maximum impact.
5 Steps to Prevent Identity Fraud
Halt – know who goes there
The best time to stop fraudsters is at the gate, account opening, before they can do any damage. The first step is identity verification. That is a requirement for Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance and helps reduce fraud by noting data mismatches.
Do your customer due diligence; understand the nature of the customer and the potential threat they pose. In certain circumstances, consider an additional layer of verification, by performing an identity document verification check. You can also use various fraud detection tools at provide further risk management options.
Know thy Enemy
Know the techniques that identity fraudsters are using, both overall trends and specific procedures. As James D. Ratley, President, Association of Certified Fraud Examiners states, “As fraudsters will continue to evolve with technology, it is important for anti-fraud professionals to stay on top of the current trends in order to prevent fraud before it’s able to occur.”
For example, many fraudsters use prepaid phones, so by checking the history of a phone number you can know if it’s a long-term number or suspect. The same applies to email addresses; has that email address been used by the prospect for a long period of time?
By knowing that fraudsters tend to use bulk techniques, you can also watch for multiple applications at around the same time using the same phone number and email address.
Another form of fraud gaining popularity is electronic gift card fraud, which accounted for 9.5% of all online fraud attempts in 2015.
Keep an eye out
There are numerous suspicious patterns that ongoing monitoring can detect. Unusual purchases, locations, devices, volume and/or value can all be signs of trouble. Not all accounts are the same, so not all monitoring is the same; create risk profiles to determine how closely to monitor various accounts. Also, don’t look at accounts in isolation, the more you can track across multiple accounts, the better profile you can match for.
Think before you act
Don’t be at the mercy of fraudulent actions to determine how you’ll act. Your procedures need to anticipate various scenarios and have processes to deal effectively with them. Review and adjust these processes on an ongoing basis and stress-test them to ensure they are capable of defending your business.
Teach it, preach it
Fraud prevention is an organization-wide task. Some of the most successful fraud attacks use social engineering to gather sensitive information from employees. Or, an employee might notice something ‘off’ but they don’t the nature of it, or what to do.
Establish and maintain proper training and ongoing rules for all employees. More than that, ensure a safe-data culture. Many of the same fraud prevention procedures that help protect individuals apply to employees; by making each employee knowledgeable and accountable, you reduce the options for fraudsters to gain access to your secure systems.
While it’s vital to protect your business from fraud, you need to do so in a manner that is customer-friendly. Onerous steps that take too long will lead to customer abandonment, and lower customer satisfaction levels.
Using proper fraud prevention techniques along with up-to-date technology will allow you to keep identity fraud in check, while effectively serving your customers. The more you know your customers, the better you can serve them and the less risk you’ll face from identity fraud.
Identity Fraud in the News
Impostors are tricking workers into sending money to rogue bank accounts at an alarming rate. From December 2016 to May 2018, the FBI observed a 136 percent increase in losses to business email compromise (BEC) scams.
A new survey shows that Americans are actually less concerned about online security and privacy risks than they were in 2015.
Identity thieves are not shy about targeting children for fraud. It's up to parents to take control, and keep their kids safe from cyber-criminals.
Identity theft protection services offer tools to help you spot potential signs of trouble, and maybe prevent the theft happening in the first place.
Synthetic identity fraud is costing banks billions of dollars and countless hours as they chase down people who don’t even exist. That is part of the reason why global card losses have been rising at an average annual rate of 18% in recent years.
A record-high 16.7 million US adults experienced identity fraud in 2017, marking an 8% increase from the year before, according to Javelin's 2018 Identity Fraud study.
Financial online fraud and the fuel that feeds it has been growing steadily over the past decade, resulting in losses to banks, businesses and individuals, especially with cases of new account fraud (NAF).
Part of the difficulty is that fraud strategies cannot be borrowed from other regions, due to significant differences in identity factors.
If we give businesses the incentive to verify that they are extending credit to the people they think they are, those businesses will find efficient and accurate ways to do so.
Paper passports and driving licences should be torn up and replaced by a digital document that can be stored on a smartphone, a thinktank has said.
Fraud prevention service Cifas today revealed 89,000 identity frauds have been recorded in 2017 so far in the UK -- a record rise of 5 percent over last year.
As organizations move toward Phase 2 of Same Day ACH, consider the possibilities for real-time verification, an option that is available regardless of the technology environment.
Synthetic identity theft, a form of application fraud in which criminals use fake personas to abuse credit, is responsible for 5% of charged-off accounts and up to 20% of credit losses.
FICO, an analytics software company, reports that its latest research shows 44% of consumers rank identity theft and bank fraud as their top concern. That's more than double the percentage who said they worried about a terrorist attack.
The reality is investing in security solutions is only one piece of the puzzle – the human element also plays a critical role in identifying fraud and protecting both your business and investors.