Despite relentless attacks using seemingly endless amounts of data compromised from breaches, more companies are reporting similar fraud levels as previous years across all channels. Robust fraud-deterring endeavors and investments are leading to some stabilization in loss rates, especially in mobile. Businesses have deployed more identity verification and anti-fraud layers and technologies, more companies have been sharing fraud data in consortiums and Americans have been doing more to protect themselves. And still, with these signs that anti-fraud measures may be taking effect, businesses can’t let their guards down.
Fraudsters continue to push the envelope and are expanding mobile tactics, such as SMS text interception, while fighting anti-fraud machine learning with their own machine learning and credential-stuffing technologies. They’re also collaborating and sharing best practices on the dark web while they continue to avoid detection by lowering transaction amounts and opting for larger-scale attacks. In addition, fraudsters are exercising patience in Synthetic Identity Fraud (SIF), which is now the top worry among executives tasked with fighting fraud.
Staying ahead of fraud requires a true understanding of fraud schemes and tactics, their potential impact, the best methods for protecting against them and how to successfully manage customer expectations in their wake. The newly released Seventh Annual Fraud Report from leading identity verification provider IDology reveals just that. Let’s take a closer look at key findings.
6 Important Identity Authentication and Fraud Prevention Insights
- Fraudsters are flying under the transaction amount radar. Criminals are always probing defenses and determining how to commit fraud at scale while also taking steps to minimize the likelihood of detection. Over the past 12 months, the average transactional dollar value of attempted fraud attacks in the under $500 range has increased by 31%. These low dollar amounts, when scaled across victims, can be easily missed by consumers as they scan card statements. The tactic of making lower dollar transactions over time also demonstrates the patience and discipline of fraudsters, particularly their willingness to nurture a fraud scheme to extract the maximum benefits.
- Card-funded fraud, phishing and account takeover continue to be the most prevalent fraud schemes. Credit, debit and prepaid card fraud continues to lead as the most predominant form of fraud across industries, followed by phishing, including business email compromise (BEC), which cost global organizations $1.3B last year, and then account takeover. Compared to IDology’s 2018 Fraud Report, ACH/wire fraud moved up two spots to the fourth-most-frequent form of fraud, a shift that is likely driven by the emergence of real-time ACH payment initiatives and increased adoption of person-to-person (P2P) payments.
- Mobile is at the forefront of identity verification and fraud. Mobile devices and the connectivity they support provide a critical and effective means of delivering authentication and biometric capabilities, but they also create vulnerability points. Nearly half of companies reported the same levels of fraud in the mobile channel compared to last year, with 28% reporting an increase in mobile fraud. As more consumers utilize one-time mobile passcodes for multi-factor authentication, circumventing and intercepting them becomes more lucrative for fraudsters, especially with orchestrated multi-channel attacks.
- Businesses are largely unprepared for SIF and mobile attacks. SIF and mobile device attacks were the fraud vectors companies felt their industries are least prepared to confront. This year’s report once again validates SIF and mobile device attacks as the most potent threats. SIF in particular has become a key concern, ranking as the top fraud type that executives believe will be most severe in the next three years. It’s easy to see why. SIF is difficult to detect, stop and report, and there are no real people from whom to recoup losses.
- Consumer trust is declining. We’ve seen record-breaking breach settlements this year, and businesses are still working to understand the implications of large-scale chronic breaches, related fines and settlements. According to companies surveyed, the biggest casualty of large-scale breaches and settlements is the loss of customer trust. As business executives know from experience, the terms “safe” and “easy” don’t often align and deploying a safe and easy process can prove elusive. It’s easy to see why the number one challenge reported by fraud executives and professionals is maintaining the delicate balance between strong fraud prevention and a fast and easy user experience.
- Compliance considerations are rising. Along with the ongoing challenge of minimizing anti-fraud friction, many businesses are confronted with a new world of consumer privacy empowerment that will inevitably open new windows of fraud. The California Consumer Privacy Act (CCPA), which goes into effect January 1, signals a fundamental shift in the privacy and data management landscape. IDology’s research points to CCPA regulations having a nationwide impact as a matter of course. Consequently, US companies, regardless of location, will need to improve their identity verification methods to ensure regulatory compliance, security, scalable cost and seamless user experiences.
Balancing Fraud and Friction
While it’s logical that a higher number of hurdles for users to clear corresponds to greater fraud deterrence, there’s also a higher likelihood of frustration and abandonment in favor of a competing service. In this balancing act, most businesses lean toward frictionless experiences at the risk of more fraud. While the decision to capture revenue over stopping fraud is not surprising, it could result in greater material risks down the road.
Ninety-six percent of survey respondents share the belief that identity verification can be a competitive differentiator, but the rates by which their businesses execute it vary. Less than half of respondents reported their company takes a strategic approach to identity verification yet achieving a competitive and relative advantage requires a strategic, comprehensive approach that employs multiple smart layers of identity verification. It also requires the dynamic fusion of various verification methods as well as continuous and rapid system optimization based on data feedback loops. This focus on optimization improves user locate rates and approvals for legitimate customers while adjusting controls for always-evolving fraud schemes.
As we round the corner into 2020, the consumer trust gap, continually shifting fraud landscape and increased government-mandated compliance leave business executives with a lot to consider. Future success requires a strategic approach to identity verification that is effective in combatting all types of fraud, fosters a frictionless customer experience, and helps drive compliance and revenue.
To see the rest of the study’s results, download the full report at IDology’s white paper resource center.
 FBI Internet Crime Complaint Center (IC3), 2019