Neustar, Inc., a real-time provider of consumer identity resolution solutions, today released an Account Takeover and Origination Fraud report on the threats of identity fraud in collaboration with SourceMedia Research, an affiliate of American Banker. A survey of over 500 executives at banks, credit unions and nonbank lenders sheds light on the threats faced from account takeover and origination fraud, and how these organizations are improving their defenses.
A majority of executives believe the industry has become somewhat or a lot more vulnerable to account origination and takeover fraud over the last twelve months. Corporate reputation and regulatory actions are the two areas where banks are most likely to say that risk from account takeover and origination fraud has increased significantly over the last year. Overwhelmingly, these executives also rate online as a high or very high threat entry point for account takeover fraud, and nearly half say the same about mobile. The figures are much the same for account origination fraud.
A major concern uncovered in the responses shows that financial institutions are relying heavily on multifactor authentication (MFA) and knowledge-based authentication (KBA). 48 percent of all respondents note that MFA is the strongest security measure “ staggering as this leading approach is easily defeated by identity thieves who have hijacked a customers phone number using a technique like porting or SIM swap. KBA follows in third place after MFA and biometrics. Meanwhile, KBA is notoriously cumbersome for customers trying to keep secret questions straight and ineffective against enterprising con artists who can collect the right answers using social media or coax them out of call center representatives.
Broadly, lenders are justifiably fearful about call center weaknesses and in particular about the danger of criminals impersonating customers or potential customers with the help of tactics like SIM card swap, porting or call forwarding. For example, 68 percent of managers at credit unions say they are very or somewhat concerned about call center fraud caused by phone spoofing. Lenders also say that online and mobile platforms have become the highest-threat entry points for fraud, even as they worry about attacks that propagate from channels like call centers.
A bleak picture emerges for any customer dealing with fraud, as executives estimate that it takes multiple days to investigate identity fraud incidents on average. About 62 percent of executives say reducing customer inconvenience is a high priority when thinking about bolstering fraud protection. More than 30 percent of credit unions say it is a very high priority, compared with about 20 percent of banks and nonbank lenders.
Lenders consider the frictionless use of powerful identity data as among the most important elements of an anti-fraud system, but report significant shortfalls in the adequacy of their current techniques. For example, about 66 percent say that device fingerprinting is important when considering an anti-fraud solution, but just 51 percent say their existing device fingerprinting capacities are effective.
To mount an effective defense against account takeover and origination fraud, lenders need broad, continuously refreshed and interconnected intelligence on offline and digital identities “ including device-based data that cant be spoofed or stolen. For example, just 22 percent of executives express high confidence that their current fraud prevention routines give them visibility into the device linked to an identity and the reputation of the device. Just 19 percent are highly confident that their anti-fraud system can connect customers online identity to authoritative offline identity information.
Download a free copy of the Account Takeover and Origination Fraud report here.
SourceMedia Research, an affiliate of American Banker, conducted the survey online in June and July of 2018. Respondents include 282 bank executives, 154 credit union executives, and 70 executives at nonbank lenders. Respondents are director level and above, with about 21 percent serving as president, chairman or chief executive at their institution.
Neustar, Inc. is a leading global information services provider driving the connected world forward with responsible identity resolution. As a company built on a foundation of Privacy by Design, Neustar is depended upon by the worlds largest corporations to help grow, guard and guide their businesses with the most complete understanding of how to connect people, places and things. Neustars unique, accurate and real-time identity system, continuously corroborated through billions of transactions, empowers critical decisions across our clients enterprise needs. More information is available at https://www.risk.neustar.