“Digital has made new account fraud a pervasive problem,” said Al Pascual, head of fraud and security research for Javelin Strategy & Research, in a recent webinar. “Fraudsters no longer need to walk into a branch or into a store and put themselves at risk.”
Digital account opening has not reached widespread consumer adoption, he explained, but fraudsters love it. In addition to providing anonymity, operating in cyberspace provides efficiency. Fraudsters can open dozens of fraudulent accounts per day while sitting on a beach in Bermuda.
Why you should screen emails
There’s really nothing that stands in the way of fraudsters opening new accounts online. Access to breached data has given them plenty of legitimate identities to work with. In your screening process, the application may look completely fine if you’re using traditional ID verification. The applicant name, SSN, and even the address probably match. Fraudsters fool your system, and you give them new accounts.
But that doesn’t mean you’ll let them keep those accounts. Digital account opening requires an email, and that’s where the fraudster becomes vulnerable. To ensure that the victim doesn’t receive immediate notification of a new account, and to set up a covert communication channel with the bank, the fraudster has created an entirely new email.
Data is available that can detect the longevity of an email, i.e., how long it has been around. In a digital account opening scenario, this longevity insight can be used to evaluate the email before an account is opened – or before full privileges are granted.
Email data helps predict fraud
Every institution with online account opening should have access to a robust email data set. That’s because, in addition to longevity, there are several other email characteristics that could indicate an elevated fraud risk. For example, the data may show that the email is disposable, or that the email could not be verified in association with the account holder’s name, or that the domain server is located overseas.
Just as email insight enhances your fraud screening, so too will IP, phone, and physical address data. These additional data sets, when compared to the account input data, help to identify anomalies and out-of-pattern behavior, thus making your fraud-scoring process more accurate and predictive.
Integrate all your insight
Even when fraud investigators have all the right data available to them, too many fraud cases are identified after the fraudster has cashed out or capitalized on the new account. Why? Because all the data – phone, email, IP, ID verification, fraud score – existed in disparate databases, making the investigation process disjointed and inefficient.
The best practice is to integrate all your insight into one delivery system, so you can see all the data on the new account on one screen. This will allow you to act fast based on ALL the places fraudsters have left themselves vulnerable to detection.