In 2019, unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £824.8 million, according to UK Finance. One type of fraud that contributes hugely to this loss is identity theft, which has become a serious problem in recent years. Anti-fraud measures, designed to detect identity theft, force the fraudsters to find ways to trick individuals, leading to new and constantly evolving fraud typologies that are increasingly difficult to detect and stop.
In account takeover fraud, for example, the criminal uses information stolen through phishing scams or similar to gain access to an individual’s account and make unauthorized payments or apply for credit. The difficulty for fraud detection is that this looks, at face value, to be the customer logging into their account and the alarm might only be raised if and when the customer spots anomalous activity on their account.
Even more difficult to detect is synthetic identity fraud – sometimes called Frankenstein fraud – where criminals create an identity by stitching together real information stolen from various sources in order to build a whole new persona. Nurtured over time, fraudsters build legitimacy for the identity, becoming model customers of bank accounts and short term credit, always paying on time to build their score. Eventually they ‘cash out’ – applying for as much credit as possible simultaneously, with no intent to pay.
- Here's our list of the best password managers right now
- Check out our list of the best secure password generators around
- Here's our list of the best security keys on the market
Angus Sim is a Consultant at LexisNexis Risk Solutions
According to recent research, account takeover fraud represent 19% of all third party fraud (where people’s details are stolen), while synthetic ID fraud accounts for 15% of all UK first party fraud. In other words, they’re massive issues. So how do we go about tackling them?
Digital ID tools
Digital identity tools are a key weapon in the fight against identity theft. At a basic level, they use a limited set of attributes, such as name, date of birth, credit bureau data and electoral roll data, to identify the individual in question and determine the probability of them being genuine. But as we’ve already heard, these can be easily stolen or faked.
This is where cutting edge technology can help. The latest digital identity tools analyse a much wider set of attributes from the moment the ‘customer’ attempts to login. These can include behavioural characteristics that check against established patterns of behaviour unique to an individual – how they enter their details, how quickly they type, how they hold their device; or physical traits, such as the device they’re using and their location in the world. Measuring these attributes helps companies make a risk judgement even before a successful login and add additional layers of authentication dynamically, in milliseconds if there’s any suspicion it’s not the genuine customer.
Other layers of digital security use knowledge-based authentication (KBA), one-time passwords (OTP) and advanced biometrics such as liveness tests and facial recognition to add additional layers of security designed to thwart fraudsters using stolen details. These multifactor authentication methods not only allow businesses to authenticate people with a much higher probability of success, but actually improve and speed up the experience for genuine customers.
Tackling fraudsters using manufactured identities is trickier, but here again technology can help. Using artificial intelligence machine learning tools, firms can analyse vast sets of customer data to detect patterns and linkages between common attributes like address and phone number to uncover potential fraud networks that would otherwise remain invisible. Combined with other due diligence solutions that screen against public data like mortality records, the vast National Fraud Initiative database of known fraudulent ID documents and databases of email addresses known to be associated with suspicious activity, technology is constantly evolving to provide an effective defence against even the most complex types of identity theft.
- Here's our list of the best endpoint protection services available