Written by Guido Ronchetti, CTO at XTN Cognitive Security®
Today, business starts and grows digital. The pandemic has accelerated this process, pushing online services to evolve to digital onboarding procedures instead of traditional, face-to-face ones. As always happens, fraudsters are moving in the same direction, resulting in a significant increase in Application Fraud during the last months.
WHAT IS APPLICATION FRAUD?
Application Fraud is a form of identity fraud that involves a fraudster applying for a new account in a service or product using stolen or synthetic identities. The targets are often bank accounts, credit or debit cards, public administration, e-commerce, and loans, to name a few. It should be pointed out it’s not a just financial-related threat. Fraudsters target public administrations to hijack tax refunds or pension funds, or e-commerce loyalty programs. This type of fraud is often the consequence of previously accomplished data breaches that provide the fraudster with massive personal information data sets. These are used to forge synthetic identities or to impersonate somebody else.
Let’s make an example. You are launching a brand new online financial service, everything is ready, and your goal is to start onboarding as many new users as possible. You also have to balance easy and smooth client onboarding processes with identity checks. User experience is often preferred over security, and proposing a comfortable and enjoyable onboarding experience is crucial to attract new users and complete the designed flow. What happens if some of these new users are not real? Probably, your service will be used to commit fraud.
WHAT ARE THE IMPACTS ON BUSINESS?
Application Fraud is one of the fastest-growing types of fraud. Aite Group found that credit card losses from Synthetic Identity fraud (a kind of application fraud) reached $968m in 2018 and projected this to reach $1.26 billion in 2020.
Consequences of Application Fraud can impact a digital business by:
• producing outstanding debts, as often happens related to credit card and loan focused frauds;
• damaging the impact of new customer acquisition campaigns. The marketing budget runs out on fake users, and the results of the campaign are distorted;
• generating compliance and reputational issues to the organization because of the creation of sleeper accounts for money laundering or money mule activity;
• generating brand reputation issues related to dispute management.
NEW DETECTION CHALLENGES
Application Fraud imposes new challenges and requires new approaches in detection and protection. The financial institutions should let convergence traditional fraud monitoring with AML instruments.
A passive fraud scenario sees a real customer as the victim of a scammer who takes over his account and targets the user’s assets, as it happens with Account Takeover attacks. Instead, Application Fraud is often related to an active fraud scenario. The fake customer tries to scam the service provider using its poorly designed validation processes. Preventing Application Fraud requires a holistic approach that takes into consideration several factors:
- user information collected while onboarding. Consistency checks about IDs, age, credit reputation, delivery addresses, for example, can quickly reveal suspect accounts;
- user’s biometric behavior evaluation. Evaluating the interaction between the user and the app can help identify anomalies in the fraudster behavior compared to the average user or a specific cluster of users. For example, creating various fake accounts makes the fraudster an expert in using the app. He browses better than a sporadic user.
- device fingerprints reputation. Recognizing devices used by fraudsters helps identify them when they try to onboard a new fake user.
- real-time analysis of account behavior considering incoming and outgoing payments. Frequently, fake accounts have very little regular activity. They stay still until the fraudster drains the account in a short time range. Monitoring an account’s incoming and outcoming transaction is a good approach to spot out fraud related patterns.
Combining all this information makes fraud detection highly effective.
HOW XTN CAN HELP
XTN Cognitive Security Platform® offers dedicated modules capable of detecting Application Fraud. XTN’s unique holistic approach corroborates the endpoint identity, the behavioral and transactional analysis. Cognitive Security Platform® effectively spots fraudulent attempts such as:
- new account registration based on a stolen or synthetic account;
- incoming fraudulent funds to mule accounts;
- cash-out transactions originating from a mule account.
XTN Cognitive Security Platform® lets you secure your high-value online services against Application Fraud. Get started!