Identity fraud constantly challenges not only credit unions, butall financial institutions globally. Over the past six years,cybercriminals stole $112 billion or $35,600 every minute. Theoutlook gets worse.

An IBM blog report, “Massive Identity Data Exposure Leads toRising Tides of New Account Fraud – What's Next?” revealed addingto the challenge are major data breaches, which resulted in a floodof personally identifiable information, such as names, addresses,Social Security Numbers, birthdays and more have added to the darkweb.

This enables cybercriminals to catfish people's identities,making it harder for financial institutions to detect new account fraud in its early stages. And, ascredit unions and banks continue to expand services online, newcustomers are arriving, but not all are legitimate: In 2016,identity fraud hit a record high with 15.4 million victims in theU.S. alone, up 16% from 2015.

“The challenge online service providers face nowadays is notonly an increase in NAF, but also in NAF's sophistication and thedifficulty to detect it in its early stages due to the moreconvincing nature of the elaborate data sets being used bycriminals to open new accounts,” Limor Kessem, Global ExecutiveSecurity Advisor, IBM Security, said in a blog. He added, detectionincreased when 41% of NAF uses real identities, with the correctinformation.

On October 31, IBM Security announced a new Trusteer offer tohelp financial institutions better identify and stop cybercriminalsfrom opening fraudulent accounts by detecting and predict the riskof fraudulent intent.

Financial online fraud and the fuels that feedit have been growing steadily in the past decade, resulting inlosses to financial institutions, businesses, and individuals,especially with cases of new account fraud, or NAF.

According to Javelin Strategy & Research, there was $112billion stolen globally through fraudulent means between 2009 and2015, equating to $35,600 lost every minute. In 2016, identityfraud hit a record high with 15.4 million victims in the U.S.alone, up 16 percent from 2015. Javelin predicted that NAF willrise as much as 44 percent by 2018 in the U.S., increasing lossesfrom $5 billion to $8 billion in just four years.

Cybercriminals continue to target PII and personal healthinformation because they represent lucrative targets. Matchingdifferent sets of PII with their financial information, likepayment card data or account credentials, can enable criminals tocompromise identities.

The common ways for cybercriminals to obtain personal detailsare through phishing attacks, information stealing malware,keyloggers, and data breaches from different sources. Kessempointed out, “But data can be lost or stolen in other ways, due tooversight or physical theft. Even the over-sharing of personalinformation on social media has become a source of personal andidentifying data for fraudsters, as are obtaining credit reports onpotential victims, buying background checks, or scouring genealogysites for extra information.”

The typical uses for the stolen data is basic financial fraud,involving the illicit use of payment card data or bank accountdetails, but also cases of NAF, which have been continually growingand expanding.

After opening a new fraudulent account, fraudsters willtypically wait and let the account lay dormant for an average of 30days before they make a significant withdrawal. The eventualfraudulent transaction is likely to take place within the first 90days of the account's creation.

Kessem noted an effective detection process should rely on a fewfactors: user parameter validation, fraud evidence collection, andearly account activity monitoring

Some typical actions fraudsters take: depositing small cashamounts to the account, using forged checks to increase the accountbalance, and making withdrawals soon after funds becomeavailable.

“Post-creation monitoring of new accounts during that criticalperiod is important in order to help identify the tell-tale signsof a suspicious account that made it through the enrollment, thepossible use of mule accounts, and flagging known fraud patternsthat can expose a loss in the making.” Kessem stated.