Are fraudsters changing tactics or simply adding new channels to their attack plan?

“Fraudsters are continually evolving”, we hear this all of the time but in my view it’s not strictly true. Fraudsters would change tactics if what they are doing wasn’t working but we see the same tactics. I think this view is largely in response to three things:

 

 

My opinion is that fundamentally fraudsters have not changed their approach or what they do in the last 20 years. All that has changed is in relation to the channels through which organisations provide services and the new opportunities involved – branch, telephony or web, and how criminal organisations can harvest data from organisations and individuals.

 

The aspect that changes is how businesses inadvertently create opportunities for fraudsters – whether those are new channels, new products, new strategies, reduced delivery time etc.

 

The Experian fraud report highlights how consumers like to feel protected – for example, if an application process is “too quick” then that might give the impression that checks have not been properly completed. Conversely, if a website or customer journey indicates speed of product delivery or provides a perception of a lack of controls, for example a “cookieless” approach then that may encourage fraudsters.

 

The fraud triangle, created originally by criminology researchers Edwin Sutherland and Donald Cressey, shows how there are a combination of factors involved that facilitate fraud. Motivation – the need for committing fraud, Rationalisation – the justification or mindset, Opportunity – the situation that allows the fraud to occur.

“Breaking the Fraud Triangle” is the concept of taking away one of the factors of the triangle and involves the reduction of opportunity through improving controls and prevention capabilities. However, the implementation of controls may not be enough the deter criminals and often these techniques or capabilities are hidden away, mainly to not alert a fraudster to the tools in use and enhance their knowledge.

 

What about reducing motivation? For a fraudster, the application is only part of the process and the end goal is to obtain the account, service or funds. Part of this motivation could be the loan amount, speed of delivery or the credit limit provided on a card. But what if these motivational aspects could be controlled better as part of an overall holistic fraud approach? Could you then accept more of the genuine customers, reduce referral volumes and costs of investigation whilst reducing fraud losses?

 

An example here could be in a credit card scenario. Let’s suggest an applicant has some fraud markers or a certain score, but these are not serious enough to trigger a fraud referral. The applicant has been provided a high credit limit, but outside of balance transfers the usual spend of a customer might be a fraction of the credit limit. What if the behavioural system could use the fraud markers generated at the point of application, and any triggers generated in real-time (CIFAS, National schemes, bureau data etc), to control the spend and limits for the customer? If the application could be accepted, but then the behaviour AND the presence of indicative data means that the account could be suspended BEFORE a limit is reached, then this would likely mean a reduction in fraud losses and motivation for the fraudster to attack the organisation.

 

The net result of this type of approach is a win-win because there will also be a reduction in fraud attempts at the application stage – because the rewards for a fraudster have been reduced.

 

For my latest blogs on current identity and fraud market issues and challenges please click here.