Today’s fraudster moves quickly, embraces innovation, is highly motivated, and understands the importance of collaboration with peers. And that’s why these fraudsters are able to constantly probe, exploit, and change up their methods to avoid detection. In fact, it’s their ability to quickly modify techniques and then coordinate their efforts (via the dark web) that allows criminals and even nation states to play and often win a never-ending game of cat and mouse with businesses. According to IDology’s 5th Annual Fraud Report, shifting fraud tactics are the biggest industry challenge to fraud prevention. As legacy identity verification systems mature to spot and prevent mainstream fraud schemes, nimble and savvy criminals rapidly shift their approaches, change domains, and attack anew.
An excellent example of this dynamic is the rapid growth of synthetic identity fraud (SIF), named as one of the fastest-growing consumer fraud schemes by Federal Law Enforcement. It is tied with first-party fraud as the number one form of fraud that industries are least prepared for, with nearly 60% of businesses feeling either “extremely worried” or “very worried” about it, according to data from IDology’s annual research report. SIF schemes, which involve the creation of artificial identities that contain real and fake data, incubate over a long period of time. Since they’re fabricated, they don’t wholly belong to anyone. According to the Federal Trade Commission, SIF costs American businesses $50 billion per year. Many experts believe EMV chip adoption, along with significant amounts of breached identity data, has deflected fraud away from physical counterfeit card fraud and forced criminals to shift to more sophisticated, customer-not-present fraud.
A chief problem with addressing SIF is that, due to its nature, it is difficult to detect and prevent with static, legacy identity verification systems. Thinly stretched fraud departments find themselves tracking down what they believe is traditional identity fraud, only to discover months or even years later that the identity that facilitated the fraud is actually synthetic—if they can make that determination at all, which they often cannot. Frequently, the outcome is that the losses associated with SIF end up misclassified into a company’s general losses. So, while a company may have experienced loss associated with SIF schemes, they’re unable to categorize, measure, and model its impact, and they are unable to make business cases to justify the investment in technology needed to prevent it. Visibility is low, losses continue to grow, and criminals continue to attack with impunity.
Similar to the cooperative agreements that allow for the sharing of military resources and human intelligence related to terrorism amongst the world governments, the sharing fraud-related information amongst companies across different industries through fraud-related consortiums has the potential to make it exponentially harder for fraudsters to steal.
Just as disparate criminal elements create collaborative, businesses need to collaborate in networked communities to learn about and be equipped with the operational flexibility to shift, tweak, and tune their identity-proofing systems to better address changing criminal activity. Point-and-click real-time system changes—without dependency on IT departments or deep levels of customization—are now table stakes to battle today’s innovative and rapidly changing fraud schemes.
Collaboratively sharing fraud data on the front and back ends of transactions in real time, coupled with smart multi-layered identity verification systems that possess sufficient flexibility to respond to ever-changing fraud tactics (including the detection of SIF schemes) has become necessary. These protections mark the difference between “fraud-friendly” companies that serve as personal piggy banks for criminals and companies that have modern and vigorous fraud deterrent systems in place.