Cyberattacks on banks and financial institutions (FIs) are growing in volume, complexity, and speed. According to Forbes, cyberattacks target financial services 300 times more often than other industries. “While the typical American business is attacked 4 million times per year, the typical American financial services firm is attacked a staggering 1 billion times per year,” the business magazine reports.
That is the equivalent of 30 attacks every second. Bearing in mind the velocity, scale, and impact of today’s cyberattacks, let’s review fraud trends and how digital identity verification and risk analytics can help FIs fight back.
Fraud costs companies billions of dollars. LexisNexis estimates that in 2017, the cost of fraud was 1.58% of revenue for retailers, 2.17% of revenue for e-commerce, and 2.39% of revenue for financial service companies. “Every $1 of fraud costs organizations in these industries $2.48 to $2.82,” the company says.
According to Forrester’s Fraud Management Solutions Forecast, 2017 To 2023 (Global), global spending on fraud management solutions is expected to double in the next five years, hitting more than $10 billion by 2023. For FIs, spending on fraud prevention continues to prevent losses from growing at a much faster pace than they otherwise would.
Still, today’s fraudsters are organized, sophisticated, and can quickly pivot to take advantage of new platform, OS, and device weaknesses. Combined with massive data breaches and social engineering, bad actors are more aggressive and quicker to change tactics as directly compared to traditional fraud prevention solutions. As a result, the number of attacks is exponentially growing and outpacing fraud management solution spend.
More Identity Theft
Statistics show that the likelihood of having your identity stolen is higher than you think. Victims of data breaches are even more likely to be affected. According to statistics:
- 16.7 million Americans had their identity stolen in 2017
- 1,579 data breaches exposed 179 million records globally in 2017
- 31.7% of data breach victims experienced identity theft in 2016
As FIs shift to digital channels to better serve customers, it becomes more challenging to verify identities effectively. This is because data breaches expose more and more personally identifiable information (PII), making identity theft easier to perpetrate.
In the notorious Equifax breach, for example, fraudsters exposed the social security numbers, birth dates, and addresses of more than 140 million people. Breaches like this mean that we can no longer rely on credit data and static knowledge-based authentication (KBA) for identity verification.
How Risk Analytics & Digital Identity Verification Combat Fraud
In 2018, data breaches exposed the PII of hundreds of millions of people. Going into 2019, corporate mindsets have to change from “if we get breached” to “when we are breached”. Once we make that shift in mindset, the next step is to recognize that the consequence of data breaches – namely, identity theft exposure – should force a critical look at legacy identity verification processes. After all, using stolen information to open a new account is too easy, because of social engineering; phishing attacks; outdated identity verification processes; and a lack of risk analytics.
According to Forrester, fraudsters tend to be part of organized crime groups. This fraud trend will continue in 2019, with bad actors sharing tools among themselves to further exploit financial institutions. “It’s time consuming for fraud and risk management professionals to continually update fraud models, and it’s increasingly difficult to identify fraud across multiple channels, including mobile,” Forrester says.
A rules-based system alone can no longer keep up. To stay ahead, FIs need a fraud detection solution that leverages AI through supervised and unsupervised machine learning. Machine learning allows organizations to analyze data with context across devices, applications, and transactions, and requires very little manual input.
Machine learning algorithms analyze transaction data and only flag suspicious transactions with higher risk scores. This risk-based analytics approach can detect complex patterns that are difficult for analysts to identify, and better detect new and emerging fraud.
Digital Identity Verification
Financial institutions have traditionally depended on credit bureaus for identity verification. One big problem with this approach is the static nature of personal information. If the PII has been stolen or compromised, bad actors will be able to use it to open a new account. After all, the personal information on the new application is the same as the information the credit bureau has on file.
FIs can no longer depend on verifying a user’s identity based on static data from credit bureaus. Fraud departments need to be aware that this outdated approach is no longer an acceptable form of identity verification. Otherwise, organizations will continue to fall victim to new account fraud and application fraud for years to come.
Bringing It All Together
Organizations that rely only on credit data and static KBA solutions for identity verification will continue to provide a lengthy, rigid, and intrusive customer onboarding or new account creation experience. This risks motivating customers to switch to other financial institutions that can provide a faster, easier experience.
By combining modern identity verification solutions with risk analytics, organizations can achieve a context-aware identity verification solution. A context-aware solution enables real-time security decisions based on the total risk associated with a new customer. With the latest solutions, organizations can now review and analyze multiple pieces of information from different sources and across multiple digital channels (e.g., web, online, branch, and call center), to better manage their risk of fraud – especially for remote, faceless transactions.
Context-aware identity verification solutions use a variety of checks that include:
- Links to credit bureaus, such as Equifax, TransUnion, Experian
- Financial institution account checking
- Anti-money laundering screening
- ID document capture and biometric verification
- Risk analytics
With a context-aware identity verification solution, FIs can dramatically reduce fraud and drive top-line growth, while providing the best user experience possible for new digital account openings.