by Christina Luttrell
With the customer, not present identity fraud becoming an increasingly prevalent issue, major shifts in the fraud landscape have had far-reaching effects across multiple industries. Businesses are feeling the pressure to successfully fight fraud by employing greater preventative measures, while at the same time maintaining a positive experience for customers.
For the past five years, the team at IDology has surveyed fraud and cybersecurity professionals across a variety of industries, enabling us to provide useful insights and report on current fraud trends. This year, our research validated a sharp rise in companies reporting an increase in fraud—a 58 percent jump over 2016, some of which can be explained by the substantial amount of high-profile breaches that have flooded the dark web with the personal identity information of millions of Americans.
This may also be attributed to the swiftly growing number of synthetic identity fraud cases, which was ranked highest by respondents as the category of fraud that their industry is least prepared for. We also discovered an increase in customer-not-present fraud, caused by the ripple effect of EMV chip adoption, which continues to push thieves to shift their focus and fraudulent activity online and away from a physical point of sale retail locations.
And notably, as the fraudulent activity is increasing, so is the need to reduce friction in customer interactions, especially onboarding new customers. Nearly half of the companies we surveyed listed a seamless, effortless user experience as a top priority and key competitive differentiator in today’s marketplace.
A Closer Look
Synthetic Identity Fraud. Major breaches have provided criminals with more identity data to utilize as they constantly shift strategies to evade detection. They’re using more sophisticated schemes that are harder to detect, such as synthetic identity fraud (SIF). SIF is a combination of real and fabricated information that criminals use to create a new identity, which is then used to open accounts, gain credit and then “bust out” of accounts with fraud. SIF cemented a sizable footprint in this year’s survey, with 31 percent of businesses confirming its increase and 58 percent sharing that they are “extremely” or “very” worried about it. In particular, 50 percent of financial institutions reported that SIF is widely prevalent, compared to 38 percent across all industries, making financial services the hardest hit.
Social Engineering in Call Centers. While widespread adoption of EMV chips on credit and debit cards boosted transaction security in retail POS locations, billions of dollars in counterfeit card fraud are being redirected to more vulnerable channels such as the call center. In the last 12 months, call center fraud levels increased for 40 percent of businesses surveyed.
Call centers are an ideal target, particularly for account takeover activities. Caller ID spoofing, which occurs when a fraudster calls into a contact center and appears to be calling from the victim’s number makes this especially easy for criminals. By nature, customer service agents are helpful and in the business to make and keep customers happy. In doing so, they can unknowingly give up small bits of personal information that can lead to future fraud. Preying on this weakness, fraudsters attempt to trick or “socially engineer” unsuspecting agents into sharing information. This was reported as the most prevalent type of fraud by 69 percent of survey respondents.
A Balancing Act
IDology’s Fifth Annual Fraud Report confirms that fraud is growing in prevalence, methodologies, and sophistication, and challenging businesses to approach identity verification in new ways. However, increasing fraud prevention measures should not come at the expense of providing a slower or more frustrating experience for legitimate customers. In call centers, this includes preventing social engineering before it happens by employing big data innovation such as technology that accesses mobile network operating data in real time to determine the legitimacy of the caller’s device and phone number. By checking the validity of the mobile number and call status in real-time, genuine customers can be greenlighted to the call center for assistance while suspect calls can be routed to fraud specialists.
The threat of synthetic identity fraud demands an intelligent, multi-layered approach that pulls together an array of location, activity, device, digital and other identity attributes to validate customers. Another key layer of defense is sharing data across industries and companies through a fraud network that gives security experts insight into trends and evolving, well-developed scams. Emerging technology and collaborative networks must continually evolve to stay ahead of fraudsters while ensuring that legitimate customers have a secure, fast and positive experience.
About the Author