News & Commentary

03:16 PM
Keir Breitenfeld, Experian Decision Analytics
Keir Breitenfeld, Experian Decision Analytics
Commentary
50%
50%

Speed Is the Key to Beating New Account Fraud

Speed is key to beating new account fraud; banks and other lenders need more advanced tools to help them detect and catch fraud perpetrators, as well as find new ways to improve profit margins on their credit holdings.

The lifespan of a fraudster is short, but prolific. After a sharp and unexplained drop in identity thefts in 2010, fraud schemes climbed 12.6 percent in 2011, according to research by Javelin Strategy & Research.

The cost adds up: The mean cost for new-account fraud is $3,197, according to the recent "Javelin Strategy & Research 2012 Identity Fraud Report." In addition, if someone succeeds in opening up an account, it typically only takes about seven days to wreak millions of dollars of damage across a wide network of unsuspecting customers, Javelin reports. Yet it typically takes institutions an average of 151 days to detect a fraud occurrence. This means that by the time account holders realize they've been cleaned out and their banks are calling their customers about irregular account activity, or when their credit card companies are sending them notification letters, fraudsters have already vanished into thin air. But they'll most assuredly be back.

[Read more about Javelin's 2012 Identity Fraud Report.]

Where is the disconnect? Why is our industry -- on the whole -- so slow to react?

Some lenders simply contend that they have the strongest defense against industry theft at origination, so don't see the need to check again after the accounts are opened. Further, to some degree, a certain amount of fraud is bound to get through because the cost of ferreting out all of it would prove prohibitive.

With so many accounts being hacked in the first seven days of a fraudster's scheme, no financial institution or person is immune -- even with the best systems in place. Fortunately, technology advances in this field have delivered new weapons to flag suspicious consumer data patterns early in an account's history -- a huge milestone. Old tactics are simply insufficient to uncover criminal activity at its current level.

One Fraudster, Geometric Damage

These two graphs assess the fraudster process at Day 0, then again at Day 7. For the latter, note how the volume of fraud can grow geometrically if risk managers are not proactive.

Experian 2
New Account Fraud Example: Day 0


Experian 1
New Account Fraud Example: Day 7

As the charts suggest, we have found that accounts that may have looked good when opened may have turned high-risk because of activity picked up by technology that can hone in on how data is used across numerous transactions. For example, Experian's Precise ID for Customer Management takes advantage of data previously unavailable to identify and prevent current-account fraud during the first 30 days of an account being opened. By shifting strategies and monitoring newly opened accounts, we have found significant lift for fraud captures among our customers due to the use of this technology.

Some Tips to Help Stop or Prevent Fraud

  • Be aware that fraudsters bulldoze their way through accounts and disappear within 15 days, yet it takes an average of 151 days to identify fraud.
  • Be vigilant to warn your customers about fraudsters and identity thieves.
  • Ask your customers to pinpoint questionable behavior, such as new account openings without a birth date, but with the same name and Social Security number.
  • Re-check accounts after they have been opened, which can identify suspicious activity allows for a significant lift in fraud captures.

Last year, victims of a data breach were 9.5 times more likely to be a victim of identity fraud. Consumers who were part of a data breach had a fraud incidence rate of 19 percent, while consumers who were not had a breach rate of two percent. Also, with a shocking 67 percent jump in data breach victims in 2011, the increase correlates directly with the rise in identity fraud victims.

This rise in identity crime comes as banks and lenders continue to look for ways to improve their profit margins on their credit holdings. It also underscores the need for more advanced tools to help credit companies, banks and others detect and nab fraud perpetrators, who steal billions of dollars -- both from lenders as well as innocent consumers.

Keir Breitenfeld is Senior Director, Fraud and Identity Solutions, Experian Decision Analytics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.