We’ve all heard the stories: the unfortunate people who find themselves duped financially and then struggle to reclaim their identity after being targeted by sophisticated cyber criminals. And with cybercrime on the rise, these stories are becoming increasingly common.
It’s important to realise that businesses, which don’t implement risk prevention strategies, are also placing themselves at risk of falling victim to online deception.
In fact, any business that processes financial transactions or brings on new customers via online channels without a proper verification program is opening its doors to unwittingly being open to fraudulent activities.
Cyber criminals are changing the way they do business
According to the 2015 Veda Annual Cybercrime Report, the majority of fraudulent application attempts occur online. And over the past financial year, 50% of credit application fraud occurred online, increasing from 33% in 2013-14.
The report, which is an analysis of Veda’s Shared Fraud Database, also shows that the way criminals are attempting fraudulent transactions is evolving too, with identity takeover increasing by a staggering 59% over the past two years. Falsifying personal details is still the most common type of online fraud attempted, but identity takeovers are increasing at a faster average rate every year.
So what does this mean for business?
A fake bank account opens a world of (illegal) opportunities
A fake bank account might not appear to be high in the criminality scale, but a cyber criminal in possession of another person’s identity can create an entirely falsified online identity. And someone creating a bank account under a false name is unlikely to be using it for legal purposes.
Recently, a financial institution began using Veda’s identity verification solution, IDMatrix, as part of its new process for opening online accounts. Within minutes, cyber criminals had pounced and the very first accou nt application was flagged as potentially fraudulent.
The fraud assessment function within IDMatrix flagged inconsistencies with the application, so the company was able to prevent the account being opened and stopped the cyber criminal in their tracks.
For the financial institution, it was a lucky catch. A fraudulent bank account can become a lynchpin for a number of criminal activities, from fraudulent credit applications and loans to money laundering.
Keeping customers in mind
For businesses, identity verification and fraud assessment is a balancing act; organisations need to meet legal obligations and minimise risk whilst still providing a good customer experience. Breaking predictability for fraudsters is also key.
Ensuring the conversion of potential customers is understandably a priority for businesses and, in order to do this, online application processes need to be quick and seamless.
But is neglecting fraud assessment really worth the risk? Many elements of fraud assessment can be processed in the background with no impact on the customer experience.
Without a full artillery of risk prevention strategies combining fraud assessment and identity verification tests, there will always be room for doubt.
The 3 essential components of a detailed fraud assessment:
- Access to verification and fraud databases: The instant cross-checking of information means businesses have a clearer picture of an applicant, and any red-flag information can be investigated.
- Layered data and device intelligence: By layering identity information with a fraud assessment, businesses are better positioned to catch cyber criminals as it provides detailed intelligence and increased opportunities for identifying suspicious behaviour patterns. For example, information about the device an applicant is using, such as geo-location and language settings can be assessed to ensure they are consistent with the applicant’s identity information. Device intelligence can prevent fraudulent activity at the start of an application, rather than trying to resolve after it has occurred.
- Knowledge based authentication: Fraudsters armed with a real identity are well placed to commit fraud. But when they’re asked dynamically generated out-of-wallet questions, a business can catch out a prepared cyber criminal.