Record 2023 Black Friday sales, and an even bigger Cyber Monday, indicate more consumers are buying more products and services online. But with all the giving comes a lot of taking: TransUnion reports suspected digital shopping fraud increased by 12% during the “Cyber Five” holiday period compared to the rest of 2023.
The steady increase in digital transactions gives cybercriminals new vulnerabilities to exploit. Identity fraud is on the rise — up 122% from 2019 through 2022, according to TransUnion’s 2023 State of Omnichannel Fraud Report — and bad actors are doing their best to get people to give up valuable information.
Of those targeted, 10% admitted they were deceived, with Millennials being the most victimized generation at 15%. Overall, consumers lost nearly $8.8 billion to identity scams in 2022 (up more than 30% over 2021), and that number will likely be even larger when 2023 is fully accounted for.
While more than three-quarters of consumers were concerned about sharing personal information, they’re not necessarily changing their online buying behaviors. Instead, they’re looking to businesses to solve their fraud problems for them.
The 2023 State of Omnichannel Fraud Report revealed most (78%) consumers prefer organizations whose online experiences protect personal data. But at the same time, 62% of consumers said ease of login/authentication is very important to them. While most customers want some form of identity verification and authentication checks, you just can’t push it too far.
More frequent and severe data breaches are giving cybercriminals the data they need to pull off successful identity scams. According to Sontiq, a TransUnion company, the number of US data breaches reached 3,495 in 2022 — an all-time high. Contributing to the volume are third-party attacks in which bad actors use suppliers, such as payroll processing and medical billing providers, to access an entity’s network.
With personal data in hand, fraudsters attempt to take over legitimate bank accounts and credit cards and create synthetic identities to open new accounts so they can make fraudulent purchases from other businesses.
Synthetic identity fraud — the fastest-growing identity scam — represented $4.6 billion in outstanding balances for US auto loans, credit cards, retail credit cards and unsecured personal loans in 2022 — the highest level ever.
To round out the information they need for a successful scam, bad actors will often prey on unsuspecting call center customer service agents by impersonating real customers. Sixty-two percent of all high-risk phone calls into US call centers in 2022 came from non-fixed VoIP phone lines whose numbers aren’t associated with a physical address.
Bottom line, organizations’ fraud strategies must consider the fact their customers are being scammed, allowing fraudsters to use
With fraudsters hacking systems, deceiving consumers and call center agents, and using stolen account information and fabricated identities, one of the best things your organization can do is make sure your customers and colleagues know you understand the extent of the problem and are taking steps to address it. This can be done in several public ways:
While the previously listed activities are valid, creating greater awareness only goes so far when it comes to stopping bad actors in their tracks. Organizations that truly want to implement increasingly smarter fraud prevention strategies are taking more of a risk-based approach that monitors transactions in real time.
The benefit of this approach is it adds friction when suspicious activity is detected and reduces friction when known consumer identities have been established. By creating friction-right consumer experiences, organizations may reduce fraud losses while improving conversion rates, instilling customer confidence and streamlining interactions with good customers in every channel.
Here are five fraud detection techniques you can use together to keep the transaction path clear for good customers and increase friction as soon as greater risk is introduced.
#1: Use an identity graph to increase confidence in consumer identities
Even good consumers use different email addresses, physical addresses and nicknames when starting new relationships with companies. Compound this normal behavior with altered or synthetic identities generated by fraudsters, and you can see why organizations feel the need to add layers of identity verification during transactions.
An identity graph can help reduce the need for extra verification layers. This valuable tool ties online and offline attributes together so you can know who you’re engaged with. This knowledge can be particularly useful for converting new customers who might abandon their sessions if they think your authentication controls are too stringent.
#2: Use risk-based authentication to monitor user sessions and interrogate users if risk increases
To reduce friction on known accounts, companies are using device-based authentication to recognize legitimate, registered devices, as well as those associated with past fraud. When suspicious activity is detected, you can trigger controls like app-based push notifications and one-time passcodes (OTP) via SMS to make sure you’re not communicating with a SIM-swapped phone.
#3: Reduce false positives by breaking down silos
False positives that interrupt transactions with additional authentication are expensive for businesses and frustrating for good customers. Since many consumers regularly cross channels when engaging with an organization, fraud prevention managers need to break down data siloes to ensure a consistent account authentication process for physical locations, call centers and ecommerce sites.
Fraud managers should also work with their call centers to implement integrated inbound call authentication. This technology routes high-risk calls for additional authentication while moving trusted calls straight to Interactive Voice Response (IVR) or a representative.
#4: Enhance identity verification with device proofing
While device reputation tracking (or device fingerprinting) can help assess fraud risk,
fraudsters often cycle through real or emulated devices to thwart the tracking of previously seen devices.
Device proofing is a more robust approach that includes device fingerprinting, device-to-identity linkages and user-behavior analysis to determine the trustworthiness of a device and the identity using it before authentication is initiated. This can help reduce false positives against good customers who are using a new device or new customers who want to set up an account.
#5: Apply advanced analytics to detect synthetic identities
Bad actors use modified or fully fictional identities to open accounts, build credit histories and access and utilize credit, as well as launder illicit funds. This activity poses a threat to profits and results in wasted customer acquisition investments.
Fraud detection models that comply with the Fair Credit Reporting Act (FCRA) can minimize the damage caused by synthetic identities at the point of origination and during credit decisioning. Using dedicated models against synthetic identities also helps case managers prioritize the riskiest accounts.
Identity data is a vital target for cybercriminals, which is why nearly 1 in 20 (4.6%) global digital transactions were potentially fraudulent in 2022. Organizations that are aware of the threats, implement advanced fraud detection techniques and take an enterprise-wide approach to fraud prevention are in the best position to detect fraud and reduce friction for good customers.