Fraud & Identity Management
52 percent of banks report high levels of concern about fraud, making fraud detection in banking top-of-mind. Banking fraud prevention can seem daunting, but with the proper tools, banks, credit unions, fintechs, and other financial institutions can frustrate and root out fraudsters while maintaining a positive experience for good customers. What is banking fraud? Banking fraud is a type of financial crime that uses illegal means to obtain money, assets, or other property owned or held by a bank, other financial institution, or customers of the bank. This type of fraud can be difficult to detect when misclassified as credit risk or written off as a loss rather than investigated and prevented in the future. Fraud that impacts financial institutions consists of small-scale one-off events or larger efforts perpetrated by fraud rings. Not long ago, many of the techniques utilized by fraudsters required in-person or phone-based activities. Now, many of these activities are online, making it easier for fraudsters to disguise their intent and perpetrate multiple attacks at once or in sequence. Banking fraud can include: Identity theft: When a bad actor steals a consumer’s personal information and uses it to take money, open credit accounts, make purchases, and more. Check fraud: This type of fraud occurs when a fraudster writes a bad check, forges information, or steals and alters someone else’s check. Credit card fraud: A form of identity theft where a bad actor makes purchases or gets a cash advance in the name of an unsuspecting consumer. The fraudster may takeover an existing account by gaining access to account numbers online, steal a physical card, or open a new account in someone else’s name. Phishing: These malicious efforts allow scammers to steal personal and account information through use of email, or in the case of smishing, through text messages. The fraudster often sends a link to the consumer that looks legitimate but is designed to steal login information, personally identifiable information, and more. Direct deposit account fraud: Also known as DDA fraud, criminals monetize stolen information to open new accounts and divert funds from payroll, assistance programs, and more. Unfortunately, this type of fraud doesn’t just lead to lost funds – it also exposes consumer data, impacts banks’ reputations, and has larger implications for the financial system. Today, top concerns for banks include authorized push or wire transfer payment fraud, transactional fraud. Also, 33 percent of businesses encountered account takeover, first-party fraud, third-party fraud, and synthetic identity fraud last year. Without the proper detection and prevention techniques, it’s difficult for banks to keep fraudsters perpetrating these schemes out. What is banking fraud prevention? Detecting and preventing banking fraud consists of a set of techniques and tasks that help protect customers, assets and systems from those with malicious intent. Risk management solutions for banks identify fraudulent access attempts, suspicious transfer requests, signs of false identities, and more. The financial industry is constantly evolving, and so are fraudsters. As a result, it’s important for organizations to stay ahead of the curve by investing in new fraud prevention technologies. Depending on the size and sophistication of your institution, the tools and techniques that comprise your banking fraud prevention solutions may look different. However, every strategy should include multiple layers of friction designed to trip up fraudsters enough to abandon their efforts, and include flags for suspicious activity and other indicators that a user or transaction requires further scrutiny. Some of the emerging trends in banking fraud prevention include: Use of artificial intelligence (AI) and machine learning (ML). While these technologies aren’t new, they are finding footing across industries as they can be used to identify patterns consistent with fraudulent activity – some of which are difficult or time-consuming to detect with traditional methods. Behavioral analytics and biometrics. By noting standard customer behaviors — e.g., which devices they use and when — and how they use those devices — looking for markers of human behavior vs. bot or fraud ring activity — organizations can flag riskier users for additional authentication and verification. Leveraging additional data sources. By looking beyond standard credit reports when opening credit accounts, organizations can better detect signs of identity theft, synthetic identities, and even potential first-party fraud. With real-time fraud detection tools in place, financial institutions can more easily identify good consumers and allow them to complete their requests while applying the right amount and type of friction to detect and prevent fraud. How to prevent and detect banking fraud In order to be successful in the fight against fraud and keep yourself and your customers safe, financial institutions of all sizes and types must: Balance risk mitigation with the customer experience Ensure seamless interactions across platforms for known consumers who present little to no risk Leverage proper identity resolution and verification tools Recognize good consumers and apply the proper fraud mitigation techniques to riskier scenarios With Experian’s interconnected approach to fraud detection in banking, incorporating data, analytics, fraud risk scores, device intelligence, and more, you can track and assess various activities and determine where additional authentication, friction, or human intervention is required. Learn more
Experian's identity and fraud report explores the evolving fraud landscape and influence on identity, the consumer experience, and business strategies.
By leveraging an array of tools and technologies, businesses can tailor their fraud prevention strategies to suit the specific needs of their customers.
With an ever-present need for efficiency, security, and seamless citizen services, many agencies are looking at the benefits of a data-driven government. Last year, the federal government kicked off a unified effort to enable data-driven decision making. The goal at that level – and across all agencies – is to serve citizens more efficiently and effectively. By embracing the power of data and analytics, agencies of all sizes can set themselves up to better serve their citizens. What is a data-driven government? Agencies collect citizen data from a variety of service-based sources, including the Postal Service, Census Bureau, social welfare departments, and agencies that issue government IDs. When properly leveraged, this data holds many possibilities. However, many agencies face challenges when it comes to efficient collection, sharing, usage, integrity, and accessibility. Due to the amount of data collected and the potential lack of consistency in the collection and storage techniques, the data may not be usable. Without proper management and analysis, there’s little government agencies can do with their data to improve their processes. A data-driven government has well-managed data and uses that data to drive their decisions as they relate to citizen requests for benefits, tax collection, elections, and more. What are the benefits of data-driven decision making? Data management and government data analytics enable agencies to react quickly to citizen demands and concerns and proactively anticipate an issue before it becomes a crisis. With the right tools, agencies can gain a holistic view of their citizens, communicate effectively internally, provide digitally-driven services and improve overall efficiency through government-wide data integration and management. These changes have a wide range of benefits, including reduction of cost, fraud, waste and abuse, the automation of manual processes, and better service delivery. Why is a data-driven strategy required? In addition to the benefits listed above, a data-driven strategy also helps agencies align with published NIST guidelines and the need to monitor, evaluate, and maintain digital identity systems. Proper use of data-driven digital identity strategies will enhance equity and the usability of the solutions agencies provide to their citizens. Building an effective data-driven strategy The right strategy starts with ensuring that all departments about the need for proper data management and analytics and the guidelines that will govern it, such as maintaining up-to-date data, removing silos, and leveraging the right tools. The next step is finding the right partner. An effective partner can help agencies develop and maintain data management systems and implement the right tools and analytics – things like machine learning in government – to help each agency function efficiently and safeguard the data of its citizens. To learn how Experian can help your agency improve its use of data, visit us or request a call. Visit us
CrossCore named Overall Leader, Product Leader in Fraud Reduction Intelligence Platforms, Innovation Leader and Market Leader in Fraud Reduction..
Explore what identity resolution for credit marketing is and how it enables lenders to create more cohesive and personalized customer interactions.
Jennifer Schulz, CEO of Experian, North America kicked off Experian’s annual Vision conference Tuesday morning pointing to data, analytics, technology and collective curiosity as the drivers for change and a more impactful tomorrow to more than 700 attendees. Keynote speaker: Jennifer Bailey Jennifer Bailey, Vice President of Apple Pay and Apple Wallet, spoke about the customer experience “ethos.” She explained how Apple takes a long-term view and values the single most important performance metric as customer experience. She said creating a seamless customer experience comes down to making things simple and understandable, and asking, “Are we solving a customer problem?” and “How are we making it easier for customers to enjoy and liver their lives. Bailey, who said of all apps she uses the weather app the most, also talked about innovation, and that both intent and making mistakes are important parts of the process. Apple’s products are known for their user-friendliness, and design is part of that. She encouraged the audience to give design teams room to create without bottom line pressures and not to be afraid to take well-considered risks. Keynote Speaker: Gary Cohn Gary Cohn, Vice Chairman of IBM, talked about the current economic climate, and while it’s a natural viewpoint to look to the past for guidance, the current environment is unlike any before. Cohn discussed regulatory compliance in the banking industry and prioritizing safety and soundness. While AI is topical and in numerous headlines recently, Cohn reminded the conference goers that AI isn’t new. He said what is new and important is that you can now teach models to find the information needed rather than having to feed all the information yourself. He believes AI is not the end of employment, but rather helps boost productivity, efficiency, and job satisfaction and provides organizations more data. As for advice for the audience, Cohn shared opportunities are in the uncomfortable zones and you have to be willing to fail in order to succeed. Session highlights – Day 1 The conference hall was buzzing with conversations, discussions and thought leadership. Overall themes that were frequently part of the conversation included seamless customer experiences, agility in face of economic changes and leveraging AI/ML into strategies. Fraud automation and preventing commercial fraud More businesses are opening than ever before and lenders and service providers need a way to determine risk from businesses who are less than a year old. There is no one-size-fits-all approach to fraud. A layered solution assesses risk and applies the correct friction to resolve the risk and pass or refer the applicant. Identity Today’s consumer wants a personalized experience and is privacy conscious. Additionally, regulators are also pushing for greater privacy. Clean rooms allow you and a partner to add data to a safe space and learn more about consumers without exposing data. The right data improves acquisition rates, identity verification and allows you to anticipate customer needs. Advanced scoring Data, models and strategy are the levers institutions are using to leverage responsible analytics to meet their objectives like safely growing existing portfolios, managing the “right” level of risk, and providing a seamless digital experience. However, the total value of a decisioning system is almost always constrained by its most rudimentary component. The panel of experts discussed their uses and goals for leveraging models and customer experience was at the top of their priorities. Recession preparedness Delinquency is on the rise and lending offers made continue to drop. Changes in the economic climate require frequent monitoring of portfolio and decisions, benchmarking against peers, updating credit models and decision strategies, and stress testing portfolio and models. Trends in credit risk management While AI at the hands of everyone is topical today, it ranked lowest on the list of trends attendees believed were impacting their business. At the top of the list? The growing demand for simpler, faster and seamless experiences. More insights from Vision to come. Follow @ExperianVision and @ExperianInsights to see more of the action.
As organizations look for ways to keep themselves and the consumers they serve safe in the digital era, many turn to fraud risk mitigation.
What Is Identity Proofing? Identity proofing, authentication and management are becoming increasingly complex and essential aspects of running a successful enterprise. Organizations need to get identity right if they want to comply with regulatory requirements and combat fraud. It's also becoming table stakes for making your customers feel safe and recognized. Nearly 75 percent of consumers expect businesses to protect them online, and 70 percent say it's important for businesses they frequently deal with to identify them across visits.1 Identify proofing is the process organizations use to collect, validate and verify information about someone. There are two goals — to confirm that the identity is real (i.e., it's not a synthetic identity) and to confirm that the person presenting the identity is its true owner. The identity proofing process also relates to and may overlap with other aspects of identity management. Identity proofing vs identity authentication Identity proofing generally takes place during the acquisition or origination stages of the customer lifecycle — before someone creates an account or signs up for a service. Identity authentication is the ongoing process of re-checking someone's identity or verifying that they have the authorization to make a request, such as when they're logging into an account or trying to make a large transaction. READ: Leveraging Artificial Intelligence to Optimize Digital Identity Strategies How does identity proofing work? The National Institute of Standards and Technology (NIST) Special Publication 800-63-3, Digital Identity Guidelines, has an overview of the three stages of the identity proofing process: Resolution: The goal of the first step is to accurately identify the single, unique individual that the identity represents. Resolution is relatively easy when detailed identity information is provided. In the real world, collecting detailed data conflicts with the need to provide a good customer experience. Resolution still has to occur, but organizations have to resolve identities with the minimum amount of information. Validation: The validation step involves verifying that the person's information and documentation are legitimate, accurate and up to date. It potentially involves requesting additional evidence based on the level of assurance you need. Verification: The final step confirms that the claimed identity actually belongs to the person submitting the information. It may involve comparing physical documents or biometric data and liveness tests, such as a comparison of the driver's license to a selfie that the person uploads. The NIST guidelines are the standards that federal agencies must follow for their digital identity services, and industry often uses the same guidelines as a framework for their identity and access processes. The current NIST guidelines — Revision 3 — were updated in 2017 and have three identity assurance levels (or IALs). IAL 1: Doesn't require identity proofing to create an account. For example, you may be able to sign up for an online game or newsletter without submitting any identification. IAL 2: Requires users to submit identifying information and evidence either in-person or remotely. For example, when you need to upload a picture of your driver's license and a selfie to create an account or confirm a transaction. It also requires address confirmation and may include (but doesn't require) biometric checks, such as a fingerprint or face scan. IAL 3: Requires in-person or supervised remote identity verification, address verification and biometric checks. There is a proposal to update the NIST guidelines, and the NIST is requesting comments on the proposed Revision 4 through March 24, 2023. The updates aim to advance equity, give consumers additional choices, deter fraud and build on the lessons learned from previous revisions and real-world implementation. It also has four identity assurance levels, starting with IAL0, which is when there's no requirement for identity proofing. Service providers that offer identity proofing, verification and management services can get certified if they conform to the current NIST guidelines. For example, Experian's identity proofing solutions are NIST 800-63-3 IAL2 certified by Kantara Initiative. Building an effective identity proofing strategy By requiring identity proofing before account opening, organizations can help detect and deter identity fraud and other crimes. And although the NIST offers guidelines, you can use different online identity verification methods to implement an effective digital identity proofing and management system. These may include: Document verification plus biometric data: The consumer uploads a copy of an identification document, such as a driver's license, and takes a selfie or records a live video of their face. Database validations: The proofing solution verifies the shared identifying information, such as a name, date of birth, address and Social Security number against trusted databases, including credit bureau and government agency data. Knowledge-based authentication (KBA): The consumer answers knowledge-based questions, such as account information, to confirm their identity. It can be a helpful additional step, but they offer a low level of assurance, partially because data breaches have exposed many people's personal information. In part, the processes you'll use may depend on business policies, associated risks and industry regulations, such as know your customer (KYC) and anti-money laundering (AML) requirements. But organizations also have to balance security and ease of use. Each additional check or requirement you add to the identity proofing flow can help detect and prevent fraud, but the added friction they bring to your onboarding process can also leave customers frustrated — and even lead to customers abandoning the process altogether. WATCH: Webinar: Identity Evolved — Building consumer trust and engagement Finding the right amount of friction can require a layered, risk-based approach. And running different checks during identity proofing can help you gauge the risk involved. For example, comparing information about a device, such as its location and IP address, to the information on an application. Or sending a one-time password (OTP) to a mobile device and checking whether the phone number is registered to the applicant's name. With the proper systems in place, you can use high-risk signals to dynamically adjust the proofing flow and require additional identity documents and checks. At the same time, if you already have a high level of assurance about the person's identity, you can allow them to quickly move through a low-friction flow. Experian goes beyond identity proofing Experian builds on its decades of experience with identity management and access to multidimensional data sources to help organizations onboard, authenticate and manage customer identities. With a single API integration, Experian CrossCore® gives you access to a suite of identity proofing and fraud detection capabilities, including identity element verifications, risk analytics, device intelligence, document validation and biometrics. CrossCore Doc Capture offers end-to-end support for document and selfie verification, and you can use step-up OTP or KBV checks when appropriate. Learn more
Experian's 2023 Future of Fraud Forecast examines rising threats impacting businesses and consumers and how best to combat them.
Podcast: Experian Identity Report – Episode 1 with Kathleen Peters, “Why identity is so important”
Fraud & Identity ManagementKathleen Peters, Chief Innovation Officer, Decision Analytics for Experian, was recently featured on the Eliances Heroes podcast as part of the new weekly segment, the “Experian Identity Report.” In the introductory show, podcast host David Cogan, spoke with Kathleen about why identity is so important to our society. Listen to the podcast for the full discussion and see the transcript below. Learn more about Experian Identity David Cogan: How critical is it? Well, I’ll tell you. Payment fraud will exceed $206 billion in the next five years and let’s face it. Managing one’s personal identity is very complicated on its own and if the business enterprise managing customer identities in a strategic and secure way and scale across countless interaction is extremely complicated. And it’s only going to get more complex with the future from what I understand and all the technology that’s coming out if not by the day, by the hour. And that’s why we’re bringing this to you. Interviews with the world’s leading experts on the game changing impact of identity and the need to use reliable data to make confident decisions that securely accelerate customer engagement and that’s why we’re honored here today to have with us Kathleen Peters, Chief Innovation Officer, Experian Decision Analytics North America. Kathleen Peters: Thanks so much David, it’s great to be here with you. DC: $206 billion of payment fraud in the next five years? I mean who’s going to want to turn on their computer after this. That is a serious number. What do we do? KP: It’s really important that we get our arms around this both as consumers as well as businesses because we want to engage online. So much of what we’re doing is digital. It especially started in COVID when we were having our groceries delivered and everything else and even our grandparents are having to do their banking transactions online. The world is changing, and fraudsters take notice of that as well. Fraudsters are opportunistic and when they see a bunch of folks doing stuff online that they’ve never done before, they’re seeing that as an opportunity too. DC: You know the days of people horseback riding and overtaking trains are long gone and now it’s all digital. KP: It’s a lot easier these days. DC: Why is identity so important to our daily digital lives and in business? KP: It’s a great question, David. And as a consumer myself, you, and I when we transact online whether that’s to have food delivered, or I’m buying something for my kids or I’m even paying a bill, I want to be able to trust that my information will be safe, that my privacy will be protected and that my experience will be as smooth as possible. I think that’s what we all want. So as consumers and as businesses, how do we enable all the opportunities this new digital world is presenting to us in a way that we are safe and also businesses can transact with us securely and have confidence on who’s engaging with them online. DC: Let’s talk about identity. What really makes identity so challenging to manage at a business enterprise level especially with how complex the business portion is? KP: Absolutely. It really comes down to there are so many elements that comprise our identity. It’s multidimensional. So historically, when we think about identity, we probably think about the things that were on our DL or passport the kind of information that’s pretty static – name, address, SSN, date of birth – those kinds of things. Once we get online, that identity becomes a little more challenging. We’re not necessarily physically in front of the business that we’re engaging with so the business needs to determine if the person is who we say we are. There’s a famous Far Side comic from years ago where a dog is sitting in front of the computer and he says “On the internet, no one knows you’re a dog.” And that still rings true in that you need to be able to ensure that the customer that’s coming to your business online is a real person and not a bot, is a person with good intent and not a fraudster. You need to look no farther than some of the recent controversies around Twitter and Elon Musk’s on-again, off-again, on-again intent to buy the company. A few months ago he had pulled back because he wanted to know definitively how many users on Twitter are humans versus bots and sometimes determining that can be really hard. And that comes down to managing all these new definitions of identity. DC: That’s very important. The thing is businesses and consumers want to know really what to be able to do. So, what kinds of things is Experian able to offer to help with all of that? KP: We’re in a great position as Experian because we have such a depth and breadth of identity data. We have the analytics horsepower and really touchpoints that are really unique when it comes to thinking about identity. So we’ve been talking about these traditional identity elements and digital, online identity. When you think about it, Experian also really understands your financial identity. So when you bring those things together and a consumer is looking to maybe understand what their financial identity means, their credit score or even how to improve their credit score, Experian’s there. We’ve got a robust direct to consumer business, we’ve got offerings like Boost and Go that help people establish and build their credit. We’ve got marketplaces for cards, insurance, etc. And then when consumers want to open a new account at a financial institution, or a fintech, or a retailer, or even maybe buy some crypto or log into a business, Experian can bring that wealth of capability to help our clients, help businesses, separate those good consumers with good intent from the fraudsters and do that very quickly and efficiently so that consumers can have a great experience and build that trust with who they’re engaging with. DC: Kathleen, that’s really amazing. Alright, now with all of that going on, what is Experian doing now with innovating for the identity space? KP: This is a real passion of mine David and this is where I spend a lot of my time. We’re always looking ahead to see what is the new data, new capabilities that can help us improve that consumer experience and engagement, help clients find the right consumers online to engage and target, and really allow our clients to grow their businesses safely. So, we’re building some products in house, where we’re connecting new pieces that might be new to Experian like linking some of that traditional identity data with particular payment instruments. Is this Kathleen’s credit card? Is this my bank account? When I come and try to do transactions online. But we’re also partnering with new companies. There are a number of startups that are being formed that have been in business looking at new ways to stop fraud and new ways to help identify and authenticate users online. So, as we innovate, we’re building some things in house, we’re partnering, we’re investing in young companies, and sometimes we’re even acquiring. So, bringing together that breadth of data, analytics, really trying to think about what will be the next way that we’ll think about identifying ourselves online is some of the ways we’re innovating. DC: Well, we’re very fortunate to have you and your company here to be able to do that because it’s growing by leaps and bounds. I’m amazed by the number $206 billion which is probably going to go higher, so we’re very fortunate that Experian is around and really identifying this issue and trying to do something now. What do you think our audience will learn about these weekly, critical chats about identity with Experian experts? KP: These are going to be great conversations that we’re going to be able to share and talk about how rapidly things are changing and evolving and how this really relates to our daily lives and the things that are going on in this very dynamic economic climate, digital climate, the way things are changing the way we’re engaging. I think people are also going to learn a lot about Experian’s mission around financial inclusion and opportunity creation. We’re a very mission driven company and we’re the consumer’s bureau, so we want to do this journey in partnership with consumers so that you can take an active part in protecting yourself, understanding what’s going on, helping us fight fraud, but also just really be able to take advantage of all of these new opportunities in a safe way.
As there is talk about the global economy potentially heading into a recession, it's important to be on the lookout for six fraud trends.
Fraud mitigation is an ongoing process to identify and isolate any suspected fraud fast and manage any fallout without increasing risk.
Financial elder abuse fraud occurs when someone illegally uses a senior’s money or other property. Previngting it requires a robust fraud solution.
Between social unrest across the globe, the lingering pandemic, and the digital transformation brought on by the health crisis, the fraud landscape has expanded dramatically for businesses and consumers alike. According to Experian’s latest global identity and fraud report, 93% of U.S. companies have mid-to-high concern for fraud, and 81% say that their worries about fraud have increased over the past 12 months. Monitoring unused or dormant accounts for fraud is often a warning directed at consumers. However, it’s now advice an increasing number of businesses are wishing they’d followed, as growing synthetic identity (SID) fraud is fueling a dramatic increase in losses—SID related charge-offs ballooned to $20 billion in 2021 alone, according to the Federal Reserve Bank of Boston. The threat of SIDs SIDs are made to look like an actual consumer, combining both real and fake data to form a new composite identity. They typically evolve using a combination of tactics that include: Identifying and creating relationships with businesses that have a high tolerance for identity discrepancies. These include businesses whose products expose the business to low fraud risk and/or products offered to market segments where identity verification is expected to be challenging. Either of these enable an SID to be planted among consumer data sources. Attaching the SID to existing accounts and relationships that belong to other consumers. Often these existing accounts were established by collusive criminals or by using other SIDs, but there are also ways for legitimate consumers to collect ‘rent’ in exchange for adding other consumers to existing accounts. Either approach improves the SID’s appearance of credit worthiness. Progressively building the SID’s independent ability to access larger and larger amounts of credit until they spend quickly and default on all obligations, leaving no one for the victimized businesses to pursue. “They’re difficult to identify because of the combination of real and fake data and because there’s no actual victim reporting an identity theft. As a result, businesses typically have trouble separating SID losses from credit losses,” said Chris Ryan, Experian’s go-to-market lead for fraud and identity. “SID fraud isn’t committed haphazardly. It’s carefully planned and executed—and it adapts to policy changes. Some businesses change their underwriting policy or focus on early-lifecycle account activity like purchases, payments, and requests for additional credit to reduce SID losses that occur immediately after an account is opened. SIDs can adapt to this. If six months of responsible account behavior earns a credit line increase or the ability to spend large amounts in a single billing cycle, the perpetrators are willing to wait,” Ryan said. “It’s something businesses and lenders need to be on guard for, especially with the fast-paced holiday shopping season ahead,” he said. Addressing SIDs Solving the increasingly complex problem of SID fraud requires a thoughtful approach. The institutions seeing success at preventing multi-faceted fraud are using a layered approach to identifying and mitigating fraud. Here are three steps lenders can take today to prevent SID fraud across your portfolio: Use data and analytics that extend beyond credit to evaluate identities and their histories more completely. Apply those analytics across the lifecycle from marketing and origination to portfolio management recognizing that SID risk is not restricted to a single lifecycle stage. Have a rigorous verification process that escalates to document verification or the Social Security Administrations Electronic Consent Based SSN Verification (eCBSV) process For more information on how you can leverage a multi-layered approach to fraud in your business, visit our fraud and identity solutions hub or request a call to discuss customizing a solution for your company.