[ 05.03.2018 ]
For communications service providers (CSPs), approximately 40% of their bad debt is related to subscription fraud.
As more businesses use apps that allow customers to log in or sign up through their social media accounts, such as Facebook, how can CSPs truly know if it is a real user logging in through their Facebook account, or a ‘bot’ created from false or stolen data? The rise of ‘Synthetic IDs’ – or IDs created using either real, stolen or fake identity data - is estimated to have cost banks at least $6 billion in 2016.
So, how can CSPs prevent this from becoming the next big opportunity for fraudsters?
The move towards single sign-on and the use of social media accounts to log-in to other 3rd party sites has quickly become popular with consumers - no wonder: one click, and you are immediately signed up or logged in. It's the perfect way to bypass spending time typing in your information or remembering countless passwords. It is estimated that 65% of consumers will choose a social login vs typing in an email address when given the option. Enterprises are also quick to get on board and are currently seeing registration rates increase by 50% when they offer social logins. Today, 80% of the top 100 US grossing iOS and Android apps allow users to log in using their Facebook credentials. While consumers see it as highly beneficial, in an era of enormous data breaches, social logins are also providing an opportunity for fraudsters.
Synthetic IDs are being used by fraudsters to subscribe to new services without the intention to pay for them. In fact, these phony IDs can be made with just a few bits of stolen information, such as a social security number and birth date, to construct a whole new persona. The issue is becoming more pervasive by the day, and harder to identify. Recent research by the University of Southern California and Indiana University concluded that 48 million Twitter accounts may be fake - run by bots instead of real people. Even with multi-factor identification, if the initial profile is spoofed using a synthetic ID, and false accounts are created to support these fake identities, these prevention methods will still fall short.
The good news is that while social media may be at the heart of the issue, it can also be used in the fight against synthetic IDs. Social media platforms have become a valuable open source of data that enables the passive acquisition of information about people, cultures, places and events around the world. Valuable new insights can be gained just by scrolling down a user’s timeline. However, when we understand the sheer volume of social media activity in a given ‘internet second’ (e.g. 7,599 Facebook posts sent, 1,779 Instagram photos posted, 69,1000 YouTube videos viewed) it would seem an overwhelming task for a fraud department to take this on single-handedly. This is why WeDo Technologies launched the Digital Risk Profile: a new fraud detection capability that helps CSPs stop subscription fraud and the growing use of synthetic IDs.
Digital Risk Profile is one of the fraud detection Apps from WeDo's cloud platform, allowing CSPs to try it under a 60 day free trial. It uses the latest in machine learning algorithms and artificial intelligence, paired with social network-based data analysis to create a user risk profile.. It then rapidly pieces together these disparate bits of data into a single cohesive, intelligent picture; identifying key people, events, connections and patterns that might otherwise be missed. By creating a Digital Risk Profile of each new subscriber based on publicly available social data and other records, it enables CSPs to identify potential synthetic IDs and better understand the structure, hierarchy and methods of criminal, terrorist and fraudulent networks. The solution can also be used to predict new fraud types, enabling CSPs to quickly identify and react to different threats, even before they arise.