Fraudsters often have better technology for committing fraud than banks have for stopping it. This is particularly true when it comes to account takeover (ATO). Too many institutions rely on intensely manual, cobbled together reports for detecting ATO, leading to delays that allow fraudsters to drain accounts.
The conglomeration of manual reports started years ago. For example, if a bank saw a high incidence of ATO in a particular geographic area, a developer created a new rules-based report for fraud investigators. When the next form of ATO emerged, a new custom report was created, and so on, and so on until there were many.
A multi-day process of coding new business rules to respond to each emerging scheme and wading through a growing stack of reports is no match for today’s current and emerging ATO attacks. Fraud attacks are increasingly digital, fast-paced, and well organized. If banks are not fully automating their ATO detection process, they risk serious damage to their reputation and customer relationships.
In a perfect world, no fraudster would ever gain unauthorized access to a customer’s account in the first place. But since we know they do, the next best opportunity to stop them is at the ATO set-up stage, as the fraudster is attempting to sever the bank’s communication with the legitimate customer by changing the email, phone number, and address.
Stopping account takeover at the set-up stage
Right now, platform-based systems are available to alert investigators to suspicious address, phone number, and email changes in real time. Not only can investigators take action quickly, but they can also apply rules that limit certain account privileges until the investigation is complete.
For example, if a service like Safe2Change from Kevari alerted you that Mr. Smith switched to a burner phone, changed to an email whose server is in Russia, and changed his mailing address from a high-income suburb in Denver to a storefront in the Bronx, wouldn’t you want to stop him from acquiring a virtual credit card or transferring his entire balance to Google Pay?
The most powerful systems combine patented analytics and advanced machine learning with non-monetary and predictive identity data networks to identify anomalies and out-of-pattern activities. They work behind the scenes, initiating automatically when profile changes and other specified non-monetary requests come across the bank’s core platform.
What once looked benign is now suspicious
Organized fraud rings will seek to optimize the value of their list of stolen credentials by first penetrating victims’ accounts through large-scale automated login requests. Once the fraudsters have successfully logged-in, they change key aspects of the account profile to redirect all communication away from the victims. Consortium data is critical to detecting these large-scale attacks.
As is common with fraud rings, activity that looks relatively benign through the single lens of your bank, can look completely different when you take a wider view.
By surveilling a broader network of data across numerous banks, you might find that several other institutions are observing customer profile changes to the same address, phone numbers, and email addresses. For instance, your account holder’s name is associated a new phone number that has been observed with 10 different last names across multiple institutions. Or there’s now confirmed fraud associated with a new email address on your customer’s profile. You need to know this activity is occurring so you can investigate.
Fight ATO fraud digitally
ATO fraud is significantly more prevalent in digital banking channels. Banks that allow customers to change contact information through digital channels do so understanding that the improvement in customer experience comes with an added investigative burden.
With accelerated migration to digital channels due to COVID-19, investigative workloads could grow exponentially. Now, more than ever, investigators might see that dependence on manual reports creates costly delays. With both fraudsters and consumers taking advantage of digital banking, shouldn’t investigators have a digital system that quickly distinguishes one from the other?
