Fraud related to account opening has become a costly issue in the digital age.
The
There are several reasons account opening fraud has become such a challenge in the last few years. Growing consumer expectations for 24/7 digital access and real-time decisions as well as competitive pressures have reduced the time that organizations have for manual review. This is creating an environment ripe for fraudsters to exploit.
Account opening fraud takes many forms, from amateur fraudsters using stolen credentials to obtain credit cards fraudulently, to extremely sophisticated fraudsters using stolen identity data combined with the use of the power of bots to open accounts at a very fast rate.
For example, after a data breach at a company, fraudsters may gain access to consumer data and use a bot to quickly open accounts in large groups of consumer names. Fraudsters may hijack a victim’s identity altogether by linking fraudulently opened accounts with legitimate ones to control access to and the movement of funds between the good accounts and the fraudulent ones. They can also use access to a victim’s accounts to enable additional access to funds.
Digitally enabled organizations are in a difficult position — wanting to meet consumer expectations and leverage new opportunities, while at the same time recognizing the inherent financial and reputational risks involved with enabling online account opening capabilities.
The best way to avoid account opening fraud is to recognize fraudsters before they can gain access to any account opening processes. Watching for bot attacks is critical, since they involve velocity attacks enabled by automation, often using the same device repeatedly to perform the fraudulent transaction until the device is detected and disabled. Due to the large volumes of activity generated by a bot attack, a spike in traffic can help identify it.
Device authentication is also an important way to thwart fraudulent account opening, as it enables organizations to verify the identity of a device by the device’s unique characteristics. Device authentication technology uses certain unique attributes in each device to create a device ID.
By creating and calling on this device ID for subsequent transactions, organizations can more quickly authenticate trusted consumers with the least amount of friction, providing a positive customer experience. And, transactions from risky devices can be flagged for next-level review or denied altogether. If the same device ID is opening many accounts in a short amount of time, this is potentially a harmful bot or a “scripted attack.” Device intelligence technology can also detect deceptive behavior such as device spoofing, use of fraud tools, or use of proxies to hide the true location of the device.
As fraudsters become more sophisticated and utilize automation techniques, organizations need to sure they can detect the source of such techniques. Device intelligence enables organizations to examine risks in account opening such as velocity attacks and use of bots for automating applications, and other fraud techniques. Although digitally enabled institutions are attempting to improve their account opening processes, so are the fraudsters, who are adept at staying ahead of the latest security measures. It’s a never-ending battle.
