While we have sped through our first quarter of 2018, consumers are still feeling the hangover effects of 2017 as sobering statistics and stories of how consumers around the world are being targeted by fraudsters continue to arise.
While we have sped through our first quarter of 2018, the world is still feeling the hangover effects of 2017 as sobering statistics and stories of how consumers around the world are being targeted by fraudsters continue to arise.
A new study by research provider Javelin Strategy and Research found that, in the US alone, identity fraud increased by 8%, resulting in $16.8 billion being stolen from 16.7 million US consumers in just one year. What makes it worse is that the same study found that fraudsters are getting more sophisticated in their schemes and are blurring the lines between the types of fraud they choose. The survey found that there was a 200% rise in fraudsters using not just one, but a sequence of connected malicious actions to gain access to an account. Like a one-two punch, consumers are finding more often that if they experience fraud with one of their existing accounts, a new, fraudulent account was most probably also opened in their name – creating even more havoc.
So, as fraudsters use stealthier and more complex schemes, what can Communications Service Providers (CSPs) do, to reduce the risk of identity fraud for their customers?
Thankfully, there are a number of identity security features that are now widely available. One of the best lines of defence comes in the form of the rise of embedded SIMs (eSIMs). eSIMs provide greater protection than traditional SIM (subscriber identity module) cards, because instead of storing user authentication details on physical SIM card chips, which can be swapped out and put into other devices to avoid detection, each eSIM is permanently embedded into the handset. With the rise of eSIMs, CSPs will have greater control and be able to prevent malicious apps from being downloaded onto a handset, through initiatives such as the GSMA Security Accreditation Scheme.
Another technological development is the use of biometric data, whereby body measurements such as finger prints, iris or retina recognition are used as a form of authentication. Market research firm, Acuity, estimates that by 2020, 100% of smart mobile devices will include embedded biometric sensors as a standard feature – demonstrating the acceptance by consumers and enterprises of biometrics as a credible and trusted form of authentication. If you’d like to know more about this we recommend you read “How Fraudsters are overcoming increased security - and what CSPs can do about it”.
While these technologies are exciting, used in isolation they can still be thwarted by determined fraudsters. This is where multi-factor authentication comes in, requiring multiple inputs for layered security. An example of this is when biometrics are used as the first line of defence, such as scanning your thumbprint, and then a password or phone PIN is requested to further authenticate your identity.
However, even with multi-factor identification, if the initial profile is compromised using a synthetic ID, and false accounts are created to support the fake identities, these prevention methods may still fall short.
The rise of synthetic identities, or IDs created using either real, stolen or fake identity data, is estimated to have cost banks at least $6 billion in 2016.
Social media has been a platform where this has come to fore, where 48 million Twitter accounts were found to be run by bots instead of real people. However, through the use of new technologies, CSPs can now take publicly available online social data, and other records collected in their operational and business support systems (OSS/BSS), to create a digital profile of every user, to help determine a person’s risk profile (see more in Digital Risk Profile). Using artificial intelligence and machine learning capabilities, this analysis enables CSPs to establish an effective way to identify potential synthetic IDs, flagging high-risk businesses or individuals even before they become customers, and better understand the structure, hierarchy and methods of criminal, terrorist and fraudulent networks.
While identity fraud may be seen as an issue for the security domain, in order to truly protect your network and customers from the fraudsters’ endgame, an integrated approach to security and fraud is required. This way, when security is breached, the fraud management system will be able to follow its path and identify patterns that reveal hidden relationships and suspicious movements, minimize any potential damage or stop it before it happens.
For more information on how you can protect your network and customers from fraud take a look at our Fraud Management Solutions and please feel free to Contact Us should you have any question.