By Robert Prigge, Jumio CEO

Financial institutions have always required vigilance against online fraud, but the COVID-19 pandemic brought new challenges and new targets to the mix. Beyond well-established schemes for identity theft, money laundering and other online fraud to guard against, one growing area of concern is deception and fraud in digital onboarding.

COVID-19 and remote work spurred a rise in digital onboarding options that allow someone to become a customer remotely, without needing to go into an office or branch location. Motivated by the pandemic and the availability of more financial services and apps online, new customers are increasingly using digital onboarding to access services that previously required in-person engagement. Unfortunately, this rise in digital onboarding is expanding the attack opportunities for fraudsters.

Let’s take a look at the ways malicious actors are exploiting digital onboarding for fraud, as well as four next-generation strategies for authentication worth adding to the digital security playbook to fight this phenomenon.

A Perfect Storm of Risk Factors for Digital Onboarding Fraud

The post-pandemic era is a favorable one for financial fraudsters in several ways. For starters, more financial institutions have embraced the all-digital model of customer onboarding for interactions that used to require a certain degree of in-person contact.  At the same time, the dark web market for stolen customer data and personally identifiable information (PII) is flourishing more than ever. Together, these two trends increase financial institutions’ vulnerability to identity fraud tenfold.

Given the recent increase in security sophistication, fraudsters’ latest and most favored methods are becoming more advanced as well – including stolen photography to masquerade as a user selfie to fool a financial institution’s digital identity verification software system. Also popular among cyber thieves are manipulated driver’s licenses and the weaponization of deepfakes and other digitally altered media to replace an existing image or video with someone else’s likeness. Unfortunately, fraudsters are constantly refining their best tactics and attack collateral for multiple attacks at various institutions, or even at the same organization multiple times.

These pandemic-era challenges would be daunting enough on their own, but there’s enhanced risk because the attacks are happening at a time when many financial institutions are in the middle of major digital transformation. Such transformations were necessary as organizations sought IT resiliency amid enhanced work-from-home employment and increased online customer traffic, but many organizations still haven’t fully aligned their strategy around these new digital investments, meaning security holes may be present from recent or ongoing migration of IT facilities and data architectures.

For the above reasons, financial institutions need to up their game in identifying and protecting against digital onboarding fraud. Fortunately, they can turn to some next generation authentication strategies that can help.

4 Strategies to Minimize Digital Onboarding Fraud 

Once the favored methods of financial fraudsters are better understood, financial institutions can better calibrate their approach to fighting digital onboarding fraud. Every organization will need to customize its approach based on company-specific challenges. That said, here are four advanced IT strategies that financial institutions can put to work in their favor to cut down on that risk:

1. Liveness detection – As we’ve learned, a selfie is no longer sufficient proof that there’s a real person on the other end of a digital onboarding. That’s where liveness detection comes in as an enhanced way for financial institutions to verify the user is physically present during each login. This includes a range of techniques that can distinguish between a live human and a fake representation, usually through algorithms that determine whether data coming from a camera, biometric sensors or other sources are live or reproduced.
2. Advanced facial authentication – Requiring facial authentication at regular intervals can ensure an account is being used by its actual owner, rather than a bot or fraudster with stolen data. Advanced facial authentication methods accomplish this by letting the financial institution compare a user image submitted against broader records; an example of this includes comparisons against database entries of facial images stored from previous historical transactions. Such an approach can not only alert an organization to fraud, but also help investigate repeat offenders and professional fraud rings in cases where the fraudulent image has already been seen in the database in connection with different names or credentials.
3. Enhanced transaction monitoring – Bad actors often structure the nature of their transactions to stay below the radar. An anti-money laundering (AML) example would be executing fraudulent transactions in increments below the $10,000 threshold to avoid scrutiny. Transaction monitoring tools can be calibrated to detect such workarounds in real-time and at scale, so financial institutions can avoid “one and done” scams in digital onboarding that are over before they’re ever detected. These advanced monitoring solutions can also ease the compliance burden through enhanced or even automated reporting.
4. Regionally customized privacy protocols – Financial institutions often operate on a global scale, which means the privacy standards for digital onboarding may vary depending on the region and the applicable data privacy laws in effect. As just one example, the Netherlands and some other countries allow users to withhold certain fields in their ID documents, and the absence of such information would trigger a fraud alert in other countries that don’t allow such omissions. Organizations that customize their authentication systems to accommodate these variations can cut down on friction and false alarms during digital onboarding.

Conclusion

While the rise of digital onboarding fraud is troubling, the good news is that financial institutions have some modern tools to fight back. In doing so, organizations can ensure maximum fraud prevention without creating excessive friction or authentication hurdles for the vast majority of interactions that are honest. This, in turn, enhances performance, security and resilience for financial institutions as they continue to offer remote and online convenience for customers.

This is a Sponsored Feature