With COVID-19 and remote work driving more consumers online, many companies now find themselves struggling with a rise in digital onboarding. The mass adoption of online services and apps allows more people to use services that they might otherwise not have had access to without in-person engagement. However, this creates new opportunities for identity fraud, and banking and financial institutions have been hit particularly hard by fraudsters.
To fight back, financial institutions must enact stronger fraud detection and prevention measures capable of mitigating these heightened risks without creating too much friction for honest transactions. Below are some of the latest methods fraudsters are using to exploit digital onboarding and some key steps financial institutions can take to protect themselves and their customers.
Heightened fraud risk in a post-COVID era
In many ways, the current online environment is a financial fraudster’s dream. More financial institutions need to adopt all-digital procedures for customer onboarding and interactions that used to require some amount of in-person contact. Plus, the explosion of ransomware attacks has flooded the dark web with unprecedented amounts of stolen customer data and personally identifiable information (PII). In other words, financial institutions are finding themselves more vulnerable to identity fraud just as the dark web marketplace for stolen identities has become more saturated than ever.
Cybercriminals often pose as legitimate users to launch their attacks, especially now that financial institutions have shifted to largely remote operations. This is done by obtaining identity data from the dark web and using stolen images and profiles to steal identities and financial assets. Fraudsters also tend to optimize and refine their fake credentials and profiles to attack multiple financial institutions multiple times.
A critical step to mitigate the mounting fraud risk is understanding the enhanced tools cybercriminals are employing to take advantage of this high-risk environment. It has become easier, for instance, to use stolen photos of a user and masquerade using a user’s selfie to try to illicitly access an account and fool digital identity verification software systems. Manipulated driver's licenses are also on the rise, as well as deepfakes and related synthetic media that replace a person in an existing image or video with someone else's likeness.
Adding to the challenge, the pandemic forced many financial institutions to expedite the digital transformation of their information technology (IT) facilities and data architectures. This helped them stay resilient and handle spikes in online traffic for both customers and employees mandated to work from home. That said, it also presents more attack opportunities, as many organizations rarely circle back to ensure strategic alignment of these new systems and plug remaining security gaps.
Protecting against enhanced risk with sophisticated tools and strategies
With better visibility of the fraud landscape, financial institutions can more effectively plan and structure operations to defend their data and protect customers. While every company will have to craft its own approach based on the specific security challenges and business needs involved, there are several key tools and capabilities that will likely be part of any successful strategy.
- Liveness detection allows financial institutions to verify whether a user is physically present during each login. This includes a range of techniques that can distinguish between a live human and a fake representation that may be trying to spoof the verification system. Liveness detection can help financial organizations combat the enhanced image-hijacking techniques explained above through algorithms that analyze data collected from biometric sensors to determine whether the source is live or reproduced.
- Advanced facial authentication can allow companies to compare the face of the user against a database of faces from previous historical transactions. This can alert the organization if the fraudster has already been seen in the database using different names or credentials, an especially powerful tool against fraud rings and repeat fraudsters. Also, requiring facial authentication at regular intervals can ensure the account is being accessed by the true account owner, not a bot or fraudster with stolen data.
- Enhanced transaction monitoring is effective in keeping up with the accelerated pace of money laundering attempts from cybercriminals. By implementing a transaction monitoring tool that can operate in real-time and at scale, an organization can identify suspicious activity and report it to regulatory authorities, ensuring compliance.
- Incorporating regional context on privacy regulations into authentication systems will reduce friction and false alarms in the authentication process. For instance, the Netherlands and other countries allow end users to cover specific fields in their ID documents — something that would be flagged as a fraud attempt in other countries. A context-informed ID verification system can accommodate diverse users and factor in local regulations accordingly to ensure customers can quickly get through the system and fraud is stopped in its tracks.
Staying one step ahead of cybercriminals
During the pandemic and beyond, fraudsters will continue to take advantage of unpreceded levels of both remote customer interactions and stolen credentials available on the dark web. Financial institutions can mitigate these risks with the right understanding of the latest attack methods and the right strategies and tools to combat these attacks to preserve customer privacy, assets and trust in the organization. This is a trend that will continue as consumers themselves become more literate about advances in fraudulent techniques and demand their financial institutions rise to the challenge.