Changing nature of fraud
Detecting and preventing fraud in an always-on world.
There’s no doubt that the pandemic was a major catalyst in businesses shifting towards digital services, but a change of operating methods to online was already in the pipeline – many businesses were already going that way. “It meant that customers were having more direct interactions with the platforms and capabilities in the way they facilitated services,” says Jason Lane-Sellers, LexisNexis Risk Solution’s Director of Fraud and Identity EMEA.
“If you think about an online shopping experience as an example, it’s about how quickly you can get to your desired outcome or data, how quickly you can do things – the one-click fulfilment capability that people want when doing their day-to-day actions.” Lane-Sellers explains how these kinds of instant actions have driven a change in the nature of fraud on a global level where the end-user is targeted instead of a retailer directly by fraudsters. “They’re targeting the consumer and having the consumer manipulate the process online or digitally because it is harder for a digital provider (such as a bank, for example) to validate that a transaction is fraudulent if it is actually the customer that is doing it,” he says.
From targeting an end-user’s lack of knowledge of digital services to ‘get rich quick’ investment scams that are too good to be true, criminals are taking advantage of consumers going online. “In addition to this, people give out personal information freely on social media, which has filtered into how we use digital services. For example, many people happily share passwords to online video streaming services, so the digital user information is not as secure as it should be,” he adds. And with the technological capabilities available today, such as deepfakes, it’s never been easier to facilitate an attack. Lane-Sellers brings up a story that recently made news headlines, where parents received a phone call from their son in trouble and wired money to an unknown account only to find out that the voice was fake. “The criminals managed to do this by capturing 20 seconds of conversation left on his voicemail messaging service,” says Lane-Sellers.
As fraud becomes increasingly complex, Lane-Sellers says it’s never been more important to be able to authenticate and understand who a digital user is. “Not only who a user is, but what they’re doing and what external factors are influencing them in a transaction,” he says. “Basic information such as what device they are using. From what location? This is the standard approach, but you need to add new dynamics. Is there something anomalous in the actual user behaviour or interaction, such as hesitation, process timing or external influences such as remote access or an active phone call?” Detecting and preventing fraud often comes down to aligning these kinds of questions across both digital persona and behavioural biometrics technology. “With scams, this is also where we start to look for the combinations of different external factors.”
Looking for the unobvious
Lane-Sellers says: “From our own analysis, over 60% of access scams – where a person gives control of their computer to someone else – have a phone call occurring at the same time, so if you can detect a call during the transaction, it could be an indication of manipulation. Add this to the fact that they’re taking longer to process a transaction, or hesitating and rechecking data and screens, or paying someone they’ve never paid before, or moving money to a new account… you add all these risk factors together to highlight a scam in progress versus standard behaviour,” he adds, explaining that to prevent fraud, businesses have to factor in external influences, because when it comes to digital user behaviour, traditional approaches and password validation is no longer good enough when it comes to monitoring transactions.
“What we need to think about now is the way that individuals can be manipulated and that data is freely available. A username and password for access is no longer enough to verify a customer, we have to go a little bit deeper and understand a little bit more,” says Lane-Sellers.
For Lane-Sellers, it’s about the technological solution that can be put in place, but also about education. Something as simple as a warning pop-up that comes up during a transaction could help to prevent fraud: “That’s why fraud is shifting – banks are putting in the same controls to monitor card transactions and big-value ticket items, so what’s shifted is how fraudsters think. They’re now looking at what banks are not focused on and, in return, banks need to go a little step further to not only protect their revenue, but to protect the consumer and the reputation of their brand.”