You do not have to look hard to realize that fraud plays an important role in our modern world. From blockbuster movies to newspaper headlines, both imagined and real, fraud occupies a prominent seat in contemporary society. As we move more of our daily lives online, it comes as no surprise that fraud has evolved and changed in response.
Fraud can be defined as an “intentionally deceptive action designed to provide the perpetrator with an unlawful gain, or to deny a right to a victim.” For almost all of human history, humans have been fraudulently cheating one another to get ahead. One of the earliest documented laws against fraud can be traced back to as early as 1760 BCE, however it almost certainly existed well before then.
Over time, fraudsters have adapted to local circumstances, and taken advantage of modern technologies and techniques to stay ahead. Thirty years ago, fraud looked completely different than it does today. The invention of the internet and the subsequent digital revolution has led to an extraordinary shift in the scope of fraud. Today, fraud impacts a variety of industries (finance, real estate, investment, insurance), exists in the sale of property (land, personal property, art, stocks, bonds), can occur through the falsification of documents, forgery or counterfeiting, and can be committed through a variety of media outlets (mail, phone, Internet, etc.). Fraudsters can work alone, in groups or as whole businesses.
For the purposes of this article, we will focus on financial and banking fraud, which has exploded since the advent of the internet, costing worldwide financial institutions billions of dollars annually. Global losses due to card fraud alone, cost almost $23 billion in 2016, and could reach $44 billion by 2025. In another example, a large-scale and well-organized fraud ring created over 7,000 synthetic IDs and 25,000 fake credit cards, costing banks over $200 million.
Although banks have always been confronted with having to address the loss of revenue due to fraudulent activities, they currently face immense challenges in effectively addressing systematic digital fraud, especially when they have to work with the remnants of old legacy systems. As technology advances and international financial systems grow more complex, so do the types of fraud that take advantage of the system.
As banking transactions have shifted onto more digital and mobile platforms, new forms of card and payment fraud have emerged to take advantage of the system. Card fraud is a type of financial fraud that happens during transactions involving a credit or debit card. Normally, there are two ways in which card fraud occurs: when the card is present (when the fraud is perpetrated with the card being physically present during the transaction i.e. counterfeit cards) or when the card is not present (when the card is not actually presented during the transaction i.e. online or over the phone transactions).
Payment fraud: The many ways it can occur
Payment fraud can occur in a variety of ways.
For example, identity theft (when a fraudster steals and assumes another person’s identity in order to make fraudulent transactions), synthetic identity fraud (creating an account using fake or a combination of fragmented pieces of stolen identity credentials), card skimming (when cardholder information is stolen through a device called a skimmer), or account takeovers (when a fraudster gains access to an already existing account and takes it over).
Another form of payment fraud is friendly fraud (when disputed charges come from actual cardholders). Fraudsters can also use phishing (emails or fake companies which convince people to hand over personal information) to gain access to authentication information, later used in fraudulent transactions. Card and payment fraud are prevalent problems in our society, and as banks and customers move more and more of their transactions to cards and online-based payment services, security measures must increase to respond and try to prevent these and other types of fraud from happening.
Addressing fraud without harming the customer experience
There are several ways that banks can try to address card and payment fraud in ways that do not irritate their customers with additional cumbersome security measures. When done correctly, these methods can improve the overall experience of the customer while simultaneously preventing fraud.
Several examples of modern technological developments aimed at improving fraud prevention and response techniques include:
Continuous authentication and behavioral biometrics
Instead of only authenticating users at the point of logging into an account, systems continuously monitor accounts and verify that users are not behaving strangely. One way of conceptualizing how continuous authentication might work is through a scoring system “which measures how certain it is that the account owner is also the one using the device.”
When the score is too low, the system asks for additional proof of who is trying to make the transaction before allowing it to go through. One way in which this can be measured is through behavioral biometrics, or “by measuring everything from how the user holds the phone or how they swipe the screen, to which keyboard or gestural shortcuts they use, software algorithms build a unique user profile, which can then be used to confirm the user’s identity on subsequent interactions.”
It can also be used for “post-transaction forensic analysis to support fraud investigations.” Other examples of these technologies include facial recognition and fingerprint readers.
Companies that offer this kind of solution:
- BehavioSec: Delivers enterprise-grade Behavioral Biometrics as a Service (BBaaS) to combat online fraud.
- ID R&D: Science-driven, frictionless biometrics that bring natural UX and high security to mobile login, continuous ID, and conversational interface.
This is a fraud prevention concept that uses emerging technologies to forecast and prevent fraud through data analysis. Some examples of this include “predictive detection, encompassing user authentication (e.g., determining whether the transacting party is, in fact, a customer), customer due diligence (e.g., low/high-risk fraud profiling as a factor in exception decisioning), transaction risk (e.g., whether hallmarks of fraud are present in the context of other transactions for the account, customer, and household).... Enhanced internal process efficiency, such as capacity forecasting and providing analysts with context detailing the reasons a transaction failed an initial screen… Automated fraud triage and other robotic process automation (RPA).”
Another example of how advanced analytics can be used to address cases of fraud is through the use of third-party data. By “drawing on alternative data sources—such as social media, phone usage data, and purchasing history—or using information about a customer’s location and device type to help validate the authenticity of a transaction.“
Companies that offer this kind of solution:
- BigID: BigID is a data-driven protection and privacy and compliance platform designed to transform how enterprises protect and govern personal and private data.
Application Fraud Prevention
“One of the key challenges with application fraud is separating credit risk underwriting from fraud. Traditional credit scoring models are typically poor at identifying fraud, especially where the fraudster imitates a good credit customer…. Fraud managers have acknowledged that legacy systems don’t help with identifying the vast majority of application fraud.” The solution to these issues is to join “data together in an intelligent way and using that holistic view for risk assessment maximizes the opportunity to identify fraud patterns and other suspect behavior.”
Companies that offer this kind of solution:
- IDEE: A software company providing strong authentication and blockchain identity built on PKC, blockchain technology, and the user’s phone.
Although fraud is a major problem facing banks today, there are some possible solutions out there that work to address the issues.
As technology advances, banks will have more and more resources that develop in order to help them battle fraudsters. However, if banks hope to really have a shot at bringing down fraud in their organizations, they will have to mobilize and coordinate across all internal functions and levels.
The fact is, that banks face many more threats than just fraudsters. Cybersecurity concerns have grown to the top of the list when it comes to priorities for most financial institutions. From malicious hacking to the Internet of Things, cybersecurity is an important topic in the rapidly digitizing modern world. Find out more about the main trends going on in cybersecurity on our blog.
At Plug and Play's Cybersecurity accelerator we are in touch with corporations and startups that are changing the world as we know it. Join our platform today.