Surviving & Stopping Fraud in 2020 -> A user's guide.
In this article, you will learn:
What is Fraud Prevention and Detection?
As financial institutions continue to undergo digital transformation and more customers use online and mobile mediums, they are more exposed to fraud risks. Fraud prevention practices and tools enable you to detect fraudulent financial actions and then implement measures that prevent financial and reputational damages and improve customer loyalty.
While there are increasingly more fraud detection solutions and new authentication methods, cyber criminals continue to find methods to commit fraud. These criminals are known to use sophisticated strategies as they collaborate, exchanging resources and information through the dark web. To prevent fraud, organizations can leverage various information security tactics.
Common Fraud Schemes and Fraudulent Activities
Debit Card Fraud and Credit Card Fraud
This type of fraud can happen when unauthorized parties use cards without permission. Criminals do not need access to physical cards.
Criminals can use credit card numbers, PINs, security codes, and card information to make unauthorized transactions and gain access to accounts. This could result in theft or lead to a credit card balance spike.
Mail identity Theft
There are many types of mail identity theft attacks, some more sophisticated than others. Some scammers directly steal checks from mailboxes and then modify and cash the checks. Others intercept debit and credit cards and then rack up unauthorized charges.
To ensure criminals do not gain access to information, it is important not to throw away papers containing banking details, account statements, and any personal information.
Online Shopping Fraud
Can occur in different ways. Some cybercriminals hack into website accounts and use saved card information to make unauthorized purchases. Typically, this happens when users make online purchases using an unfamiliar Wi-Fi network.
If a customer connects from a coffee shop, for example, and a hacker has set up a seemingly legitimate network, then the hacker will be able to gain access to a wide range of private, sensitive, and financial information. Hackers can also redirect customers to fake websites or steal customer information, and then compromise a website to gain access to accounts.
Synthetic Identity Theft
Synthetic ID fraud is considered a sophisticated operation, gaining more and more popularity in the U.S. In this scenario, criminals leverage a wider scope of information.
These criminals take information like social security numbers, personal customer information, real birthdays and addresses, from different people. They then shuffle the information and create a new fake identity that looks like a real customer with good credit.
One the synthetic identity is created, criminals start opening new accounts and apply for credit. Some even receive auto loans and commit other types of fraudulent activities.
Signs of being the victim of synthetic identity theft might involve receiving mail addressed to different names and calls asking about new credit accounts.
Internet of Things (IoT) Identity Fraud
IoT technology enables users to perform tasks in more convenient ways. From smart household appliances to smart cars, medical IoT, smart manufacturing appliances, and military IoT—more and more smart devices are invented, deployed, and connected to private, public, and corporate networks. However, each IoT device can turn into a vulnerability.
IoT devices often get connected to personal accounts, like emails and private WiFi networks, and transmit information without being entirely secured. Hackers can and do leverage IoT devices as an entry point to gain access to personal information, accounts, and launch more advanced attacks for identity theft purposes or otherwise nefarious reasons.
Methods of Fraud Detection and Prevention
Tone from the Top
To help protect the organization from fraud, many strive to include all employees and turn this objective into a work culture. When anti-fraud programs are implemented throughout the organization, to include everyone, all employees are committed to helping.
To ensure a successful implementation of an anti-fraud program, many organizations add a code of ethics, which is signed by all employees. Additional methods include continual anti-fraud training and policies, periodic surveys, and internal controls.
Each of these measures can help organizations continually assess and improve their anti-fraud program and ensure all employees are well informed and knowledgeable.
Perform an Internal Audit and/or Internal Control Assessment
An internal control assessment is achieved when a third-party investigates and assesses the organizations’ areas of risk. Once the investigator identifies primary risk areas, they indicate gaps in internal controls, provide examples of exploits, and then design a program to close the gaps.
Additionally, an internal control assessment contractor can help implement controls and continuously perform tests to help ensure the new program is properly used. Some common controls that are often needed but aren’t properly enforced include segregation of duties, a useful management review, and access controls on banking sites.
Anti-fraud training can help employees identify and prevent fraud. However, training should be practical and hands-on, educating employees on ways to detect fraud and what exactly they need to look for. Employees should also learn how the organizational internal controls work and how to report fraud when detected.
Employees should be continually updated on new research and practices, learning how fraud criminals try to conceal unauthorized activities like creating fake documentation and journal entries, modifying accounting transactions, and other fraudulent activities.
Optical Character Recognition (OCR)
OCR technologies can identify characters from a wide variety of sources—such as printed books, images, and handwritten papers—and then digitize the content. Organizations often use OCR to quickly transfer documents to digital systems. Often, the information goes into data analysis tools which then process the data and provide relevant insights.
OCR technology is also leveraged for ID verification. eCommerce sites, for example, can request that customers send a photo of their physical IDs. The OCR then reads the information and uses it to verify the customer’s identity. This can help prevent fraud.
However, while OCR can be useful in preventing fraud, it also presents some challenges:
- Non-textual glyphs—OCR often experiences issues and fails to convert non-textual characters and glyphs. These spaces remain blank, leaving out important information like logos and map symbols, which do not get viewed and analyzed.
- Skewed or non-oriented documents—OCR experiences difficulties in analyzing characters when the text is not properly aligned because images are skewed.
- Colored backgrounds—OCR scanners may output inaccurate or incomplete texts when trying to scan text aligned on colorful background patterns.
- Languages—OCR scanners sometimes need to be configured to use the right language, or the text detection could mix up special characters used by certain languages.
- Formats—many conventional OCR scanners cannot output high quality for documents of varying formats. For example, an OCR designed for accounts payable can read printed text well but might fail to detect characters in handwritten documents.
- Blurry or glared images—are challenging to read, for humans and machines both.
- Font size—some OCR scanners may face difficulties when trying to convert characters with large or small font sizes. When this occurs, most important words and characters may be lost and remain unavailable for systems.
Fraud Prevention with ID Verification
Any digital system can be potentially attacked and the information stored may be used for fraud purposes. Not only banking institutions, social media platforms and giant eCommerce websites are targeted for fraud. Databases storing corporate information, customer data, sensitive and private information, financial documents, and corporate secrets are often targeted, too.
A data breach can put an organization at many types of risks, from fines and reputational damages to lawsuits and even bankruptcy. To prevent breaches, organizations should protect not only their online channels but also their data repositories. Systems without a proper ID verification measure can be subject to digital identity theft, corporate espionage, unauthorized transactions, and a wide range of cybercrime.
ID verification can help organizations enforce restrictions on access to sensitive information, as well as any corporate systems and data stores. A basic data protection measure is to ensure that customer identity is authenticated during registration and often when performing certain tasks on specific online channels.
There is a wide variety of techniques and tools available for ID verification. Many are offered as third-party integrations via SDKs and APIs, or by installing plugins that enforce identity validation measures. In other cases, a third-party might ask the organization to direct traffic to the third-part portal, where the third-part verify users, and then redirect verified users back to the organization’s online channel.
Fraud Prevention and Detection with BlueCheck
Here is the blunt take-away: Fraud attacks are going to be a headache that you will live with for your entire career. As more businesses transition and rely on digital transformation to drive growth, the "fruits" or profits from successful fraud attacks also grow.
One solution we see implemented frequently is identity verification as a "step-up" authentication method. This means that if a transaction or user is suspected as fraudulent, the client will prompt the user with identity verification requests that the user needs to satisfy.
At BlueCheck, we believe that digital identity is key to digital transformation. We help clients of all shapes & sizes implement identity verification. Whether it's behind the scenes verification of all e-comm orders or photo ID verification via direct API, we can probably (and would love to!) help.
We don't bite, so give us a shout via email or phone if you want to talk more.
Learn more about the BlueCheck ID verification platform, or feel free to contact us with questions or to have a conversation around identity verification. It’s our passion and we’re always happy to chat.
-- Team BlueCheck (firstname.lastname@example.org)