With consumer transactions moving to mobile and digital—a trend only heightened by the recent COVID-19 crisis—opportunities for fraudsters to capitalize on faceless transactions has soared. A confluence of intertwined fraud trends has raised the stakes, adding even greater complexity to already difficult organizational fraud challenges. Two trends in particular—an evolution to more digital and mobile transactions and an increased accessibility to consumer data—are particularly noteworthy—and worrisome.
Key Fraud Trend #1: Digital and Mobile Transaction Migration
The migration to digital and mobile transactions with more payment methods, points to changing consumer behaviors because of the digital explosion. The embracing of mobile and online transactions has a downside: it paves the way for fraudsters to target a broader set of businesses through increasingly sophisticated and complex fraud methods.
Despite a decline in attack volumes in the LexisNexis® Digital Identity Network®, the volume remains high: 235M. Mobile browser transactions continue to see the highest rate of attack—60%—while mobile app transactions are attacked at the lowest rate. This occurs at a time when mobile is continuing to facilitate broad access to goods and services, with nearly seven in every 10 transactions coming from a mobile device.1
With increased use of branded mobile apps and the ability for consumers to use bill-to-mobile, identity-based fraud is a top factor for fraud losses. This trend is significant because the number and breadth of various U.S. businesses indicating they were allowing mCommerce has risen significantly. Leading up to and including 2018, the use of mobile transactions was more often the domain of a niche group of organizations: mid-to-large-sized retailers who sell digital goods along with 70% of credit and mortgage lenders.2
While mid-to-large firms in the aforementioned areas have traditionally been hit the hardest, since 2018, all that has changed. Those who are allowing mCommerce are now far broader and more diverse and include:
- Smaller retailers who sell digital goods (68% of smaller retailers that sell digital goods, compared to 24% in 2018)
- Mid-to-large retailers that sell only physical goods (45%, up from 33% in 2018)
- More U.S. eCommerce merchants across all size groups (39% small eCommerce with digital goods from 22% in 2018; 55% mid/large eCommerce from 36% in 2018)
- More U.S. banks (75%, up from 58% in 2018) and investment firms (67%, up from 39% in 2018)3
Although non-digital firms do not conduct the majority of business through remote channels, they do have a multi-channel business model that includes higher risk online and mobile transactions—and are less likely to invest in holistic risk mitigation solutions. These firms, too, are discovering that identity proofing is the greatest challenge for organizations as fraudsters launch multi-sector attacks.
These attacks can take a number of different forms. For example, fraudsters are becoming increasingly adept at creating new consumer or business identities by cobbling together pieces of real and/or fabricated information, also known as Synthetic ID’s. Criminals apply for credit with these synthetic identities to establish a credit file with the bureaus and often start off looking like good customers. This tactic enables them to then open up additional lines of credit and build legitimate-looking identities, powering fraud across industries.
Fraudsters also use bot attacks. While automated bot attack strikes were flat overall YoY, they were up 32% in eCommerce.4 Most troubling may be the globally organized and connected fraud network attacks that share stolen identity information and then collaborate to launch various fraud attacks. The ramifications of the digital and mobile transformation and the ensuing fraud is vast and cannot be solved with incremental, check-the-box approaches.
Key Fraud Trend #2: Increased Fraudster Accessibility to Consumer Data
More and more, fraudsters are leveraging digital transactions for complex types of fraud that involve mobile channel and digital goods/services transactions. Consider these facts:
- Over 4,500 data breaches have been made public since 2005, with more than 816 million individual records breached5
- 45% of Americans—that’s nearly one out of two—have had their personal information compromised by a data breach in the last five years6
- A hacker attack occurs every 39 seconds7
Fraudsters use this sensitive information to develop synthetic identities, drive bot attacks and fuel successful fraud attacks by creating identities that look and act like valued and legitimate customers. They are successful all too often. Globally, there is an 88% growth in new account creation attacks from a mobile app YoY. And the overall attack rate on new account creations is 14%, which is higher for logins and payments. For mobile app-related events, that attack rate soars to 19.7%.8
Despite this fraud growth, identity verification is a major challenge since traditional verification checkpoints—such as physical address, date of birth and social security number—have become less effective in detecting and preventing sophisticated fraud. Synthetic identities, for example, are very difficult to detect using traditional solutions that rely solely or primarily on physical identity attributes. Since these identities look and act like legitimate customers, companies are hesitant to challenge them.
Mobile devices are prime targets for malware and malicious bots that infect mobile apps. Bots are also hard to distinguish from valued customers. While synthetic identities and the volume of bot attacks have always presented a problem for organizations, the risk has grown exponentially. Fraud networks raise the stakes even higher. These networks attack like a pack of wolves—many bad actors, multiple tools and methods used at once confuse businesses and overcome weak points in fraud detection processes. There is also a rise in fraud linked to e-mail and IP addresses with multiple billing addresses. Add all of this together and it is no surprise that account takeover attacks are up 72% YoY9 and that one in seven new account creations are fraudulent.10
Increased fears about identity-related fraud may lead to the introduction of too much friction into the fraud detection process. A balance must be created between a robust fraud-fighting approach and a customer experience with only risk appropriate friction.
So what is the answer? First, it’s important to recognize that fraud mitigation is not one-size-fits-all. The ability to detect fraud in the remote channels (e.g., mobile channel) is harder than doing so in person. Fraud tools need to authenticate both digital and physical criteria, as well as both identity and transaction risk. Since these factors feed on each other, they require an integrated and holistic approach to detecting, assessing and mitigating fraud risks moving forward. Specifically, this should involve a multi-layered solution approach to detect and mitigate fraud on different levels and across different channels. The approach also needs to integrate with the organization’s cybersecurity and digital customer experience strategies.
Uncovering fraudulent identities, particularly those created by sophisticated global networks, require increased real-time third-party data and analysis in order to detect and prevent fraud and its collateral damage. Companies that invest in a single holistic approach using multiple layers of fraud defense experience fewer successful fraud attacks and lower their cost of fraud.11 To find out more, contact LexisNexis® Risk Solutions for insights into how to evolve your fraud strategy.
1. North American Transaction Patterns; LexisNexis® Risk Solutions Cybercrime Report July – December 2020, The New Cybercrime Landscape
2., 3. Percent of U.S. Businesses Allowing mCommerce; LexisNexis® Risk Solutions True Cost of Fraud™ Retail/eCommerce, Financial Services and Lending Studies 2018 & 2020
4. LexisNexis® Risk Solutions Cybercrime Report July – December 2020
5. Digital Guardian: The history of data breaches
6., 7. Forbes: 50 Stats Showing Why Companies Need to Prioritize Consumer Privacy
8., 10. Analyzing core touchpoints of risk in the customer journey; source LexisNexis® Risk Solutions Cybercrime Report January – June 2020, slide 18
9. Javelin: Identity Fraud Losses Increase 15 Percent as Consumer Out-of-Pocket Costs More Than Double, According to 2020 Identity Fraud Report, May 2020
11. LexisNexis® Risk Solutions 2020 True Cost of Fraud Study