Identity verification needs to evolve, as the identity fraud is becoming a costly issue for consumers and businesses alike, particularly for account opening or application fraud.
The 2018 Identity Fraud Study by Javelin Strategy & Research, revealed that the number of identity fraud victims increased by eight percent (rising to 16.7 million U.S. consumers) in 2017, with the amount stolen totaling $16.8 billion.
The legacy approach of verification via static sources, such as public record databases, address information, and credit bureau data, is not protecting consumers from today’s more sophisticated fraudsters, particularly when it comes to digital account opening processes.
Consumer expectations for 24/7 digital access and competitive pressures have forced many organizations such as Financial Institutions and merchants to abandon more stringent manual application review processes to open accounts. This has created a new area for fraudsters to exploit.
Another factor making account opening fraud more attractive for fraudsters is the large volume of personally identifiable information (PII) available on the black market for fraudsters to use as a result of thousands of data breaches over the years. Armed with even a few key pieces of compromised information, fraudsters can create a fake ID and open a fake account with a real identity. Fraudsters have also begun creating synthetic identities created with different pieces of real data from multiple sources to create a new identity.
The EMV migration has also had an impact. While the transition to EMV chip cards has resulted in a decline in counterfeit card fraud, it’s also led to an increase in fraud attempts in digital channels. Fraudsters are shifting their tactics from using fake credit and debit cards in person to the more anonymous digital channel.
Account opening fraud takes many forms, from amateur fraudsters using stolen credentials to obtain credit cards fraudulently, to extremely sophisticated and far-reaching operations using automated bots to generate a large amount of new account applications in a short time. Fraudsters may hijack a victim’s identity altogether by linking fraudulently opened accounts with legitimate ones to control access to and the movement of funds between the good accounts and the fraudulent ones. They can also use access to a victim’s accounts to enable additional access to funds.
So what can digitally enabled organizations do?
Digitally enabled organizations need to meet consumer expectations, keep up with competition and leverage new opportunities, while at the same time, recognizing the inherent financial and reputational risks involved with enabling online account opening capabilities.
To improve identity verification, organizations are turning to techniques such as device intelligence.
Device intelligence is critical in the emerging fraud landscape of account opening as it enables organizations to verify the identity of a device by the device’s unique characteristics. Device authentication technology uses certain unique attributes in each device to create a device ID. By creating and calling on this device ID for subsequent transactions, organizations can more quickly authenticate trusted consumers with the least amount of friction, providing a positive customer experience. And, transactions from risky devices with suspicious behavior, evidence of fraud tools, or other high risk indicators can be flagged for next-level review or denied altogether. Or, if the same device ID is opening many accounts in a short amount of time, this is potentially a harmful bot or scripted attack. And finally, the device ID can be used to flag a suspected fraudulent device from returning for subsequent fraudulent account opening attempts.