By Ryan Alexander, VP Fraud Product Management at Prove
More people are online in 2020, and so more fraudsters are targeting them. And while many companies have had eight or nine months to learn about new forms of online fraud, Q4 will be a true test, and surprisingly, well-known types of fraud are going to need some attention. Europol noted in an October report that both SIM Swap and CNP (card not present) fraud is on the rise in 2020. Sophisticated online companies with sophisticated fraud and identity strategies are finding themselves the target of fraud that is simply a new flavor of an old fraudster favorite.
Phone recycling is one example. Take Airbnb. A man recently signed up for a new Airbnb account using his mobile phone number, which he recently acquired. Instead of creating a new AirBnB account with his newly acquired phone number he logged into another person’s existing AirBnB account and accessed all the personal details and valid credit card information. The previous owner of the phone number never logged into the AirBnB account to remove that phone number when the previous owner legitimately gave up the phone number. Because the man was an honest person he called AirBnB to notify them of the issue, but not everyone is so nice.
While Airbnb was able to resolve the matter, the very relatable incident should serve as a reminder to companies that migrate to more efficient methods using phone numbers to identify customers. Companies need to apply proper identity management principles to disassociate that phone number to their customer when the customer no longer owns that phone number. Changing a phone number for most consumers is not a desirable event and it can be an enormous task to remember the tens if not hundreds of sites to go update. So this not only is a security measure for the company but is also a customer service measure.
CNP fraud was once a major problem for financial services companies, but in 2020, retailers will find that they are bearing the brunt of the attacks, as they have less sophisticated fraud prevention. And, while phone number recycling is not new, it is gaining traction as more companies start to embrace the mobile phone as a major element of sign-in, identification, and transactions before they have a mature approach to securing their customer data. According to the FCC, 100,000 mobile phone numbers are reassigned by telecoms carriers every day. With so much more mobile phone-based online transactions, the opportunities for fraudsters to take advantage of phone number recycling are also increasing rapidly. Using phone intelligence to ensure that mobile is a modern, fraud-free element of customer transactions will smooth the way for Healthcare organizations as they embrace digital. Phone intelligence requires not only the use of mobile phones and phone numbers but real-time insights that can ensure that mobile is used accurately and safely.
The Answer Lies in New Data
Visa published a guide for their partners to counteract increases in fraud in 2020. They recommend doing a thorough risk assessment to expose any weaknesses in current fraud tactics, and specifically recommend using analytics to find new insights.
The problem for many companies come Q4 is that the old data that they rely on to find anomalies that might indicate fraud have been rendered unusable by the surge in new online transactions. There is no baseline normal. And even if the past 9 months are there to serve as a baseline, Q4 will likely create many new spikes and surges of their own.
Companies must instead default to recent or real-time insights over historic trends in order to keep pace with the fraud that will emerge this holiday season. Visa also recommends, wisely, that reporting cycles should be increased from quarterly or monthly to weekly or even daily depending on volume and risk.
It’s also important to apply new forms of fraud prevention and new data to already established business processes. For example, phone intelligence would require using updated mobile phone authentication to review mobile phone numbers on file for current accounts, not just newly created ones. There is also the concept of creating a collaboration between companies. Jack Lynch, Chief Risk Officer at PCSU noted that collaborating with similar companies can help pick up patterns and alert others before they are affected.
In addition to reviewing data and analytics, companies should review processes and new customer touchpoints. For example, many companies have worked furiously to stand up online payments, mobile apps, confidential file sharing, and virtual communications. Just because these are new elements for the company, doesn’t mean they are new for fraudsters. A report from AppsFlyer notes that financial services apps are the most exposed to fraud as more people start to use online banking to make remote deposits, creating a feeding frenzy for fraudsters.
It’s not too late to get ahead of fraud in Q4. What 2020 has taught many companies is that being quick to react to new information is the key to success. The ability to implement new data, find new insights and improve new processes and features to protect from fraud will require that same nimbleness.