Undetected Acquisition Fraud and Existing Account Fraud Present High-Value Targets
You’ve shored up your fraud defenses when it comes to screening new members, but no product or process is 100 percent “fraud-proof.” So why and how should you protect yourself from the ones that get through your process?
These days, there are myriad ways for criminals to steal someone’s identity: malware, phishing, smishing, social engineering and even old-fashioned dumpster diving, to name but a few. Even the best fraud protection systems find it a challenge to catch fraud at acquisition when the criminal has all of the victim’s personal details or, even worse, a copy of the victim’s credit report.
Although fraud investment and operational focus at the point of application are relatively high, the recent FFIEC Supplement to Authentication in an Internet Banking Environment pointed out that, since 2005, there have been significant changes in the threat landscape for financial institutions. In addition, with the greater threats come concerns that the customer authentication methods and controls implemented in compliance with the FFIEC’s original guidance from 2005 have become less effective.
As a matter of common practice, credit unions now consistently authenticate new members to ensure that they are truly who they say they are and that no identity thieves get through. Inevitably, some do. Combine these potential fraud losses with those from existing account fraud (i.e., account takeover and identity theft), and the numbers are staggering.
According to Javelin Strategy & Research, $17 billion in identity fraud occurred last year in the United States on accounts opened using stolen identities. In addition, they estimated another $20 billion in fraud losses associated with existing accounts. Speaking of account takeovers of member accounts, the online environment is particularly vulnerable. The recent FFIEC Supplement cites that fraudsters are responsible for losses of hundreds of millions of dollars resulting from online account takeovers and unauthorized funds transfers.
Given the trend toward reduced or zero liability for consumer victims of fraud, even with debit cards, the cost burden for credit unions continues to grow. The good news is that newer technologies, data sources and scoring approaches now make it possible to identify fraud risk in the “early life” of a new member account.
Data and analytics designed to assess the risk of a newly opened account, as well as the risk of account takeover or compromise of existing accounts, can be useful weapons in the fight against post acquisition fraud. Risk associated with an account and identity often may be different just days later than it was when the account was opened, or a higher level of risk was present at the time of account opening but was less “detectable” given that less information about those identity activities was available at the time.
Taking a score-based or analytical approach to early-life and existing account fraud management can help credit unions:
- Quickly detect fraud and lower their average fraud losses per account. Predictive scores generally outperform more binary rules and checks associated with transactions and identity element verification.
- Improve operational efficiency by allocating the finite amount of resources at a credit union to truly high-risk accounts while leaving lower-risk accounts to continue transacting without disruption.
- Reduce costs by employing lower-cost automated scores versus higher-cost documentary reviews and phone interactions with members.
- Maintain member satisfaction as a result of less intrusion and interruption of service unless truly warranted by a risk of fraud.
According to George Tubin, senior research director at TowerGroup, manually reviewing accounts to detect fraud can be time-consuming and resource-intensive, especially for organizations with limited resources.
Credit unions should seek out products and services that automate the review process to help reviewers identify high-risk accounts more quickly and accurately with fewer false positives. This leads to improved productivity, higher customer service levels and faster return on investment.
As the dust settles from recent economic challenges, credit unions may now be expanding their addressable markets more aggressively, loosening credit policies, and adding new member access channels via online services and mobile applications. Incorporated use of these access points quite often outpaces the implementation of appropriate cyber security and identity risk prevention strategies.
For a stakeholder in a credit union — or any financial institution, for that matter — it is imperative that strategic energies be as focused on risk management of early-life and existing accounts as they are on application processing and screening. In doing so, credit unions will find opportunity in maintaining happy members while mitigating fraud losses at all points in the customer life cycle.
Keir Breitenfeld is a senior director of product management and marketing for Experian’s Decision Analytics business unit.