Cybercrime continues to become more sophisticated and more prevalent as ecommerce accelerates. Synthetic identities are being used to open accounts, and account takeovers can be automated by networks of bots. Fraud targeting businesses will likely only continue to expand as the post-Covid world turns increasingly to online business, and staying on top of those attacks will require in-depth solutions.
“For many merchants, fraud continues to grow and evolve,” said Angela Whiteford, Chief Marketing Officer at Forter during a recent Mercator Advisory Group webinar. “They implement different tools, typically starting with a rules-based tool that flags and blocks actions on very specific attributes. These tools have to be scaled and refined and built upon.”
These rules-based tools require a lot of intricacy to function, unfortunately; there’s a need to replicate layers across the entirety of the purchasing journey, and that reality can be unwieldy for many merchants, leaving them ill-prepared to keep up with rapidly-evolving threats like synthetic identity fraud – the fastest-growing type of financial crime in the United States.
According to a July 2019 Federal Reserve Payments Fraud Insights release, 85%-95% of applicants identified as potential synthetic identities are not flagged by traditional fraud models, and that bears out in more than $6 billion in losses to US lenders to this type of attack in 2016 alone.
“You can’t distinguish legitimate buyers from fraudulent ones in this system,” Whiteford said. “Why is that? This legacy approach has you look at the transaction itself, not the digital identity behind it. Transactions can be manipulated through proxies and breached customer details, but digital identity tends to be consistent, the details don’t change that much. So long as you’re only able to look at the transaction, it’s going to be inaccurate.”
So what’s the solution for finding a more sophisticated path? Machine learning, Whiteford argues, will play a major role, but key to that learning will be a large network of merchants sharing information.
“You need access to a large data network, aggregating from multiple verticals,” Whiteford said. “Why? There’s a networking effect. This gives you that identity linking concept. Connections and relationships within the network that are not otherwise easily traced. They may not be sharing a single datapoint if you look only at your own business. This is useful when people are trying to hide their identity, and can also happen with abusive behavior.”
Such a network, with fraud experts and data scientists uncovering new fraud trends to adjust models, could have much more success than in-house efforts alone could bear. That could prove critical to anticipating the next vector of attack before it happens.