According to UK Finance, in 2019, unauthorized financial fraud losses across payment cards, remote banking, and cheques totaled £824.8 million. One type of fraud that contributes significantly to this loss is identity theft (opens in new tab), which has become a severe problem in recent years. Anti-fraud measures designed to detect identity theft forces fraudsters to find ways to trick individuals, leading to new and constantly evolving fraud typologies that are increasingly difficult to detect and stop.
In account takeover fraud, for example, the criminal uses information stolen through phishing scams to gain access to an individual’s account, make unauthorized payments, or apply for credit. The difficulty in detecting fraud is that it looks like the customer is logging into their account. As a result, the alarm might only be raised when the customer spots abnormal activity on their account.
Even more challenging to detect is synthetic identity fraud – sometimes called Frankenstein fraud – where criminals create an identity by stitching together factual information stolen from various sources to build a whole new persona. Nurtured over time, fraudsters build legitimacy for the identity, becoming model customers of bank accounts and short-term credit, always paying on time to build their score. Eventually, they ‘cash out’ – simultaneously applying for as much credit as possible, with no intent to pay.
According to recent research, account takeover fraud represents 19% of all third-party fraud (where people’s details are stolen), while synthetic ID fraud accounts for 15% of all UK first-party fraud. In other words, they’re massive issues. So how do we go about tackling them?
Digital identity tools are a crucial weapon in the fight against identity theft. At a basic level, they use a limited set of attributes, such as name, date of birth, credit bureau data, and electoral roll data, to identify the individual in question and determine the probability of them being genuine. But as we’ve already heard, these can be easily stolen or faked.
This is where cutting-edge technology can help. The latest digital identity tools analyze a broader set of attributes from when the ‘customer’ attempts to log in. These can include behavioral characteristics that check against established patterns of behavior unique to an individual – how they enter their details, how quickly they type, how they hold their device, or physical traits, such as the device they’re using and their location in the world. Measuring these attributes helps companies make a risk judgment even before a successful login and dynamically add additional layers of authentication in milliseconds if there’s any suspicion it’s not the genuine customer.
Other layers of digital security use knowledge-based authentication (KBA), one-time passwords (OTP), and advanced biometrics such as liveness tests and facial recognition to add additional layers of security designed to thwart fraudsters using stolen details. These multifactor authentication methods allow businesses to authenticate people with a much higher probability of success and improve and speed up the experience for genuine customers.
Tackling fraudsters using manufactured identities is trickier, but technology can help. Using artificial intelligence machine learning tools, firms can analyze vast sets of customer data to detect patterns and linkages between common attributes like address and phone number to uncover potential fraud networks that would otherwise remain invisible.