I just spent several days at the 30th Annual ACFE Global Fraud Conference in Austin, Texas, talking with fraud investigators from around the country and the world. While we discussed a wide range of topics and issues, here are my top takeaways related to identity fraud.
- Account takeover is a problem at small banks, too. Up until the conference, it was rare to hear small banks and credit unions openly acknowledge that account takeover (ATO) was a serious problem for them — even as research by Aite Group and Javelin showed ATO was on the rise. Now, for whatever reason, ATO has their full attention. Perhaps the automated ATO prevention solutions used by the bigger banks are driving fraudsters to small institutions that use manual processes for confirming address, email, and phone number changes.
- An online banking scheme is gaining steam. Investigators told me that fraudsters are using stolen information to set up online banking on victim accounts that had not previously enrolled for this service. (Yes, there are still people who do not use online banking!) Because the online banking enrollment appears as if it is coming from an existing customer, the bank only verifies basic credentials – which the fraudster has. Investigators are now exploring the possibility of using their new-account fraud (NAF) screening methods to score all online banking enrollments for risk.
- Investigators are excited about email data. There is a great deal of enthusiasm about adding email address as another screening element to help detect ATO and NAF attempts. Knowing whether an email address is disposable or was seen for the first time in the last week are critical to knowing the risk associated with an email or its IP address. Where the email data really becomes predictive is when it is combined with other identity and contact data. That’s where you’ll find the anomalies and out-of-pattern behaviors that make fraud-scoring more accurate and predictive.
- Investigations need to get more efficient. Investigators said they are regularly accessing multiple provider solutions or databases as part of their investigations. There was a lot of interest in fraud solutions that would aggregate multiple data sources, eliminate manual processes, and provide a holistic view of the account and its risk score on a single screen. This would help investigators prioritize their queue based on risk level so they could work more efficiently and effectively.
If you would like to talk about these issues – or other insights from the conference – please contact me.
About the Author
Adam Elliott is founder and president of ID Insight. He has more than 20 years of experience creating solutions for the financial services and direct marketing industries. A recognized name in data science and analytics, Adam has also held leadership positions at ChexSystems, Deluxe and Time Life. Contact him at email@example.com.