We’ve officially made it into a brand-new decade, and for those of us in the online fraud sphere, that means a host of new (and recurring) concerns. The overarching truth is that fraud isn’t disappearing—or even slowing down—any time soon.
So what should we expect in terms of fraud at the dawn of this new decade? Take a look at our five expert predictions.
Data breaches, hacks, and instances of identity theft will not diminish in 2020. At some point, however, there will be a breaking point for consumers who are sick and tired of these issues happening over and over again.
This tipping point is a clear sign that we all need better, stronger, and more accurate identities. And in an ideal world, an identity could be created, maintained, and controlled by its true owner. In this respect, California and its new consumer data privacy legislation, the California Consumer Privacy Act (CCPA), are leading the way.
CCPA grants California residents unprecedented rights regarding their data and how companies use it. Under CCPA, Californians can:
Why is CCPA so important? The US does not currently have a modern digital consumer data privacy law; CCPA is as close as we get right now, and on paper, it applies only to residents of California.
But because several major companies (Microsoft included) have elected to extend CCPA rights to all of their customers, regardless of state of residence, most experts in the fraud prevention industry predict that the remaining 49 states will soon follow California’s lead.
Financial service providers, credit reporting agencies, and unscrupulous credit repair companies all contribute to the perpetuation of SIF. Unfortunately, SIF is extraordinarily difficult to track and prevent.
To make matters more complex, the reality is that while a fraudster is nurturing a synthetic identity, banks and credit unions are sometimes in a position to make a profit on those accounts. In fact, financial institutions may be completely unaware of the fraud until the perpetrator decides that he or she has fostered an identity to a sufficient point and “busts out,” leaving the bank holding the bag.
Credit bureaus aren’t able to step in to stop SIF because of regulations that govern the data sources they can and cannot use. A credit bureau can’t decide to reject a certain piece of data during a loan approval or similar process based on type or data source. Until systemic changes occur in both the financial services and regulatory spheres, we can expect synthetic identity fraud to grow.
Fully automated underwriting and loan origination is no longer a far-fetched idea from the future. We get closer to completely hands-off processes virtually every day. While these technological improvements make things easier in some ways, they do open lenders and bankers to the growing threat of loss due to application fraud.
This type of fraud typically looks like a loan application, for instance, that is based on false data. The false data most commonly reported is the applicant’s income and other important consumer data. Fraudsters will recycle and misrepresent this information in an attempt to beat lender verification processes.
In a case of account takeover fraud, a criminal will gain access to a bank account, credit card, or other financial resource. This form of fraud is particularly devastating to victims, and it’s typically committed using login credentials the criminal purchased online following a large-scale hack or data breach.
In recent years, however, account takeover fraud has been largely committed via SIM swapping. According to Javelin’s 2019 Identity Fraud Study, in fact, mobile account takeover grew 100 percent from 2017 to 2018, and there are no signs that it is slowing down.
This shift to SIM swapping (also referred to as mobile account takeover) is a clear indicator of the ease with which criminals can commit fraud with such seemingly innocuous information as a phone number. Mobile phone numbers are ubiquitous today, and because most Americans don’t associate their mobile phone number with their identity, almost none of us think twice about writing that number down on forms, including it in our email signatures, and posting it online.
Multi-factor authentication is an essential safeguard against mobile account takeover fraud; financial service providers that rely on outdated one-time passcode technology for two-factor authentication are at risk of failing to protect their customers and losing brand trust.
Fighting fraud is a lot like playing a never-ending game of whack-a-mole. And because effectively deterring fraud and staying ahead of criminals is a full-time job, credit risk analysts and executives will be in increasing demand this year.
Professionals in these positions play a vital role in protecting financial service providers from potential losses; they also create ways for businesses to sell faster and with less friction as well as expand market share while managing the risk involved in doing so.
Fraud isn’t likely to disappear any time soon, so while it’s important to acknowledge the forward strides the online security and fraud prevention industries have made, we can’t afford to let our guard down.
California’s groundbreaking regulations have successfully brought consumer data privacy into the collective American consciousness, but they do open up a new window for fraudsters to collect important personal data. Existing fraud types, particularly ones that are lucrative and relatively simple to commit, will continue to grow in popularity.
In the face of these predictions, it’s important to look to the experts for help. Risk and fraud analysts and executives stay on top of cutting-edge technology to keep businesses and individuals safe, prevent devastating revenue loss, and safeguard customer trust and loyalty.
Vigilance and a healthy bias toward “better safe than sorry” will keep businesses secure and compliant as we settle into this new decade.