Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity (Gartner Report Part 2)
•
3 gostaram•377 visualizações
We believe Gartner’s report, “The Growing Problem of Synthetic Identity and First-Party Fraud Masquerades as Credit Losses,” discusses the rise of synthetic identity and first party fraud losses being concealed as credit losses. In Part 2 of this webinar series we will explore Gartner’s recommendations and provide some real-world advice on how you can prepare your business to fight this trend. In Part 2 of this webinar series, we’ll conclude with: - Exploring how to battle synthetic identities and first party fraud - Reviewing Gartner’s recommendations for building a comprehensive fraud prevention strategy - Looking at some specific capabilities for helping to stop this type of fraud *Gartner: Take a New Approach to Establishing and Sustaining Trust in Digital Identities, Tricia Phillips, Danny Luong, 1 March 2018.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (10)
Semelhante a Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity (Gartner Report Part 2)
Semelhante a Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity (Gartner Report Part 2) (20)
Mais de TransUnion
Mais de TransUnion (20)
Último
Último (20)
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity (Gartner Report Part 2)
- 1. WEBINAR FRAUD PREVENTION STRATEGIES TO FIGHT FIRST-PARTY FRAUD AND SYNTHETIC IDENTITY SEPTEMBER 2018 EDDIE GLENN, SR. MANAGER, PRODUCT MARKETING
- 2. 2 EDDIE GLENN S E N I O R M A N A G E R , P R O D U C T M A R K E T I N G , I O V A T I O N 25+ years in product management and product marketing, with focus on safety-critical and risk-prone software Co-author Definitive Guide to Next Gen Fraud Prevention Articles have appeared in ITSP Magazine, Totally Gaming, Gambling Insider, iGaming, Drives go-to-market initiatives for fraud solutions at iovation
- 3. 3 CREDIT WRITE-OFFS ARE ON THE RISE 2% 21% Q2 Q3 Loan Loss Y/Y 20171 1First Data US Financial Institution Quarterly. December 2017. Volume 1, Issue 4 “…a top 5 US Retail Bank reported a 26% increase in credit losses in Q1 2017…2 ” 2”Surprise Surge in Card Defaults Sinks Capital One”, Bloomberg.com
- 4. 4 “The Growing Problem of Synthetic Identity and First-Party Fraud Masquerades as Credit Losses” Written by Gartner Analysts: Tricia Phillips Danny Luong A complimentary copy of this Gartner document is available by request from iovation Gartner, The Growing Problem of Synthetic Identity and First-Party Fraud Masquerades as Credit Losses, Tricia Phillips, Danny Luong, 1 March 2018. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights
- 5. 5 Unintentional Defaults First Party Fraud Synthetic Identity Fraud Stolen Identity Fraud 4 POSSIBLE EXPLANATIONS
- 6. 6 “By 2021, first-party fraud and synthetic identity fraud will account for 40% of credit write-offs, up from an estimated 25% today.” The Growing Problem of Synthetic Identity and First-Party Fraud Masquerades as Credit Losses, Tricia Phillips, Danny Luong, 1 March 2018. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
- 7. 7 WHY DOES IT MATTER WHAT DRIVES CREDIT LOSSES? SILOS TIMECLASSIFICATION
- 8. 8 WHY DOES IT MATTER WHAT DRIVES CREDIT LOSSES? UNDERWRITING, CREDIT PROCESSES, AND MODELS ARE DESIGNED TO DETERMINE CREDIT WORTHINESS AND ARE UNABLE TO DETECT FRAUD
- 11. 11 STEP 1 P E R F O R M A C R O S S F U N C T I O N A L A U D I T O F N E V E R P A Y L O S S E S Enlist help of fraud and new account/underwriting leaders throughout organization Look for miscategorized cases Synthetic identity fraud First party fraud Use this data to quantify losses and trends
- 12. 12 STEP 2 M A P Y O U R L O S S E S T O C U R R E N T M I T I G A T I O N T E C H N I Q U E S CURRENT CREDIT MODELS CURRENT FRAUD DETECTION TOOLS 1st Party (unintentional default) 1st Party fraud (intentional default) 3rd Party synthetic identity fraud 3rd Party stolen identity fraud + + + X X X - - + X-Performs well Rarely performs well Performs poorly
- 13. 13 Take an inventory of fraud tools that your entire organization uses today Detecting money laundering Preventing account takeover Detecting fraudulent transactions Just because your group doesn’t use them, they might still be helpful Can they be used to help with identifying first party fraud or fraud from synthetic or stolen identities? STEP 3 I D E N T I F Y C U R R E N T F R A U D P R E V E N T I O N T O O L S T H A T C O U L D B E L E V E R A G E D
- 14. 14 Device Risk & Digital Identity Assessment Behavior Reputation Real-world identity assessment TOOLS THAT CAN BE USEFUL F O R H E L P I N G C O M B A T F I R S T P A R T Y & S Y N T H E T I C I D E N T I T Y F R A U D
- 15. DEVICE RISK & DIGITAL IDENTITY ASSESSMENT
- 16. 16 WHAT INFORMATION CAN A DEVICE PROVIDE?
- 17. 17 MD5 Hash of the full font list Random sample of 15 fonts Flash SharedObjects not writable Flash socket 843 based ip (real IP) Boolean indicator: flash took longer than expected to execute Accepted Char Sets in HTTP header Accepted languages in HTTP header Browser user agent comment string Browser name / OS / Ver / language Cookie writes excluded Boolean indicator, javascript enabled Count of fonts in the full list Flash 3-part version (16.0.0) Flash 4-part version (16.0.0.305) List of browser plugins JavaScript screen resolution Simbar toolbar GUID from HTTP hdr Timezone offset in minutes ... and more WiFi (or Bluetooth) MAC Address Network configuration iOS Device Model Battery level / AC mode Device orientation File system size Physical memory CPU Type / Count /Speed Number attached accessories Has proximity sensor? Screen brightness and resolution System uptime iOS Device Name (MD5 Hash) OS Name and/or version Device advertising UUID Kernel version iCloud Ubiquity Token Application Vendor UUID /name/vers Locale language / currency code … and more Model and Device Model Build.DEVICE & Build.HARDWARE Build.HOST & Build.ID Manufacturer Build.PRODUCT & Build.TIME Network Operator ID & Name Sim Operator ID & Country System Uptime in Seconds Is the device plugged in CPU Type Physical memory Unique build fingerprint of app Android SDK Level Android Build Number (DISPLAY) Android Device System Version Detected attempt at hiding root detect Kernel Version (was AKV) Android Locale Country Code Desktop Wallpaper Hash … and more AT ANY ONLINE TRANSACTION HUNDREDS OF DEVICE ATTRIBUTES CAN BE COLLECTED Web Device Print iOS SDK Android SDK Adaptive analytics and machine learning can be used to determine level of risk.
- 18. 18 Is this device trying to evade detection? Does a combination of attributes indicate risk? Timezone mismatch, odd screen size/OS version IP Proxy masking, TOR, VPN, Fraud Fox, Anti-Detect EXAMPLE EXAMPLE SAMPLE RISK INDICATORS
- 19. BEHAVIOR
- 20. 20 Is device being being evasive? Is transaction velocity high? Has device been used to access many accounts? Has device recently created many new accounts/applications? Was the credit application filled out quicker than humanly possible? DEVICE BEHAVIOR
- 21. 21 Is there a high number of associations between different devices? Are there other odd relationships between multiple devices and accounts? DEVICE ASSOCIATIONS
- 23. 23 CYBERCRIMINALS FREQUENTLY SWITCH IDENTITIES. THEY DON’T FREQUENTLY SWITCH DEVICES. If you flag one application as being fraudulent, it may not stop others. USE DEVICE REPUTATION TO FLAG DEVICES ASSOCIATED WITH FRAUD
- 24. 24 HARNESS THE POWER OF A NETWORK FRAUD ANALYSTS FLAG DEVICES WHEN FRAUD IS CONFIRMED. THE REST OF THE NETWORK BENEFITS FROM THIS DEVICE REPUTATION EVEN WHEN DIFFERENT PERSONAL IDENTITIES ARE USED. SYNTHETIC IDENTITY STOLEN IDENTITY FIRST PARTY APP FRAUD CREDIT CARD FRAUD
- 25. 25 MAXIMIZING PROTECTION Is this device associated with past stolen identity? Is this device associated with a past first party application fraud? Are any device risk factors present: location, jailbroken, evasion, velocity, other inconsistencies? Is this device associated with past synthetic identity? Has this device been seen before? How many applications have been created recently? SUBMIT D U R I N G L O A N O R C R E D I T A P P L I C A T I O N P R O C E S S
- 26. 26 DEALING WITH THE UNKNOWN GOOD CUSTOMER True identity, good intent, good credit RISKY CUSTOMER True identity, good intent, bad credit BAD CUSTOMER True identity, bad intent, variable credit CRIMINAL Stolen/synthetic identity, bad intent, variable credit
- 27. 27 RISK SIGNALS P R O V I D E D B Y O N L I N E F R A U D D E T E C T I O N T O O L S Device Risk Real- World Identity Reputatio n Digital Identity Assessment Behavio r Good Customers (true identity, good intent, good credit) Risky Customers (true identity, good intent, bad credit) Bad Customers (true identity, bad intent, variable credit) Criminals (stolen/synthetic ID, bad intent, variable credit) + + X X ? X Negative signals ? Mixed signals + Positive signals + + + + X X X + + + + + +? ?
- 28. SUMMARY
- 29. 29 IOVATION STATS FOR FINANCIAL SERVICES O N L I N E F R A U D P R E V E N T I O N A N D A U T H E N T I C A T I O N U S I N G D E V I C E I N T E L L I G E N C E Total financial transactions protected 3.3B Risky transactions stopped 22M Reputation reports filed 418K Devices seen previously 77% Iovation data, June 2017 – June 2018 Velocity Multiple Factors Device Risk Reputation Location Risk Device Age Other Risks Factors our customers use to stop fraudulent activity
- 30. 30 Work across your organization; underwriting and fraud prevention departments To fight application fraud from first party, synthetic, and stolen identities you have to classify it. Underwriting tools and processes are not useful for fighting this kind of fraud Use a combination of tools and processes: Device Risk & digital identity Assessment Real-world identity assessment Reputation Behavior SUMMARY
- 31. Q&A
Notas do Editor
- Thank you Brooke. Hello everyone. Thank you for taking the time to join today’s webinar. Because I know how busy everyone is, I’m going to keep this at around 30 minutes, so let’s get started! During last month’s webinar, we discussed that multiple industry indicators are showing an increase in credit losses. For example, First Data US Financial Institution Quarterly reported that losses rose from 2% in Q2 of 2017 to 21% of Q3 that same year. Today, we’ll explore specific recommendations for how you can battle this concerning trend.
- Several Gartner analysts investigated this trend and produced a report titled “The Growing Problem of Synthetic Identity and First-Party Fraud Masquerades as Credit Losses.” As an attendee of this webinar, iovation will provide you a copy of this report. For the remainder of this webinar, we’ll dive into the details of this report, including strategies on how you can combat this type of fraud.
- In their report, Gartner identified 4 possible reasons to explain the industry’s increased credit losses” Unintentional fraud – loans or credit cards that consumers opened up with every intent to pay but for whatever reason, a divorce, medical situation, or job loss, have been unable to pay. First party fraud – loans or credit cards opened by fraudulent consumers with the deliberate intent of never to repay Stolen identity fraud – loans or credit cards opened up by fraudsters using someone else’s identity And finally, synthetic identity fraud – loans or credit cards opened up by fraudsters using bits and pieces of real identities. Synthetic identities are often very hard to spot because they look real, the credit file of the identity doesn’t look much different from that of a young person, someone with a light credit history.
- Gartner is estimating credit losses from first party application fraud and synthetic identity fraud is on the rise. They estimate that 25% of credit losses in 2018 are due to these types of fraud and they expect that to grow to 40% by 2021. That’s a concerning trend. But, what can credit institutions do to address this?
- During last month’s webinar, someone asked us the question why does it matter what is driving credit losses. Gartner goes into much detail in their report. Primarily it matters because it impacts how you will need to vary your strategy to reduce fraud losses based on what is driving them in the first place. <CLICK> First, in order to be able to stop a credit loss, you need to have metrics to help determine how serious of a problem you have. In order to build metrics, you need to be able to classify what caused the loss. If it is indeed an underwriting problem, then is there a problem with your credit scoring model? If it is first party fraud, then what type of first party application fraud? By having metrics and classification, you can begin to think about what types of preventative and detection tools to use. In addition, misclassification prevents the necessary tracking of specific fraud types which makes it close to impossible to build an ROI for the investment of new tools to detect these types of activities. <CLICK> The next consideration is around who is responsible for fighting the fraud that led to the loss. Financial institutions often separate their fraud and underwriting cases. These groups have different organizational structures, use different preventative technology, and rely on different performance indicators. Working in silos makes patterns of related incidents harder to identify. If they are hard to identify, then they are hard to stop. Fraudsters don’t work in silos. They are using every tactic available to them to commit fraud. They count on financial institutions being silo’d and thus they have found a rich payday in fraud. They may start out committing first party application fraud, then switch to using stolen identities and then synethetic identities. <CLICK> Finally, time is of the essence. If your institution is under a coordinated or repeated fraud attack, you want to know that as quickly as possible. If you are misclassifying first party fraud or synethetic fraud as unintentional fraud, your silo’d fraud group may not even know there is a coordinated attack and that there are related incidents of fraud occurring because these are being reported as non-pays. You don’t want to wait months for an account to be in the collections process only to later find out that it was a case of synthetic identity fraud. How many more cases may have happened during this time?
- Keep in mind…if your credit losses aren’t due to a credit worthiness problem, then your underwriting, credit processes, and models will not help you detect and fight the kind of fraud that is leading to the credit losses.
- So let’s look at what Gartner’s recommendations are.
- According to Gartner, if you can’t name it, you can’t measure it, and if you can’t measure it, you can’t set acceptable levels or monitor trends. And if you can’t monitor trends, you can’t build an ROI to invest in tools to detect and stop it. Each form of fraud requires different detection and prevention measures and behavior models. The lack of accurate and consistent categorization results in ineffective application of mitigation techniques and causes difficulty for your organization to justify new tools, strategies, and training. So let’s look at these step by step.
- The first thing that Gartner suggests is that your organization gets a better understanding of what level of a problem you have with credit losses. Credit losses that may have previously been attributed to unintentional fraud may not actually be that. So you should review, perhaps the past 12-18 months cases of all credit losses. Reach out to others in your organization, leaders in new account and underwriting departments and set up a cross organizational task force to look for cases of credit loss that is due to issues other than unintentional defaults. This will increase the likelihood that clues to the type of loss will be detected. Look for cases of synthetic identity and first party fraud. Finally, use this data to quantify losses and trends and to categorize them. Does this data show an increase in synthetic identity fraud? Or first party application fraud?
- So, what tools and processes are you currently using to mitigate your losses? Not all tools and processes perform the same way based on the reason for the credit loss. For example, <CLICK> …
- Next, looking across your organization, develop an inventory of various fraud prevention tools that are already being used. Just because your group isn’t using them today, many of them might be useful to repurpose to help you fight fraud from first party and synthetic identity.
- Gartner identifies some categories of fraud prevention tools that can be helpful. We’ll look at each category in more detail in the next few slides.
- The first category of tools centers around the devices that fraudsters use when conducting online transactions such as submitting a credit application.
- So, what kind of information can a device provide that is useful for detecting and stopping fraud? Even if you aren’t completely sure who the person is on the other end…after all it could be a fraudster using a stolen identity or synthetic identity…or their own identity, using a device intelligence tool you can discover some important information. The first thing that a device intelligence tool needs to do is to collect information about the device. This information is used for two purposes. The first purpose is to create a unique device identification for the device. In cases of synthetic identity fraud and stolen identity fraud, it is IMPERATIVE, that the device identification is performed INDEPENDENTLY of any personal information provided by the user. Afterall, a fraudster is rarely providing accurate information about themselves. Not all device intelligence tools do this so when you are looking at your options, you really should focus on the ones that can uniquely identify a device without need of any personal information. We often refer to this device identification as a ‘device fingerprint’. When I say that, I don’t mean the user’s fingerprint read from the device, but instead am referring to a unique set of attributes from the device that allows us to recognize that device again and again as being the same device. It’s important to note that when we talk about device identification we aren’t referring to a device manufacturer’s identification number that is sometimes stored in each device, or even an operating system device identifier. These are easily changed and spoofed by a fraudster. Once the device has been recognized and a unique identification assigned to the device, then we can look at what else the device attributes can provide you. These attributes are very useful in detecting risk that the device poses to the online transaction. For instance, you can tell if the person is trying to lie about where they are located at. Even though it is relatively easy to alter the location of the person and device in an online transaction, there are many device indicators that reveal the true location. If the individual is intentionally lying about their location or even just trying to hide it by using a proxy service, then this is a risk signal that may indicate that other aspects of what they are telling you is incorrect.
- Hundreds of attributes can be collected from a device. The exact list varies depending on if the user is using your mobile app to submit a credit application or using a web browser. Adaptive analytics and machine learning can be very useful in picking up subtle risk patterns to help alert you if a particular device is posing risk. Let’s look at a few example risk indicators.
- In an earlier slide, I mentioned that location information can signal risk. Specifically, we can look at if the multiple geolocation indicators all match up to the same location. If they do not, then this could be a signal that a fraudster is trying to manipulate their device. You can also determine if the fraudster is trying to hide their location by using proxy masking such as TOR, VPN or a web browser tool like Fraud Fox or Anti-Detect. While evasion doesn’t always mean that the person is trying to commit fraud, it is a risk signal that should prompt you to use caution when processing the transaction. There are other attributes that can be read from the device as well that indicate risk. For example, if the device is reporting that it is a mobile device but the screen resolution is not correct for the type of mobile device, then this could indicate that a fraudster is manipulating their device information. At iovation, we have seen an increase of fraud when devices have been jailbroken. Sometimes fraudsters do this to install special software to help them evade detection. Another common attribute that is associated with a risk of fraud is when an emulator is being used.