Tools Financial Institutions Need to Mitigate Account Takeover & Account Origination Fraud
Financial institutions and their consumers are facing an increasing wave of identity fraud. Even as financial institutions harden their defenses, relentless cyber thieves are mastering new tactics to exploit weaker fraud prevention measures, such as using social engineering to thwart Knowledge-Based Authentication (KBA) questions.
Massive data breaches of personally identifiable information (PII) have made it much easier for fraudsters to easily obtain the sensitive data needed to perpetrate account takeover and account origination fraud. Financial institutions, now more than ever, require sophisticated measures to quickly and accurately separate legitimate consumers from fraudsters without adding undue consumer friction.
Neustar recently hosted a webinar with the Association of Certified Financial Crime Specialists (ACFCS) to discuss the results of a research study cosponsored by American Banker. The survey of more than 500 senior-level executives at banks, credit unions, and non-banks sheds light on the scale of the threat of account takeover and account origination fraud. The survey also reveals what these executives feel their priorities are in responding to these fraud attempts, the safeguards they are currently using, and how they are intending to improve their defenses.
Responses to the survey show that financial institutions are placing a great deal of faith in multifactor authentication (MFA) and knowledge-based authentication (KBA). Yet the basic framework for MFA – a onetime code sent by text message – can be defeated by identity thieves who have hijacked a customer’s phone number using techniques like unauthorized reassignment or SIM swap. KBA is notoriously cumbersome for customers trying to keep secret questions straight, and ineffective against enterprising con artists who can collect the right answers using social media, social engineering, or by coaxing them out of overly-accommodating call center representatives. Most FIs say that their anti-fraud systems fail to incorporate vital intelligence that could help them seamlessly identify legitimate customers and shut out criminals.
Can a device be verified? Has a mobile phone recently been reassigned? What is the reputation of an identity being used to open a new account? Financial institutions need access to wide-ranging, continuously refreshed digital, device, and offline identity information to answer questions like these in order to quickly and precisely determine whether the person is who she says she is. With the right data, FIs can allow legitimate customers and transactions through with minimal friction, reduce false positives, isolate high-risk interactions, and stop fraud.
To learn more about how financial institutions are managing current and future fraud threats with a multilayered approach, while letting legitimate consumers through without hassle and friction, download slides from the webinar.