Retail banks have made significant investments in making their user experiences easier, faster and more connected. They have also stressed making them safer. But despite their best efforts to construct a more secure system, fraud — specifically identity theft, account takeover and application fraud — continues to prevail.
It’s not for a lack of trying, or in some areas for a lack of innovation. It’s more likely a result of organizational complexity which impedes progress, and prevents singular ownership for the problem, and the solution. Whose problem is it? Does it sit with the fraud team, the information security team, the identity and access management team? The unhappy result of this lack of clarity might be a wave of consumer discontent.
Legacy solutions that are embedded in today’s fraud prevention toolkit are partly to blame. Frankly, the status quo isn’t cutting it, as point solutions don’t account for fraud’s rapid evolution.
Fraudsters have become extremely sophisticated. Fraud operations are set up more like a small corporation or startup than a single, clandestine basement hacker. They’re well-organized, well-funded and have access to an incredible amount of personally identifiable information, made available via the Dark Web and what they can already find through online search and social media. For example, they’ve mastered how to navigate between our different accounts, devices, and financial associations; what vulnerabilities exist by combining real and fictitious personally identifiable information; and how they can maliciously verify themselves using one account to access another. This has allowed them to innovate, expand their targets and bypass traditional identity barriers, drastically improving their odds of success.
The success of identity attacks has been especially devastating to consumers, who bear the brunt of the fallout.
According to an Aite Group report, nearly half (47%) of U.S. consumers have fallen victim to identity theft in the past two years. While over one-third of consumers (38% and 37%) were impacted by account takeover and application fraud in the past two years, respectively.
Losses from identity theft reached $712.4 billion in 2020 — a 42% increase from the year prior — and the toll is expected to rise to $721.3 billion in 2021.
In addition to dollar losses, consumers experienced major headaches following an identity-based attack. For example, 30% of consumers reported that it took them over 100 hours to recover from their identity theft incident. Identity theft also takes an emotional toll. Victims ask themselves, “will my identity ever be safe again?” and “Who can I really trust with my sensitive financial information?”
While the issue isn’t exclusive to financial institutions — fraud is carried out across different types of accounts, from utilities, e-commerce and retail accounts, government benefits, to health care — it’s most often carried out using bank tools and accounts.
Case in point, the top two most common forms of application fraud (i.e., when a fraud operator opens an account using a victim's identity) includes the opening of a checking account (27%) and a credit card (25%). Adding insult to injury, only 24% of application fraud victims learned from their financial institution that an unauthorized checking account was opened in their name. A significantly larger cohort, 42%, detected an unauthorized checking account themselves; 32% were contacted by a credit monitoring agency.
The overall impact of these events on consumer trust will be incredibly negative. When it comes to identity fraud, it seems that consumers are on their own.
This needs to change. Banks must evolve their fraud prevention strategies to stay ahead of fraud’s evolution by equipping themselves with tools that address both traditional and emerging fraud tactics.
Banks also need to take a more holistic approach to fraud prevention. Too often we see different departments within an organization act in silos — that is, they aren’t working together closely enough, with similar tools and programs that can communicate with one another, leaving gaps that fraudsters can easily identify and exploit.
Banks must take aggressive steps to innovate their fraud prevention processes to span the entire customer life cycle — to stop fraudulent actors from the beginning, at the application and enrollment stage, as well as throughout the life cycle, preventing account takeover and the misappropriation of funds.
Ripping up what’s currently in place is never easy. But with fraud activity heating up, and to protect their reputation, it’s perhaps what banks and their customers need most.