Fraud: Questioning Identities; Learning from the Data Behind the Data

Join a panel of industry experts as we discuss deploying low friction tools and practices throughout the account lifecycle to identify data changes/trends for First Party Fraud, Account Abuse and Bust Out, including Synthetics. 

Transcription:

Bruce Nixon: (00:07)
Good afternoon.

Chris Compton: (00:11)
There we go.

Bruce Nixon: (00:12)
Welcome to the fraud track. Our session today is entitled questioning identities, learning from the data behind the data. I'm Bruce Nixon. I'm the president of Innovis and I'll be your moderator today. Next to me is Dale Hoops. She's the Chief Risk Officer for Fidem Financial & Predictive Analytics Group. Next to her is Chris Compton. Chris is Advisor in Business Operations for Dell here in Austin and to his right is Lisa Wolkenfeld. And she's the Director of Product Development and Analytics for Innovis. Thanks for joining us this afternoon. I'd start with a few questions if we can, I'm talking a little bit initially around, detecting fraud at new account opening, and then we'll move some of our questioning into servicing as we move along. And Chris, if it's okay, I'll start with you, financial institutions are enjoying unprecedented adoption as a result of the pandemic of digital, applications, even generation, even my generation is starting to, adopt those kind of not present, hurdles and getting over those hurdles, how's the digital interaction impacted your resources internally and how are you compensating for, an increase in digital?

Chris Compton: (01:24)
Yeah, so DFS has been a part of Dell, we're within the, framework of Dell for, a long time. And we've been doing this digital, list transactions for about 20 years now. So, we kind of seen the transformation, going from that initial wet signature and then launching signature lists in consumer business models. So it's been quite, an experience and really learning because you do get to see all the struggles that come with having, a direct to application, here's your account, ready to go, situation. So when it comes to that from like a fraud, when we use our tools, it's, about data. It's about taking that data that comes in on those applications, everything from not just your typical consumer application data, like that's your important piece, cuz that's, what's gonna lead to your approval of a customer, but it's also that digital footprint that is very important in that decision and being able to make that decision as quickly as possible. So that's using the different tools and different data sources to make sure we are getting the most efficient and accurate information to provide customers with an approval or to provide them with, a reason that we may suspect this data is not what it really is.

Bruce Nixon: (02:47)
Dale. I know you do consulting as well, within your own practice, what are your clients seeing and, how are they engaging you for help in terms of, working through some of these strategies or changes that reflect the different or, higher traffic through this channel?

Dale Hoops: (03:03)
Sure. So really, I think everybody has seen through the pandemic, we had more unemployment fraud, right? More, fraud directed into government channels because of all the low hanging fruit, for lack of a better term, and now that's really shifted back to the consumer space. So we are seeing quite a bit more, traditional types of attacks in terms of identity fraud, as well as, into auto channels and more creative use, of bank verification as a way to get around some of the, verification that people have done. They're really getting a little bit more creative with it to, tackle some of these tools that we've got

Chris Compton: (03:41)
Real quick on that too. So when we're moving into these different forms of authentication and having these different data sets, being there to do bank type verification or not your traditional using a phone number, it's making sure that, moving back into that consumer fraud, which we do see increase, it's also taken account that people who may have suffered financially during the pandemic that is now causing them to, create a synthetic a second ID, you would say to maybe correct their credit information to correct their credit profile because the one they have, isn't good, enough situation for them to apply for credit. So you can see that manipulation, you can see them using bank data, to create a second identity to kind of make it to where, all right, I have my existing profile, which is no longer, valuable, for themselves. So it's not identity theft, but it's also creating that synthetic second identity of your own to rebuild and reestablish the credit, which then, deal with it gets combined in your bureaus and you have issues, but that's, the goal.

Bruce Nixon: (04:48)
So you're saying that they're creating identities, alter ego identities for themselves just to get by, not with the intent of going out and perpetrating fraud, but just being able to have access in a way that they had prior to the

Chris Compton: (05:00)
Pandemic. I think it's a little of both. I think it's, they wanna reestablish themselves again, as someone who can get that loan, get that financing, get what they need to maybe recoup or get back to where they were pre pandemic levels. But at the same time, you see the same group of people, not same within that segment that will create that second identity with the intention of I'm gonna let my old ones settle and let time pass, and then maybe slowly take care of it within the new identity. Once we get it set, rack it up, and then that's your traditional bust out type of situation. So it's a combination of both.

Bruce Nixon: (05:36)
Have you seen yourself shifting with regard to tools,

Chris Compton: (05:39)
we,

Bruce Nixon: (05:40)
Or tool stacking maybe,

Chris Compton: (05:41)
We do, We have brought in a few more tools because again, it comes down to the data that we have. We need to make sure it's the most up to date, accurate data that's available. Cuz a lot of that data has been manipulated because of things like not just the pandemic, but this is pre before to where customers will do credit cleaning. But obviously that you have the criminals who are creating that synthetics one. So you rely on the different vendors to provide the most up to date and current information because it takes that instant. Again, we're a, we're approve you now. You can use you now. And, that's the thing and we want it again. It's for good customers. Our goal is to get, most consumers in the door, out the door, happy with their transaction and here let's make your purchase@dell.com. You're great to go, but it's that, at the same time you have to weigh the risk and is that speed and that verification having that accurate information from different vendors, it's about getting that happy spot to say, here is accurate data and it's the most correct data that we can use to build rules or model after

Bruce Nixon: (06:48)
Lisa the best fraud solutions, address the problem from several directions. What have you learned is you analyze data both on behalf of a Novas and clients to create products that fight identity fraud.

Lisa Wolkenfeld: (07:00)
So I, think we were surprised to see that the problem is not quite as intractable as we had expected. We thought, oh, fraudsters are so clever and find constantly finding new ways of, getting around, the system and, it's true, they are clever, but they also leave behind some, signs. And so we've, found that, they do, tend to look like, especially I'm talking about synthetics really. They, do tend to look a lot like thin files, or no hits. But if you look at, a combination of identity elements, along with some, information on, the credit bureau report, not necessarily the typical things that are used for underwriting, but things about the types of loans that they tend to have, the speed at which they're taking on new loans or have inquiries, in combination with identity, certain identity elements. It's, you could find, quite a fair number of the synthetics.

Bruce Nixon: (08:13)
Dale got an easy one for you. What's a primary form of ID fraud. Your clients are seeing the ones you do consulting for?

Dale Hoops: (08:21)
Sure. So it's really a combination. You have some of their traditional account take over, app identity fraud, you also have the synthetics that we're seeing and we've been talking about so far, and really talking about how to, how to get to those. I think the industry is maybe growing and concerned about synthetics, but historically it's been something like, Hey, it's just, we're gonna treat them as, as a regular sort of first party fraud for, lack of a better term, just because you need to, they, some of them are sleepers. They look good for a long time, once they're on the book, you would think they were a normal customer until they actually bust out or go bad. So some of those same controls that you have, for your first party frauds, you can also use for synthetics. So I think that those have been, a big piece and then there's really a focus on looking. And I think, Chris mentioned it as well. You know, how to balance that, friction at the time of application, putting that customer through all the different verifications against, kind of, the customer experience and, gathering the fraud. So that's been a, focus in terms of looking at tools, that will differentiate that risk and not impact, a large majority of customers.

Bruce Nixon: (09:29)
We've seen, I From my experience also, I've seen customers start to do a little bit more solution stacking where they've got some initial gateway kind of checks and then the friction increases as, the evidence grows a little bit require, right? A little more expenditure and a little more friction. Chris, how do you organize your, information, your, MIS tools to recognize when a threat's happening, if it's a organized threat and, what are your mitigation strategies that you, that you deploy across your organization when you see that manifest itself?

Chris Compton: (10:04)
Yeah. So good question. So given the types of identity theft that currently, we face it's a broad spectrum of pure identity theft, and there's also the manipulation of bureaus. And then you have the, synth fraud that we talked about using our, MIS systems is taking that data and saying, do we have a potential that maybe this phone, this SIM card and this number that they're using, has it been cloned, and taking that in the real time too, saying using these tools, is this phone number that they're calling us from? Has this been forwarded, has this been tampered, even going down to things like email address, what data is coming in on that digital footprint? Because again, majority of your, applications and your transactions are coming now through digital. So you have to make sure you do things watch for, credential stuffing again.

Chris Compton: (11:03)
So that's where our tools are gonna be able to see, all right, we have an increase of, criminals, fraudsters use bots, just like, businesses do to enhance their production. They use a bot to enhance their production, so that way to try to submit as much data as you can at one time to see what data may be valid to them, in the end. And so it's using those tools to say, all right, look for, monitor that velocity and that risk. But then also within that data, what's the percentage of these that turn out, to be good customers, to be bad customers, and then narrow down to say, all right, this percentage, or this is what we're looking for, phones that have been tampered with, again, SIM card fraud is, prevalent across multiple industries. And it's very, unfortunately it's quite common. So it's having, our system, our tools to tell us there's a risk on that number. There's a chance, or this number has been ported that many times it's, it's identifying that risk and making sure we use that to calculate as soon as that application or that transaction comes in.

Bruce Nixon: (12:10)
How do you figure out a follow on question there? How do you figure out or start to detect the difference between an anecdotal incident and an organized threat? What kinds of tools let you detect that that's coming and maybe change your mitigation strategy or add friction across the board?

Chris Compton: (12:25)
We work closely with Dell obviously to cuz we're, lucky that we can see how that comes into our network and into our system, because there's a lot of ways that someone can some purchase or come into Dell or Dell financial to make a purchase. But within that, we have to say, obviously you look at volume, but you look at patterns, you look at, what are they doing to make that transaction? What are they accessing first using tools? Are they submitting applications with a certain type of information that you compare to say the bureau data to say, all right, now we can see that they're testing to see is this data valid. It comes back to a real point that I want to bring up. And I think is very important. Is that ensuring that your data is not just secure from the typical, like, we hear about data breaches all the time we hear about, bureau data here, phone companies, whatever.

Chris Compton: (13:22)
Unfortunately, this happens regularly too often, but it's also managing your own site and your own data. So one thing we really kind of talk to, not just, cause we deal with business fraud as well. Is that whenever you see these attacks, you see these large things, what are you telling? What are you responding with whenever an attempt to access that data is given. Is it generic enough to not tell the person doing it? Who's submitting these multiple applications over and over again to see what his are you telling them that it's not just, oh, we don't have this email on file or, oh, I'm sorry, you got the email, right? But this password isn't valid that tells these criminals, these organized groups who are mass, submitting this data to say, all right, now we know this.

Chris Compton: (14:16)
Yeah. We know your process. Not just then we know this email is valid. We just need to get the right password. So then they criminal look at these organized groups, cause it's not, your mom and pop stuff still exists. You have the small stuff, but most of this is very organized activity. And so now you're telling them, you're letting them build that profile out for that victim, that consumer or business in case to say, I've got this data, this is valid. Now I need to go out and find, all right, I may have their social. I may have an email, but I don't have the right password. So for account takeovers, like you were talking about, like that is a big piece to where it's getting that access and getting that knowledge to them. So ensuring that, you're not providing those extra little checkpoints, is it was a really big piece that think about it next time you go try to log in or forget a password, see what, whatever institution gives you, get that feeling and say, all right, you submit it, for whatever it may be. I don't have Netflix, whoever you put that password in or you have your password wrong. Does it tell you the password is wrong? And then that's just giving someone incentive to go out and find it and build that.

Bruce Nixon: (15:19)
So you're saying just be a soft target, right? Yes. No feedback loop with relative to the quality

Lisa Wolkenfeld: (15:25)
Don't, don't give them an opportunity to learn how to do it.

Chris Compton: (15:28)
And it's, it's shocking how much you still see that out there. It's still pretty prevalent and again, these, these organized groups are very good at going to find that. And once they find it, then you can seeing are these inquiries, like you're talking about inquiries, you're looking at the credit reports. Oh, they inquired here. Every single one of these people, the bureau datas come back, they've applied it the same one. Here's where they may be getting the data from.

Bruce Nixon: (15:51)
I have a question for Lisa and then I've got a follow on for the group that I'm interested in, in providing a tool, Lisa, digging in, on our identity elements specifically, what's different about the identities presented without giving it all away, in synthetics specifically, or first party fraud cases, generically,

Lisa Wolkenfeld: (16:09)
what's different about,

Bruce Nixon: (16:10)
Yeah. What's specifically is different about those identities?

Lisa Wolkenfeld: (16:14)
What do well, that's that's the trick is that they're really, they look kind of normal. They typically look like thin files or new to credit, and so it's, it's pretty tricky to, just to make that distinction between a good guy and a bad guy, the socials issued post randomization is fairly common, but I would say it's also, you don't wanna ding someone who's new to the new to the country, right. So you do need to look at other things aside from identity, you, if there's one thing that I would encourage oil banks to do, and I've been saying this for years is to make sure you add phone verification, to your KYC process, don't leave that out. It's shocking how often we find fraud, just because the phone didn't match

Bruce Nixon: (17:14)
That's, we're seeing remarkably as we work in, in, in the bureau world on our match, that one to one relationship, that's now becoming der of a person and their phone, particularly with portability is becoming a proxy for social and may actually have a longer duration than social in some instances. So that's useful the question I had for the three of you, and that's considering this group, if you were to set up a Canary in the coal mine, right? In your, process for new account opening, what kinds of things among the cohorts or inbound data or MIS would you recommend it to someone to put out there that says, okay, here's how I'm going to recognize a pattern in my practice as early as possible, and potentially start looking for anomalies prior to just saying, oh, look, losses are going up. Let's do something about it. Cuz at that time, the bucket's full. Any thoughts on that?

Dale Hoops: (18:05)
So, from my side, I would say, it's a couple things, but it's having your, or your organization at all areas and all levels, credit collections, fraud, right? All talking to each other frequently, the earliest trends can be found in collections, from my experience and you'll, it's, if you get a lucky rep there that will notice something and say, Hey, this looks like it's crazy. Why did this even get approved? Or why would, why did that happen? that's a good feedback loop for, for um, the acquisition channel to be able to, fix something that was broken.

Chris Compton: (18:37)
I would just say, make sure compliance is involved. Like there's so many times that you will hear or see where sales or, the financing side who's building out the lending, what the roles that they wanna provide for financing don't really consider the fraud stuff because their goal again, is the sales and that driven is let's get this in the hand as quick as possible, get it out the door, they don't consider the risk, there's so many regulations that we you have to follow as a lender, as a banking, an institution that are required to get those touches in there to make sure you're looking at things like, anti-money laundering, you're looking at, again the true identity, the identifying, or make sure you're not calling out a, causing any type of bottleneck for someone who may be new to the country or new to credit, what is that in there?

Chris Compton: (19:29)
And making sure that everybody's on the same team, it's unfortunate that a lot of times fraud kind of that isn't always the front forefront. It's that? How do we build this? How do we get this going? How do we move to bring everything in? Let's get this going. We're hyped about it. We're excited about a new product, but then you have to go, wait a minute. The first thing that comes through, they'll be like, wait, this is how is this fraud? Well, no one really thought about that from the beginning. And it's, it's incorporating that cross-functional to ensure that everyone has a seat, at the table when you're building a product. And not only that you're using the data that you have available from whatever vendors you bring in, if you're looking at emails or bureau data or, online transaction, internal, external, or historical data to make sure that that's part of the process.

Dale Hoops: (20:17)
Yeah. I would agree with that. And we were actually talking during break that, you would want to, some of these keynote speakers we were listening to earlier, we're cringing a little bit when you, when you hear some of the product ideas, it's really cool and it's, the faster the money gets there, the faster the fraud will go to that channel. So, you have to balance, would be my recommendation.

Bruce Nixon: (20:36)
Sure, So let's switch topics a little bit to servicing, for better or worse, we've opened a new digital relationship with a consumer deal. How do you help clients get organized and attack, this type of fraud, identity fraud when it manifests itself and what tools and best practices you recommend for servicing and fraud prevention prevention.

Dale Hoops: (20:57)
Yeah, sure. So I really think about it in three ways. It's kind of your, tech side, making sure that you have, extra verification or step up type of verification when, something suspicious is happening that you have the MIS in place that we sort of talked about monitoring, fraud and trends across fraud, by phone number by email address by address, et cetera, can help you early on. See, I have two or three on here and then maybe you have 10 more apps in the queue or 10 more, open accounts that have that same information. And then, third it's kind of, like I said, it's making sure that, you have a feedback loop with credit and collections and fraud as a joint unit, frequently I think fraud tends to just be siloed, in its own place. And really bringing together credit can help drive that better decision, across all the various lifecycle events,

Chris Compton: (21:50)
No one cares about fraud or really brings it up until the numbers show up. Yes. And then like, oh wait, this is fraud's problem. They need to fix this. Right. It's, we're the silent, ones in.

Lisa Wolkenfeld: (21:59)
we're all in this together. All of us are in this together. It's not like the Coke executive who brought their kid to the ball game and they only serve Pepsi. And the poor kid couldn't drink anything the whole time. I mean, we have to really share information among, among each other, right across, banks and across vendors even. And, when a bank identifies an account as being fraudulent first party fraud, don't delete it.

Bruce Nixon: (22:33)
Yeah.

Lisa Wolkenfeld: (22:33)
Don't delete it, close it for cause and report it to the credit bureaus as, closed for. Cause that's, one of the best ways to make sure that, you know, your peers are not gonna wind up using that opening and account for that guy also

Bruce Nixon: (22:48)
Yeah, I'm astonished by how often that practice is, ignored, a bank will incur a fraud and immediately remove it from the file thinking that they're protecting a consumer potentially somewhere or actuality, the data's oriented around an experience, right. A tradeline experience that becomes important for the Bureau's learning and other experience. So I wanna hear that's reporting bureaus, don't delete your fraud, report them as such to the bureaus, another observation that I have that in servicing is deploy a variety of tools and we sell a specific set of tools, but I would say across, like Lisa said, we're all kind of in this deploy tools, relative or appropriate to the level of risk for the interaction you're having, one of the tools that we deploy is just simply verifies the presence of a consumer in that interaction. So someone's calling and saying, look, I'm going on vacation in Nigeria. I need my card to be active in Nigeria. Go ahead and make sure that the actual consumer is present in that interaction. In other cases, much more low friction kind of, fraud verifications can happen relative to the sensitivity of the interaction.

Dale Hoops: (24:00)
The one, piece I did forget to bring up that I think is also critical in terms of getting organized is to make sure that your organization has a plan and, knows what they're gonna do when there's a fraud attack, because there will be a fraud attack. Right, and how you kind of react to that flash fraud, if you will, is really critically important. So knowing who you're gonna notify, how quickly you can shut that channel down, how quickly you can get the analytics and the fraud teams engaged to do new rule sets is, gonna be critically important. And thinking ahead on that can really save some angst

Chris Compton: (24:32)
And also kind of Lisa mentioned again about the bureaus and it's been, we talk we've each brought that up quite a bit. It's also learning what that bureau means, not just using it as your credit model, to approve or decline or whatever it may be, or to verify the data it's understanding within that bureau, when you're looking at say things like thin files or new credit, is it a pattern of see what is on that profile? Is it, oh, these are accounts that are on the bureau, but they are all ones that were added as a secondary. So they added, they will add their name to an existing credit line to, build their credit. People do this legitimately, but at the same time, so do the criminals, the crooks will added to it.

Chris Compton: (25:18)
So understanding that bureau data is a big key and understanding what's coming in. Because again, it's about knowing is this person really who they are not just at the bureau, but also the digital footprint is it, as well as they can manipulate IPS and devices and whatever it may be, these criminals are smart, but they're also, again, they leave a pattern. It's just getting to be able to attend that quickly. And that's using your it services, having that relationship saying, this is what we need to look for. This is what we need to be aware of. When there may be an increase of say a certain part of the country, all of a sudden you're seeing an increase in volume. Why is that get involved in that discussion? Hey, yeah, you know, fraud's not pure, I.T That's their work, right. That's theirs, but it's, it's having that relationship to be involved in that conversation to make sure you're at the table when something comes in that that's one of the biggest pieces. I think

Bruce Nixon: (26:12)
Lisa, you led the team that built a product, our questionable ID product. Yeah. I didn't do anything right. That, does both new account opening detection as well as monitoring what percent of the detection that happens, happens post-op opening and in the early life cycle of an account. Yeah.

Lisa Wolkenfeld: (26:29)
Thanks for asking that question, double. I would say you gotta look at the originate at application at originations, use your tools, then use them again over and over again for at least a year, because certain, certain information just becomes evident little bit later on, and so what we found in our studies is that over the course of a year after originations, we get another, the same amount that we would, that we found at origination. So it's really worth it to keep looking.

Bruce Nixon: (27:08)
Yeah. It stands to reason, right? You, had indicated that, a synthetic particularly looks like a new credit account and it's the subsequent behavior that starts to make it obvious, that the accounts of fraud. Thank you all for joining me. I appreciate it. I like to open the forward questions if anyone has them with the time remaining.

Lisa Wolkenfeld: (27:29)
Not that we can see Anyone.

Bruce Nixon: (27:30)
No, we can't see you. So at all, speak up, please. Thank you for your time in joining us.

Chris Compton: (27:37)
Think we have one question...

Bruce Nixon: (27:37)
We do there's. There is a question. Yes, sir.

Audience Member 1: (27:41)
But I mentioned knowledge based, authentic (inaudible)

Bruce Nixon: (27:49)
Yes.

Audience Member 1: (27:50)
Are effective. Or would you recommend (inaudible)

Bruce Nixon: (27:57)
Knowledge based authentication's been around for a bit? it was a very effective process, it's been circumvented largely by the availability of some of that data online. As a result, the questions have become, more and more complex in their asking sometimes so complex. The actual consumer can't answer them only the fraudster can answer them, customers also tell us that the amount of friction involved in it leads to a harder interaction with the consumer, the friction isn't as welcome or as tolerated, depending on what the transaction is. We've kind of found that in our practice out of band works really well. We have to deploy other things along with that, things that take a look at the device specifically, as Lisa mentioned, verification of the phone, not just sending it out of band transaction to a phone number that's provided, but verifying the relationship, but between the consumer and the phone number and the phone number and the device, outside of that band before you make the interaction has proven to be a little bit lower friction with higher reliability for us.

Chris Compton: (29:05)
Yes. Great. Completely.

Bruce Nixon: (29:08)
That was a great question. Very good questions. I'm I really cannot see

Bruce Nixon: (29:16)
Thanks so much for your time. Yes.

Chris Compton: (29:18)
Thank y'all for coming.