If you are like me, you have historically thought of identity theft as a bit like a virus. You can take all sorts of precautions to prevent it, but through ways that could be your fault, and in other ways that aren’t your fault (like Target’s 2013 data breachthat impacted 41 million customers), it can happen. And like a virus, you might think you would know right away when you are a victim.
But fraud’s not always like that. A lot of us think of the fraudsters, the so-called bad actors, as teenagers in a basement with a stolen identity trying to get a pair of Nike’s. That might have been the case ten or twenty years ago – but now that it’s at least a $16.8 billion problemin the US alone, much more sophisticated people, and organizations have entered the mix, and because there’s so much money to be made, their methods have become more sophisticated.
So in this post, there are links to three articles to inform you about some of the new methods of fraud, and how fast they are growing, as well as how to detect and stop the fraud, and one that highlights that customer fear of fraud also results in lost revenue for merchants that fail to earn the trust of their customers.
The first article is about a recent report from Forterbreaking down not only the fact that some segments experience year-over-year fraud growth of 170%. What’s particularly interesting about this piece is the way it explains that fraudsters eventually want to get into retail with their stolen identities because that’s where the big money is for them. But the fraudsters often start in much safer territory – the lower margin food & beverage industry. Once they have established good credentials there (and the person who has had their identity stolen might not notice an $8 charge from McDonald’s on their credit card bill), then they can move up the chain to the higher margin theft. Here’s the scary part – according to this piece, the fraudsters might sit on the stolen credentials before they strike – which means your credentials might already have been stolen and you just don’t know it yet. That’s where fraud really isn’t like a virus. And the conclusion in this piece is that to get to the needed level of trust, Identity Verification (at account creation) and subsequent Authentication needs to be much better – but without adding more friction to the experience relative to expectations.
TYPES OF DOCUMENT AND IDENTITY FRAUD
There are many ways people can create a fake identity document and they can range from very low quality to very high fidelity high quality. This article by OnFidodoes a very good job of breaking down seven different ways in which a document can be fraudulent, it also does a good job of explaining the tiers of types of attacks which is very well done.
This report claims that “79% of users will leave if your onboarding experience does not live up to their expectations” and that’s not identity theft – that’s lost revenue, and 79% is a huge number.
Saving what may be the best for last, Javelin did a very thorough reporton what’s going on with fraud right now, where things such as Account Takeover have grown significantly and the various methods in which the Identity Theft, and Identity Fraud can happen. While the report itself is long, the summary is easy to scan and they have some very good graphics for some of the growth and trend numbers that are easy to digest.
The takeaway from this is – circling back to the conclusion from the Forter report, is better Identity Verification and Authentication (these are terms we have defined specifically in this blogfrom earlier in the year) with the same or less friction than what users experience today. So to address the OnFido statistic of 79% abandonment rate – if you have a verification that’s fast and automated (verifying that the person is who they say they are (with a selfie and algorithms to match the selfie to a driver’s license or passport and verify document legitimacy), we think that in most cases that will exceed their expectations and that abandonment rates will drop dramatically. Then with a high degree of trust on both sides of the interaction/transaction, when the user returns and authenticates (using a biometric such as face or fingerprint captured when the user was initially being verified), having done the iron-clad initial verification, fraud rates should drop dramatically. While some of you may wonder why this is only just now available – it’s really because the smart mobile device has finally gotten sophisticated enough to capture high fidelity images, and all of the algorithms that had to be written to verify authenticity took time, and then collecting a document library of driver’s licenses and passports from around the world also took a long time. But it’s all in place today, and if the fraudsters are smart, they should be training up for a new career.