Digital account openings are a vital function of any transaction-based company. But even the most security-conscious organizations remain vulnerable to potential fraud and financial loss. Armed with even a few key pieces of information, fraudsters may be able to open a fraudulent account using a real identity.
In many cases, fraudsters are attempting to use stolen identity data combined with bots to open accounts at a very fast rate. And there is a greater amount of personally identifiable information (PII) available on the black market for fraudsters to use as a result of thousands of data breaches over the years. Due to growing consumer expectations for 24/7 digital access and real time decisions, some organizations such as financial institutions and merchants have reduced the more stringent manual application review processes in order to open accounts quickly.
Security executives are concerned with account opening fraud, with almost 40% in a recent survey recognizing account opening fraud as a high or very high threat over the next 12 months.
The best way to prevent account opening fraud in digital channels is to detect fraudsters early in the account opening processes. For example, watching for bot attacks is critical. Bot attacks can be detected by increases in traffic, or by identifying devices performing multiple unusual behaviors, often at a high rate of speed. If the same device attempts to create multiple applications in a short period of time, that could be evidence of a bot or fraudulent application attempt.
Device authentication is also an important way to detect fraudulent account opening, as it enables organizations to verify the identity of a device by the device’s unique characteristics. If a fraudster is using the same device to open several accounts, that device can be blocked from further access.
Other detection techniques include identifying geolocation anomalies, velocity of access, presence of malware and crimeware.
Some financial institutions have made progress against application fraud. However, as fraudsters realize that, they move on to other less-prepared organizations. Therefore, it’s imperative that all organizations prepare to mitigate against application fraud.
