Application Fraud

Fraudster fashion and the global rise of application fraud

When the EMV (chip and pin) liability shift went into effect in the US last year, many heralded it as a cure-all for the ever-increasing card fraud epidemic. Of course, EMV chip cards don’t do anything to combat online fraud, but they are having a downstream affect on online fraud.

Fraudsters, not being completely stupid, are simply shifting their tactics. A crackdown on card-present fraud means the bulk of fraudulent efforts have now turned to card-NOT-present fraud – and will continue to do so. And, when you consider that the online commerce industry has seen record growth, well, let’s just say the potential for fraud and cyber crime is a giant juicy target that’s only getting bigger, with practically no downside.

The latest-in-fashion for fraudsters these days is the oh-so-trendy new account fraud. Paired with a cute-little application fraud, this ensemble is just simply stunning the security world. In late 2015, analyst firm Aite Group surveyed 88 executives from 83 U.S. financial institutions to understand the trends in new account risk assessment. The majority of those surveyed reported that application fraud was already on the rise in the online, mobile and call center channels. In fact, the rate of online fraud was averaging eight times that of the branch fraud (in-person) rate.

Why is this happening? As Aite points out, the idea that personally identifying information is personal or private is an illusion. We only have to think about all of the different times we’re required to give our personal information on a daily basis, often with very little thought given to it. Every time we make a purchase online, check our bank account statement through a mobile app, or even use our credit cards to take care of that co-pay at the doctor’s office, our personal information is potentially exposed. Last year, a whopping 477 million records in the U.S. were compromised in data breaches, and you can bet that almost all of that was our PII.

Breaches have become the gold-mines of the fraud industry. Sucking up data from all over the Internet, these big business cyber-miners sell it to the fraud-manufacturers in the Dark Web who mold it into forms that are used by yet more cyber criminals for opening new accounts with other people’s identities. One thing you have to say about these folks is that they do have big…guts. They’ll apply for loans, mortgages, and collect your granny’s tax refund. They’ll even order new dresses from Amazon, or drive off in a new car some unlucky victim will be paying for – and potentially for a very long time.

Lucky you, if you get hit by one of these. What an intense pleasure (not) it would be to be declined for a home mortgage because it turns out some bad actor has used your personal information to take out a mortgage of their own and then defaulted. Can the government save you? Not this time. Regulations that would cover you for a consumer purchase don’t yet exist for fraudulent loans, and often consumers are left on the hook for these abuses. Next to no repercussions exist for the fraudsters because police departments just aren’t equipped for this. In their defense, cyber fraud is incredibly difficult to trace.

Joy of joys, to make matters even worse, application fraud shows no signs of stopping. Did you really ever think it would? Aite found that “credit card application fraud losses will experience a significant increase, from U.S. $1.2 billion in 2016 to $2.1 billion in 2020.”

Statistics like this make it harder to fight the urge to forego this crazy modern life, run away and join an off-grid eco-village. As tempting as growing your own veggies and raising chickens may be, some of us don’t have that option. Yet. We’re working on it. Meanwhile, for the rest of us behavioral biometrics and analysis swoops in to save the day.

Let the fraudsters have their fun. Gasp. What did we say? Much as we hate to have all that PII out there, there’s no stopping it at this point. The best way to get these nasty tricksters is to hit them where it hurts – by devaluing all of that precious data and personal information they’ve managed to collect and cobble together. What good is all that information if it can’t be used to successfully spoof good users? The answer is, not very good at all.

Want to find out more about how behavioral biometrics beats fraudsters? Check out our website here. When you use behavioral biometrics and analysis to evaluate and verify your good users, it makes the posers stand out like sore thumbs. Fraudsters input data differently than genuine customers. They’re more likely to copy and paste information, for instance, because they’re pulling it from a data dump they purchased on the Dark Web. Patterns in transaction activity will be different too, as well as navigational differences and myriad other types of so-called unconscious behaviors that most users don’t even think about. When’s the last time you truly considered the specific way in which you hold your phone or the force with which you press on your keypad? Our guess is – probably never. But that’s where behavioral analysis shines, and the bad guys fall flat.

Want to read more posts like this? See our full blog here, or click here to read more about Application Fraud.