Better ID Authentication Helps Banks Battle Identity Fraud
As more financial services companies include customer-friendly mobile channels, they’re also seeing the cost of fraud rise from year to year, according to a new report by LexisNexis.
Midsized to large firms — those with revenue of $10 million or more — spent $3.18 for every dollar of fraud committed against them, up from $3.04 in 2017, an increase of 4.6 percent. Those that also do business internationally saw their fraud costs rise to $3.38, according to the “LexisNexis Risk Solutions 2018 True Cost of Fraud Study.”
For companies that want to cut down on fraud, “there’s not a specific solution as much as there is a layering of solutions,” said Kimberly Sutherland, senior director of fraud and identity marketing strategy at LexisNexis Risk Solutions.
MORE FROM BIZTECH: Find out where smaller banks should be focusing their cybersecurity investments.
Those who do use an effective multilayered solution find that they have lower fraud costs than other institutions — $2.55 for each dollar of fraud, the report states.
Midsized to Large Banks Battle Identity Fraud
The best layers of protection begin with card verification and other simple solutions, followed by advanced ID authentication methods such as device ID fingerprinting and authentication by quizzes, then more advanced methods including real-time transaction tracking and rules-based filters, the report says.
“We have supported a multilayered approach to fraud prevention for years now. It is the most effective method,” Sutherland says.
Identity fraud is the most common type seen by midsized to large financial firms that do business over the internet. Large banks, especially — those with more than $50 million in revenue — say that 60 percent of their fraud comes from that sector; 39 percent of those with mobile channels see it as the primary online issue for their firms.
Such fraud can be traditional identity theft via hacks or data breaches; synthetic ID fraud, in which a persona is created from information taken from a variety of real people (this accounts for about 20 percent of identity fraud at large banks); or “friendly” fraud, in which a person tries to be reimbursed for a transaction he actually conducted but tells the bank he did not.
The variety can make it difficult to spot the fraud in the first place. While identity theft harms an actual person who can report the fraud, synthetic ID fraud is nearly invisible because it takes time for the financial institution to realize the account doesn’t belong to a real person. And in friendly fraud, “organizations are challenged by the real individual lying,” Sutherland says.
Therefore, financial institutions have to use multiple ways to figure out if they’re dealing with the consumer who legitimately owns the account.
“If they verify the consumer’s identity — not necessarily their ID but their identity in general — that is one layer,” she says. “What we’ve started to see more of is assessing the risk of the transaction through the device. That is equally important as well.”
Mysterious Transactions Tip Banks to Fraud
Companies are beginning to watch where and how transactions are made; for instance, if a customer is attempting to withdraw money from a location unfamiliar to the bank, or from an IP address that differs from one the customer ordinarily uses, the transaction can be halted while the bank checks the legitimacy of the transaction, Sutherland says,
However, the report states that not enough at-risk institutions are using the right combination of anti-fraud measures.
“The use of advanced identity authentication is still limited, while manual reviews consume a sizeable portion of fraud mitigation budgets,” the report states. “Surprisingly, the incidence of these solutions is even more limited among those getting hit hardest by fraud (digital mobile channel and international).”