By Brett Petersen, EVP of Sales, GIACT
One of the impacts of the Covid-19 outbreak has been an accelerated movement toward digital forms of payment. And, coupled with this movement, massive opportunities for fraud have also accelerated.
At the outset of the pandemic, as physical storefronts began to temporarily close, consumers rushed to online platforms for goods and services. The rate and volume of this shift has been historic, creating massive backlogs on e-commerce sites and a rush for businesses to move their enterprises online.
Fraud, too, has spiked. Hoping to capitalize on the panic and transition that accompanied the outbreak, fraud operators began to accelerate their attacks. From mass phishing schemes and businesses email compromise, ransomware and malware attacks, to fraudulent account openings, fraudsters spied several opportunities to take advantage of businesses and customers.
The result has been $68 million in pandemic-related fraud losses since the beginning of the year, according to the Federal Trade Commission.
Unfortunately, too many businesses rely on outdated methods to address the business of today — that is, fraud prevention solutions that cannot keep pace with the mass availability of personally identifiable information (PII), the rate of new account openings, and the threat of new, sophisticated identity fraud schemes. This is especially true as businesses scramble to put new processes and platforms into place to facilitate more digital transactions (as in-person transactions fall due to social distancing).
For example, many businesses use static PII, such as credit header data, along with an email or phone number, to verify a customer’s identity. What they don’t do is go one level deeper and investigate the email and phone number itself (e.g., when the email was created, who the phone number is associated with, etc.) or non-traditional data (e.g., social media accounts, etc.) associated with the individual. Doing so may reveal inconsistencies, allowing businesses to spot potentially fraudulent identities.
What is more, businesses that have enrolled new customers online without advanced verification techniques now sit on ticking time bombs. Fraud operators, undetected, will leach off of the business or act like good customers (especially in the case of lending) until they reach a threshold and break out, i.e., max out the potential of a loan, withdraw funds, and disappear.
Given that the rate of enrollment in new online accounts during Covid-19 has been so high, some businesses have lowered the standards required to properly verify incoming identities. This will surely lead to the discovery of fraudulent accounts down the road.
Online enrollment and payment verification, too, needs a ‘new normal’. To scale their online platforms, businesses need to be able to access robust data sets and triangulate information in real-time. Businesses also need to know which pieces of PII are at odds with the identities in question so that they can investigate accordingly, and address the issue using knowledge-based questions and / or out-of-band communications, for example.
If the past six months are any indication of the next six months, the losses resulting from fraud will be too great to ignore. Businesses need to act quickly to shore up their defenses. Doing so will require them to improve their identity verification processes, including the types of data they use and how the data is applied.