Security stems in part from understanding and preparing to mitigate various kinds of fraud.
The problem with fraud detection for remote services isn’t that humans can’t see red flags when looking at facts about a consumer’s life and finances. The problem is that humans don’t have the time or access to review enough data—in a broad enough context—to make adequately informed decisions.
That’s what data analytics tools do for financial institutions, says Chris Ryan, who leads fraud and identity product marketing for CUESolutions Silver provider Experian North America, Costa Mesa, California.
Three Types of Fraud to Analyze
According to Ryan, a strong, basic data analytics solution should be able to analyze transactions for at least these three types of fraud:
1. First-party fraud: People applying for credit cards or loans with no intent to repay. How do you assess an applicant’s intent to repay? In a purely judgmental review system, it’s difficult if not impossible to flag potential criminal intent when the applicant’s identifying data checks out. And a criminal’s recent financial history may look—on the surface—identical to a legitimate applicant experiencing financial hardship.
Data analytics tools look at patterns of identity usage specific to how the person is acquiring access to credit. Certain patterns most often indicate normal life activities, while other patterns most often precede high levels of spending followed by abandonment of all debt obligations.
“Mules” can also present a distinctive pattern of activity. Mules are people who apply for credit under their own identities on behalf of a larger criminal enterprise. The mules then funnel loan payouts quickly into fraudulent accounts and disappear.
Mule activity has increased by 41% in 2020 in comparison to attack rates before the pandemic, according to Aite Group research.
2. Third-party fraud: Criminals using victims’ stolen credentials to impersonate them. Verifying standard personal identification data—name, address, birthdate and even Social Security numbers—doesn’t guard against third-party fraud. That data is too easily stolen or purchased. An analytics tool should screen applicants’ data for unusual patterns of activity with phone numbers, addresses, emails, etc., that reveal attempts to misdirect you from connecting with the true identity owner.
3. Synthetic identity: Melding real and fabricated data to create false identities, sometimes used for lengthy schemes. Advanced fraudsters research which lenders have the most liberal identity verification process and use synthetic identities (built with both real—though often stolen—and fake data) to secure accounts and credit across a number of these lenders. They often build these accounts over time to establish a positive credit history.
Then, all at once, they max out all available credit and the accounts go silent. There’s no real person associated with a synthetic identity to pursue for collections, so the only victim is the lender. Detecting synthetic IDs means looking beyond credit report data and doing so beyond the time of application.
An analytics tool can periodically track each applicant’s continuing credit activity to flag a synthetic ID that’s building a portfolio of exploitable cards and loans. These ongoing assessments can differentiate between a potentially criminal pattern and normal activity that typically connects family and business relationships across multiple lenders.
When a data analysis tool flags a potential synthetic ID, credit unions can limit their exposure by requiring more documentation and/or by not cross-selling additional products.
Three Types of Fraud to Train Against
Even if you’re using an analytics tool to review lots of data and watch for hacks, your fraud response program will be more effective if employees are frequently trained on spotting emerging fraud trends, says Jay Bowden, CFO of TRC Interactive, Harrisburg, Pennsylvania, which partners with CUES in offering First Line of Defense™. The company offers online fraud prevention training, using input from financial institutions and other sources to customize courses to reflect the latest threats.
Bowden says the pandemic-fueled fraud surge has increased the overall need for fraud training, including in wire transfer, Paycheck Protection Program loan and tax-related fraud.
1. Wire transfer fraud. “People’s tendency to stockpile certain things during this time has driven larger purchases that may require wire transfers,” he notes. Especially for folks who have no experience with electronic funds transfers, these transactions are ripe for cybercrime.
2. PPP loan fraud. The Small Business Association’s Paycheck Protection Program has introduced lending processes subject to virtually every fraud technique mentioned above, and more. The National Credit Union Association laid out a host of PPP-related red flags, such as multiple applications with different names but identical supporting documentation, businesses with no payroll history that claim to have employees, etc.
3. Tax-related fraud. This happens every year, of course, but the IRS warns that the pandemic has spawned scams using economic impact payments as a hook to get taxpayers to give up personal information.
Leveraging both analytics and training can help your credit union prevent being hack and avoid losses.
Glenn Harrison writes from Stoughton, Wisconsin.