Part 2: Will More Stimulus Packages Equal More Fraud?
January 20th, 2021
In the final part of our blog series, we’ll explore fraud threats surrounding opening new accounts and future stimulus packages, and how to fight back. Catch up on part 1 here.
Mitigating the threats
Stopping the fraudsters from getting through the front door will be a key element in the strategy to reduce fraud at account opening stage. However, only concentrating here may mean the balance of fraud detection and customer experience is wrong, leading to lower revenues overall. Building on this with ongoing detection will lead to a better overall balance for any FIs.
A more thorough balancing can be achieved by linking the new account fraud system to that of application fraud, or making them elements of the same system. Using such an enterprise fraud system allows for flexible integration of a broad list of identity, document verification and KYC vendors, which allows you to switch to new vendor without changing the application process. This system should also facilitate easily ingesting data from multiple sources to help independently verify the information provided, while using the data within models to highlight high risk applications for review.
Data sources should be covering areas such as:
- PII and KYC verification
- Mobile network verification
- Email verification
- Mailing address verification
- Document verification
- User mobile / browser behavior verification
- ID – combination verification (SSN/credit)
- Funding account verification
- KYC checks
Putting fraud tools in place
In addition, tools such as device profiling and behavioural biometrics can help prevent known fraudsters and devices continuing to attack your FI. Use these tools to block applications at the earliest stage to avoid high volumes of alerts DDoS-ing your operations. One bank cited they had an attack of over 50,000 fraudulent apps making up about 90 percent of their applications for a short period during the pandemic. This kind of behaviour means that without the right controls in place, the fraudsters will get lots of applications through account opening, so layered controls are important.
With this data, multiple machine learning models can be run to assess the risk of identity fraud/theft, synthetic IDs, first-party fraud and mule accounts. Where accounts are onboarded, the data and scores can be reused within Customer Life Cycle Risk Management (CLRM), along with ongoing authentication and profiling strategies to detect fraud and reduce friction and false positives. An account deemed higher risk, but not enough to decline, can be fed into ongoing risk assessments to hunt out potential mule accounts.
Configurable workflows within the case management system for different account types will also help. For example, different ones for debit deposit accounts (DDAs), savings and mortgage accounts allow them to be flexed depending on the initial risk assessment. These workflows can then drive higher or lower levels of friction, even by adding more verification for higher risk cases than lower risk ones.
Ongoing account monitoring
Once past the onboarding stage, we can move to the ongoing element of new account. One way to help stop initial abuse is to limit the functionality of the DDA available to new customers in the early months of their relationship. This can help by placing dollar limits on turnover or payments away, or limiting the time before lending products are available. If this is done using a risk score rather than simply a blunt age of account policy, this is much more powerful and can lower friction on genuine customers.
While this can help reduce frauds, it also limits genuine customers. Fraudsters who are willing to wait will just abide by the policy and then proceed to carry on with their nefarious schemes.
However, it is worth going a stage further to use the data captured at the applications stage along with assessing data from other sources, such as intelligence on mule accounts or bureaux data that may be signalling bust out.
Combining this with the right modelling capabilities can allow for new account strategies based on scores rather than just simple policies. These can be updated regularly even in real time based on transaction history and non-monetary events. Here we’re looking for anomalies immediately after account opening, such as the sources of funding. Anomalies and other factors can be risked scored, such as does this fit to the age and occupation of the customer? Is this a high-risk credit, such as a check or deposit from a card?
The models can then look at two key areas. First, we see genuine customer behaviour paying utility bills, or some other regular occurrence, and links to other people in a ‘good network’. This later element can be particularly hard to emulate. Of course, we also need to look for signs of the manufactured behaviour, either internal or external. Cycling of funds and fake companies are common signs. High levels of credit across other institutions could also point here, especially if built quickly.
Second, look for higher risk trigger factors such as being connected to people in higher risk networks (linked to frauds, or high-risk addresses or devices), yet without many transactions, round amounts and similar narratives. By making it more difficult for fraudsters to spoof things, we are inheritably increasing their costs of criminal operation, which can mean it becomes uneconomical for them to attack your institution.
Case management is also vital, since being able to enrich alerted cases with additional data helps keep costs down and speeds up investigation times. Keeping as much of the information on one screen and supplying entity insights and linked analysis in a visual form all helps the investigator make the right decision quickly.
Taking this approach also means that the majority of your applications can receive a strong yet low friction digital onboarding process, while higher risk accounts have the additional friction that they require. Once onboarded, any fraudsters missed can be picked up as they progress through the lifecycle, reduce the risk and cost to the FI, and keeping genuine customers happy.
Getting new account fraud detection right doesn’t need to increase friction. By taking the time to set up the appropriate life cycle management, you’ll find that not only do you limit lost customers and reduce overall costs by only onboarding profitable relationships, but you also lower total fraud losses.