When financial institutions think about protecting against new-account fraud, they usually focus on the customer who has already applied and is being onboarded. But with the fraud typologies out there now, onboarding may be too late. Fraud detection needs to start as soon as the application for an account is being filled out.
In a new report, New-Account Fraud: Old Problem, New Challenges, Jennifer Pitt, Senior Analyst in Fraud Management at Javelin Strategy & Research, looks at why such fraud is growing and what financial institutions can do to fight it.
“New-account fraud detection is a partnership with banks, consumers, identity protection service providers, and other organizations like e-mail service providers,” Pitt said. “It’s going to take all of us.”
Starting from the Outside
Fraudsters often start by setting up non-financial accounts, like email or social media accounts. Those accounts have no real identity verification measures. The scammer just needs a name or an email address, without verifying things like date of birth or even establishing that the applicant is a real person.
Setting up accounts that don’t require identity verification establishes legitimacy. Many financial institutions use static identity verification, checking for things like whether a person belongs to a given email address. The more legitimacy that’s added before a financial account is set up, the easier it is to pass the verification tests.
Static identity verification asks people to scan or mail in copies of driver’s license documents. Because of AI and the use of synthetic identities, those are easy to fake. It’s hard for the human eye to tell the difference between a real identity and one that was created with an AI tool.
In addition to documents, financial institutions use other static identity information such as a name and date of birth, or previous addresses. This information is also easily obtainable by scammers through background check websites at a cost of just a few dollars.
“Financial institutions need to use static identity when they’re looking at the documents, but then verify it dynamically,” Pitt said. “Maybe have somebody hold up a driver’s license next to their face, and then ask them to do something on video, like turn their head or say something.”
Watching for Human Behavior
This is where behavioral analytics come into play. When someone fills out an application online, a key way to separate humans and bots is the typing patterns. With bank account applications, behavioral analytics is essentially checking to see if the behavior is that of a human or a bot. If a three-page application for a financial institution is filled out in two seconds, that’s suspect because humans can’t type that fast.
“A lot of these AI tools, and bots can be fed PII—name, date of birth, Social Security number,” Pitt said. “If the same name or a same identity document element, like a picture or a date of birth, is used to fill out multiple applications, that can be detected before the customer is onboarded. Once an account is opened, with the new technology with synthetic identities, with bots, with AI that’s able to pass like deep fake detection, it’s too late.”
Bots are deployed to send out multiple applications to gain access to multiple financial institutions. As with scams, they cast a wide net and see what bites. Once an account is established at one organization, a credit profile can be established that essentially legitimizes that the accountholder is real, even if they’re not.
Challenges for Individuals
Even though new-account fraud may not seem to affect individual consumers, it can still cause problems for them. The scammers use some pieces of personal information to set up an account, whether that’s a name and date of birth or a Social Security number. At some point, that account will be tied to the legitimate holder of that information.
“If somebody sets up a new account in your name, it could potentially hinder you from getting a mortgage, from getting government benefits, anything like that,” Pitt said. “It’s very important that consumers are diligent about checking their own information, making sure it has not been compromised.”
Part of the problem with new-account fraud is it doesn’t have the same indicators as account takeover. Consumers are not alerted to unusual transactions because it’s a new account they’re not even aware of. Depending on the type of account, they might not even be alerted to problems on their credit history.
“I encourage consumers to sign up with the credit bureaus to basically say let me know if there are any changes in my information,” Pitt said. “Sign up for identity protection service providers, which provide services like credit monitoring and monitoring information that’s on the Internet or dark web. They let the consumer know if their information is found on the Internet. If the consumer gets that alert, they know they need to be on guard a little bit more. Watch your credit profile, and unless you need a new loan or new credit, freeze your credit. This basically disallows anybody who is trying to get credit or a loan in your name.”
Concerns About AI
Many financial institutions are still not using identity verification. Some of the reasons include privacy concerns about feeding a customer image into an AI model and about customer friction.
“Financial institutions are using AI tools on a very limited basis for limited things,” Pitt said. “Most are not using comprehensive AI tools for identity verification. They should. There are a lot of vendors out there that offer it. It’s just a matter of getting financial institutions on board.”
Eventually, some financial institutions get to the point that they want these AI tools. If they can explain to their customers why AI is beneficial, that reduces the friction. But some think they don’t have the money for it and can’t afford to start from scratch.
“What a lot of financial institutions don’t realize is they don’t need to start from scratch,” Pitt said. “A lot of the tools vendors offer are able to fit into their existing tech stack. They can just put them on top of solutions they already have. There is obviously a cost, and AI is expensive, but at this point financial institutions need to realize that they’re not going to have a choice. Either you spend the money on the front end for the technology, to detect and prevent it, or you spend the money on the back end for fines, losing customers, and lawsuits.”
The post New Approaches to Fighting New-Account Fraud appeared first on PaymentsJournal.
