In the last 15 years, identity fraud losses in general have risen steadily. However, according to a new report, there are concerning upticks in new account fraud (109%), account takeover fraud (90%), and peer-to-peer payment fraud (18%).
The digital evolution that was accelerated by the pandemic brought about an onslaught of identity fraud from 2020 to 2021, which according to Javelin Strategy’s 19th annual Identity Fraud Study: The Virtual Battleground, totaled upwards of $52 billion and affected more than 42 million Americans. The elderly, many of whom did not have prior experience transacting online, were and continue to be especially vulnerable to scams by fraudsters who have zero qualms about robbing the unsuspecting of their hard-earned money. As a result, there has been an alarming rise in account takeover (ATO) fraud due to social engineering scams over the last year.
There have also been major macroeconomic impacts that led to much higher unemployment numbers, and the federal government stepping in to provide stimulus packages to consumers and loans to small businesses.
These factors created the perfect storm for fraudsters who took advantage of the loosened identity verification controls and the need to disburse funds quickly. As a result, fraudsters used stolen and fake identities to open accounts, claimed benefits and took out loans for businesses that didn’t exist. The extent of such fraud by any estimate is in the billions.
Despite banks spending considerable resources towards educating their customers about how to avoid falling victim to scams, fraudsters find unsuspecting users to scam. While 42% of consumers consider it their own responsibility to keep their identity safe, 60% believe that it is their bank’s responsibility to make them whole again when an identity fraud loss occurs.
Some ways banks can respond and improve the fraud resolution process include complimentary identity protection, easily accessible online tracking of fraud cases and restitution of stolen funds while cases are being investigated.
There has also been a significant rise in mule accounts which are established with either stolen or fake data that is capable of passing traditional ID verification controls. With ample funds being available from government stimulus packages and unemployment benefits, fraudsters claimed these benefits and deposited their ill-gotten gains into the fraudulently opened accounts. While they laundered the money, banks were left with first-party fraud losses and investigations of suspicious activity. With plenty of money to grab and inadequate controls to detect such fraudulent activity, the per-incident loss amount spiked quite significantly from $201 to $1,551 between 2020 and 2021.
Financial Institutions have been using personally identifiable information (PII) and device-based controls to detect fraud. However, for the newer fraud tactics like bot attacks, ATO and social engineering scams, it would behoove financial institutions to consider adding behavioral biometrics as a layer of defense. When the stolen – but legitimate – data is entered and verified successfully, devices look clean, and step-up authentication is ineffective against clever social engineering attempts, user behavior provides unique risk signals. How the data is entered, how fast the user interaction takes place, and whether the user is behaving like they usually do or are showing signs of duress, constitutes precious data that can accurately assess these newer forms of fraud. Although fraudsters can steal data, have squeaky clean devices, and phish information, one thing they cannot do is imitate genuine user behavior – thus giving away critical clues in their online behavior. Modern behavioral biometrics monitors and analyzes these behaviors in real time to protect financial institutions and consumers.
In addition to gleaning valuable insights through cloud-based, data-rich behavioral biometric defenses, the report makes several recommendations for preventing these ever-creative scams. These include identity-proofing every account-based activity, investing in consumer education, and deploying technology to facilitate frictionless experiences. In short, criminals are getting more resourceful and technologically advanced with their scams- and if we are to prevent these losses from continuing to climb, banks must beat these criminals at their own game.