06/24/2024
Blog
The percentage of suspicious digital transactions seen by TransUnion public sector clients compared to all digital transactions grew from 4.2% in January 2023 to 5.8% in December 2023. Suspicious digital transactions include those immediately denied, as well as those flagged for further review based on device-level fraud indicators, such as a high volume of sign-up attempts, evidence of a device being used to commit fraud in the past, or client policy violation. Reviews of digital transactions may not ultimately result in a denial.
There was consistent growth in the rate of denied and reviewed digital transactions in the months following one of the largest hacks in recent history — the MOVEit breach which began in May 2023.1 The rate of suspicious digital transactions for public sector clients has remained high since. Using breached data from this event and others, fraudsters increasingly targeted business registrars, motor vehicle agencies, unemployment insurance programs and more, resulting in improper payments and potential loss of access to public benefits for rightful constituents.2
Public sector clients saw a significant rate of denied and reviewed digital transactions when originating from outside the US in 2023.3 While a client may deny transactions originating outside the US in real time due to existing policies, TransUnion consistently captures evidence from foreign transaction activity that can be suspicious. These transactions often occur in high rates over a short period of time — potentially indicating patterns of fraud rather than legitimate use from abroad.
Risk indicators are behaviors or characteristics typically associated with sophisticated fraud outfits leveraging stolen personally identifiable information (PII) at scale. These indicators had the largest increase in suspicious transactions for public sector customers when comparing January 2023 to December 2023, as noted in the graphic below.
Account takeover surpassed credit card fraud as the top type of digital fraud reported to TransUnion by its customers globally across industries from 2022 to 2023.4 However, synthetic identity fraud was the fastest growing digital fraud type in 2023.
Synthetic identities are most associated with financial services where criminals often look to achieve either immediate access to money or to legitimize the fake identities by building credit history. Government agencies may see increased use of synthetic identities to perpetrate fraud.
Using synthetic identities to enroll in government benefits and services can provide legitimacy to a fabricated identity. Synthetics could also be used to establish fake business entities or apply for other licenses, lending further credibility to that fabricated identity. A primary goal of sophisticated cybercriminals is to legitimize synthetic identities, allowing more opportunity for criminals to use identity credentials in additional fraud schemes.
US data breaches increased 15% year over year (YoY) in 2023 to a volume never seen before — driven by an increase in third-party breaches.5 In addition, the average breach risk severity (the ability of a breach to enable identity fraud) increased 11% YoY in 2023 — also the highest ever measured.
A primary data breach represents a direct attack on an organization. A third-party data breach, also known as a supply-chain attack, value-chain attack or backdoor breach, is when an attacker accesses an entity’s network via third-party vendors or suppliers — payroll processing or medical billing, for instance.
For the second year in a row, healthcare experienced the highest number of breaches followed by education. However, breached data does not remain bound to the sector from which it was stolen. For example, high breach volume in these sectors could leave tens of millions of Americans at higher risk of having identities used in fraud schemes targeting programs like medical coverage, disability benefits and pension plans.
Exposure of Social Security numbers and driver’s license numbers is becoming more common in breach events linked to an increased risk of fraud against government agencies. These events may continue to pose increasing challenges to agencies using these as components in their identity verification strategies.
The Average Breach Risk Score (BRS), as measured by TransUnion TruEmpower, uses a 1–10 scale where 1 represents least severe and 10 represents most severe. Using the BRS where stolen identity information had the potential to further public sector fraud in categories like tax refund identity theft, medical identity theft and others, a proprietary TransUnion analysis found risk increased 73% from Q1 2020 to its highest point in Q4 20236.
TransUnion documented a 55% increase in the percentage of high-risk calls into US call centers from 2022 to 2023 from 2.9% to 4.5%.5 During the second half of 2023, high-risk calls increased to 5.2% from 3.9% in H1 2023.
Constituents increasingly interact with government agencies across channels — creating a complex system of touchpoints fraudsters are eager to undermine. Public officials must take a multilayered approach aimed at discerning fraud risk across channels to help mitigate persistent threats facing agencies.
Learn how identity theft and fraud trends are impacting government agencies. Download our eBook.
1,2 MOVEit, the biggest hack of the year, by the numbers, TechCrunch, August 2023
3 The country and regional analyses examined transactions in which the consumer or suspected fraudster was located in a select country and region when conducting a transaction. The global statistic represents every country worldwide and not just the select countries and regions.
4 TransUnion came to its conclusions based on proprietary insights from billions of transactions in its global intelligence network. The rate or percentage of suspected Digital Fraud attempts reflects those which TransUnion customers determined met one of the following conditions: 1) denial in real time due to fraudulent indicators, 2) denial in real time for corporate policy violations, 3) fraudulent upon customer investigation, or 4) a corporate policy violation upon customer investigation —compared to all transactions assessed.
5 TransUnion TruEmpower obtains its proprietary cyber breach data in partnership with the Identity Theft Resource Center (ITRC). The ITRC staff tracks all US publicly reported data exposure events from sources that include state attorney generals breached entity press releases, law firms, cybersecurity experts and more. TransUnion expands the ITRC data with a process that computes each breach’s top risks, appropriate actionable consumer steps and Breach Risk Score. The BRS is based on the quantity and severity of the particular identity credentials the affected entity determined to have been exposed. From among 60 possible identity credential choices, each breach is run through TruEmpower Identity Threat Profile to produce a risk score and pattern, and prescribed consumer actions. The Breach Risk Score uses a 1–10 scale where 1 represents least severe and 10 represents most severe.
6 Using an average of TransUnion TruEmpower Breach Risk Scores that indicated when stolen identity credentials had the potential to be used to further fraud in public sector categories, relative exposure severity was estimated by using the average score within a given harm category, timeframe, and/or geography for high-risk breaches. This score was then adjusted based on the total number of consumers affected by those breaches. The value is indexed to 2020-Q1 = 100.
7 TransUnion’s call center findings were based on data from both large and small financial institutions based in the US. The rate or percentage of high-risk calls was determined by the assessment of multiple risk factors.