Combating Account Takeover Fraud: Equifax Webinar Overview
Account takeover fraud is a burgeoning challenge for financial institutions. This is one of the opening points made by Gasan Awad, VP of Identity and Fraud Product Management at Equifax. On December 9, 2014, Awad co-hosted a webinar entitled Account Takeover Protection for Online and Mobile Banking alongside his Max Anhoury, VP of Global Partnerships at iovation.
Together, they referenced that 23 percent of financial institutions saw a rise in incidents of account fraud and 20 percent saw actual elevated losses, according to the Information Security Media Group (ISMG) 2014 Faces of Fraud Survey1. A solution? A multi-layered approach to fighting fraud, a “critical step” as more business services are offered across online and mobile channels. Here is a summary of the challenges posed by fraud and the preventative measures firms can apply to both device- and identity-based services to help cut business losses.
The many faces of modern fraud
Today, fraud is more complex than a simple hijacking of a customer’s password or personal data; in fact, it can take on many forms.
The first form of fraud mentioned in the webinar is phishing, which occurs when fraudsters use email or phone services (called phone or IVR phishing) to target consumer data. The next is social engineering which utilizes information stored in social media networks to initiate the fraud process. On a more technical level, fraud practices like baiting (or Trojan horse fraud) unleash a software program that is designed to gather consumer data under the guise of another service, while malware is a more malicious software designed to gather consumer data without the victim’s knowledge or approval. These more technical fraud practices can lead to massive security breaches where sensitive consumer and business data is compromised, quickly deteriorating your company’s legitimacy and reputation.
The questions to ask to help eliminate fraud
Awad explained that the one of the best ways to confront fraud is by getting a comprehensive view of your customers. “The more we know about a customer,” Awad said, “the more it helps us understand, not only normal behavior, but anomalous behavior.” He urges companies to cross reference unusual activity on an account with other data collected from a customer’s telecommunications or utilities providers. In particular, Awad mentions being able to answer the following top five critical questions:
- Are the ID attributes the same?
- Is the user behavior consistent with known patterns?
- Are there any behavior and patterns consistent with fraud?
- Are there anomalies in your customer’s transactions — such as the spontaneous addition of authorized users and password changes?
- Are you able to verify the device being used?
The balance of security and convenience
Another big challenge for financial institutions is balancing security and positive customer experience. “Ideally, banks and other financial services firms want to avoid asking their customers to change their username and password credentials,” said Anhoury. “Banks need a high level of passive security that is very low impact to their clients.” He says that existing fraud-fighting platforms may already have device profiling, but do not provide adequate device insights. “A single solution is not enough,” Anhoury says. “Banks need a comprehensive, defense-in-depth strategy.”
Understanding the future world of fraud
Financial institutions have an increasing responsibility to take preventative measures against fraud. This may include automating detection tools to increase efficiency while removing the slower, and oftentimes incorrect, manual review process. Companies are also urged to generate, and frequently update, fraud models using known fraudulent data. Simultaneous implementation of discreet fraud prevention tools is also key as it requires less involvement on the part of your user. These tools function in the background while also improving user experience. Finally, make sure to participate in consortiums and exchanges. Don’t be the third victim; work with partner organizations to reduce the size of the overall problem.
There is no doubt that the risk of fraud is increasing, but the methods for combating fraud are also improving at an equal pace. For further information, or to watch a recording of this webinar, please visit the Consumer Bankers Association website.
12014 ISMG Faces of Fraud, http://www.bankinfosecurity.com/webinars/account-takeover-2014-evolving-schemes-solutions-w-421
Recommended For You
The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by […]
As fraudulent attempts increase during account openings and applicants grow less patient with invasive anti-fraud techniques, organizations must find a […]
There’s good news and bad news when it comes to fraud and the growth in technology. The bad news is […]
You probably know someone who’s had their identity stolen. You may have even been a victim yourself. But what happens […]