On February 24, SME Banking Club, together with LexisNexis Risk Solutions (United Kingdom), organized a webinar on the topic of “How to address various fraud trends while optimizing customer journey”, with the purpose to discuss how to detect and prevent the increasing number of fraud with the customer journey in mind.
This article is prepared, based on Kate Dunckley’s presentation. She noted at the beginning that during the COVID pandemic, the level of payment fraud significantly increased. It is important to consider that estimated global e-commerce losses related to online payment fraud in 2021 are US $20 billion, which shows an increase of 14% compared to 2020. That is why the steps to fight online banking fraud must be taken on a global scale.
The main types of this kind of fraud are the following:
- Account opening fraud
- Account takeover
- Scam detection
- RAT detection
- BOT attacks
- Malware defense
- Card-not-present fraud
- 1st party fraud.
Kate Dunckley undrlined the main elements that are used to fight application fraud, namely: usage of local data, global data, synthetic IDs, as well as biometrics.
Now, let’s consider several of them in detail.
New Account Opening Fraud
How to detect it?
- Review the data captured during the application:
- Has the device committed fraud against you before?
- Has the same phone number been attached to many applications?
- Is the location high-risk?
- Was the application made from a location close to their home address?
- Have you seen the email before?
- Strengthen your decision by leveraging global networked reputational and associated data:
- Understand what each data point has done elsewhere in the network
- Has the device committed fraud elsewhere?
- What is the age of the email address?
- Has the user made recent applications elsewhere?
- Onboard good users without friction
- Combine the strength of both local and global data sets to accurately identify synthetic identities:
- Is the device, email, and phone number all brand new?
- Have the data points been used together anywhere before?
- Is the digital identity identifier brand new?
- Layer behavioral biometrics to further improve decision making:
- High page familiarity
- Low data familiarity
- Use of keyboard shortcuts
- Pasting key data
- Slow personal data entry
Account Takeover Fraud
Contextualized user profiles make behavioral anomalies simple to detect and prevent.
- It always starts with data compromise:
- Data breaches
- Vishing / social engineering
- Key logging malware
- Internal staff members
- Phishing emails
2. Often, only partial login credentials are compromised. This forces the fraudster to complete additional steps such as password resets:
- New device for the user?
- One device, many resets?
- Recent successful login?
- Use of paste function?
- Previous confirmed fraud on device?
3. Reconnaissance sessions – what can the fraudster learn about their victim:
- New location?
- Proximity to home address?
- Proxy / VPN?
- Banking industry device reputation?
- Correlation with user’s usual login habits?
4. Details change – Enable 2FA later in the journey, increasing the fraudsters’ chances of successfully monetizing:
- When were the last details changed?
- Has the same data been added to several accounts?
- Is the phone number a known bad entity?
- Usual channel preference – e.g., web vs mobile
5. Beneficiary creation and payment – Use the intelligence and context captured, along with additional data from the payment event itself, to make the smartest possible fraud decision:
- Latency between creation and payment
- Known mule beneficiary
- Who else has paid the beneficiary – local & global?
- Biometrics – timing, gestures, etc.
Interested to learn more? Watch full webinar recording below: