A Layered Approach to Fraud Mitigation Nick White Product Manager, FIS Payments Integrated Financial Services
Session Agenda Growing Fraud Concerns Old Habits Die Hard Maneuvering through the Barriers Centralize Fraud Management 2
Growing Fraud Concerns 3
One in four US consumers have had their personal medical information stolen. 50% of those were victims of Identity Theft. Source: Healthcare Data Breaches Among US Consumers, Accenture Survey 2017 4
Identity Fraud Trends 16.8 million consumers in the U.S. affected by fraud incidences Total Fraud Losses in 2017 reached $17.0 billion Fraud losses continue an upward trend Account Takeover rose 120% Existing-Card Fraud losses declined 9% Existing-Non-Card Fraud rose 61% New Account Fraud $$$ declined 17% Existing Account Fraud rose 10.5% 5
Previously hard to come by, SSNs overtake credit and debit-card numbers to become most-breached type of PII. Source: Javelin Strategy & Research, 2018 6
Fraudsters Continue to Evolve Fraudsters continue to target the Business Sector representing 55% of overall breaches Health/Medical sector close 2nd representing 23.7% of breaches Hacking/Skimming/Phishing leads data breach schemes accounting for 60%, an increase of 3.2% over 2016 CEO spear phishing efforts or business email compromise schemes and ransomware attacks main driver 7
Phishing Example 8
Old Habits Die Hard 9
New Account Fraud Trends New Account Fraud incidences again saw large growth thanks to continued data breaches, malware, and social engineering involving compromised PII Fraud incidents rose 70% to 1.33% impacting 1.8 million victims in 2017 Account types driving this increase: New mobile phone 25%, internet payment 22% & online merchant accounts 21% Total losses decreased 16.67% from $3.6 billion in 2016 to $3.0 billion in 2017 Availability of SSNs increased dramatically in 2017 with lower cost of acquisition 10
New Account Fraud Landscape Fraudsters continue to leverage new horizons to keep their shops productive and profitable EMV liability shift has influenced the push from counterfeit card fraud to new account opening New mobile phone accounts increased from 15% in 2016 to 25% in 2017 representing a 67% YOY increase Checking or savings account experienced 58% increase. 12% in 2016 to 19% in 2017 11
Fraud Application Predictions Application fraud will continue to surge annually resulting from multiple data breaches for both Credit Card and DDA accounts Credit card expected to rise 170% in 2017 to $1.4B and increasing to $2.1B by 2020 DDA expected to rise 161% to $541M and increasing to $694M by 2020 Source: EMV: Issuance Trajectory and Impact on Account Takeover and CNP, a report by Aite, sponsored by Iovation 12
New Account Fraud Challenges Family Fraud Victim s Identity fraudulently used by relative Individuals Identity fraudulently used by self First Party Fraud Stolen Identity Victim s identity fraudulently used as result of true compromise Manufactured identity using real PII or combination of real and fake PII Synthetic Identity 13
Dissecting Synthetic ID Fraud Creating Synthetic ID relatively simple and growing trend Fraudsters seek SSN of people who don t make use of credit More than 65% top financial institutions use SSN as identifier Data breaches are primary source Fabricate name to be used with compromised SSN Create false birth dates tend to coincide appearance of fraudster in case in-person appearances required Provide untraceable or stale phone numbers by the time fraud is realized Fraudsters target the elderly and children as they are unlikely to check credit reports Many Synthetic IDs do not generate red flags as real people won t see the activity on any account created Source: The New Reality of Synthetic ID Fraud WhitePaper, Equifax 14
Maneuvering through the Barriers 15
Business Challenges Extensive identity verification processes may lead to high abandonment rates and loss of revenue Reputational risks increase with increasing fraud and customer dissatisfaction High levels of manual review drive additional abandonment and client acquisition costs Trouble meeting USA Patriot Act and red flag compliance requirements Efficient deployment of resources difficult due to high levels of false positives 16
Risk vs. Convenience New account originations continue to be the riskiest transactions with nearly 1 in 10 rejected In Q3 2016 blocked new account origination transactions grew 160% compared to Q3 2015 63% of financial institutions said they've been victims of account origination fraud 17
Prevention, Detection & Mitigation Consumer Authentication CIP, KYC & AML Compliance still require consumer PII verification Device Fingerprint Geolocation Authentication Static Biometrics Digital Identification Establish a secure channel of the device to prevent fraud Behavioral Analytics Establish holistic view of consumer to reduce friction Risk Tolerance Ensure policies and procedures define risk Velocity Anomaly Device Analysis Dynamic Biometrics 18
Centralize Fraud Management 19
What s driving fraud innovation in the payments space? U.S. drives majority of global card fraud Fraud is shifting to Card-Not- Present Rise of application fraud Counterfeit was still king in 2017 Fallback fraud challenges High percentage of valid activity ID Theft/social engineering remains a challenge False positive reduces card usage Identity theft directly tied to data breaches 20
Fraud Losses Trending Higher By 2021, card fraud worldwide is expected to total $32.96 Billion Fraudsters are using more sophisticated technology to commit fraud globally Shifting fraud trends adapt to find the least path of resistance 21
Fraud mitigation solutions for full card lifecycle The increasing ways consumer interact with payments also increases the risk of fraud Account Login A consumers access credentials can be compromised by force or friendly means Card Not Present Transaction Online and mobile transactions should require a step up authentication when a transaction is risky Card Reissuance Cards being sent out need to go to the correct place to stop fraud before it happens Origination Validating consumer at time of application is just the start and allows the ability to capture key insight to the consumer Card Present Transaction Typical fraud has been reduced by EMV but new tactics are being used Address Change Fraudsters attempt to change address to aide in theft and the ability to confirm the change is correct 22
Fraud Solutions Landscape As the complexity of payments increases so does the demand for new fraud solutions Attack Types New Account Fraud Account Takeover Internal Fraud Payments Fraud Mitigation Categories Authentication Consumer Engagement Post Transaction Transaction Monitoring Data Analysis Solutions in the Market Business Intelligence Biometrics Malware Detection Dedicated Analyst Fraud Mitigation ANI Spoofing Device Authentication Compromised Cards Transaction Warranty Associations ID Verification Travel Predictive Analytics Notification Global Rules Dynamic Jailbreak Root Detection Consumer Controls Custom Rules Employee Fraud OFAC CAMS Alerts Transaction Monitoring Detection 2-way Messaging Automated Chargeback Machine Learning 23
Enterprise Strategy for Omni-Channel Protection Leverage each channel s unique processing to create a holistic view to fraud mitigation Fraud strategy across multiple product lines including credit, debit, prepaid, & merchant Create a forum to allow various fraud analyst groups to talk and share Identify gaps in business lines to start the solution process Combine various fraud roadmaps to drive into a single through line 24
OnlyID: Smarter authentication for digital interactions One unique digital identity that authenticates consumers across their personal network of financial institutions and businesses all without passwords Mobile Application Improve consumer experience across multiple channels: Secure communication channel between consumer s digital device and businesses ONLINE MOBILE CALL CENTER Strengthen security reduce fraud Treat customers like a known entity Reduces friction / abandonment Provide instant alerts to consumers Robust Data + Predictive Analytics Over 800M consumer records + device data predicts likelihood of identity match or fraud Authentication Services Range of identity verification services that authenticate a consumer in real time 25
OnlyID: Smarter authentication for digital interactions An intelligent network of authenticated consumers who use a universal digital representation of their identity to interact with businesses in the network, and which provides real-time insights for context-based authentication decisions for each interaction. 26
OnlyID: Log-in Use Case How an existing consumer logs into an account online removal of password frustration Bank Website 1 User initiates login activity with the bank via the website or mobile app 5 Your customer proceeds 2 The OnlyID solution creates a risk score based on identity & authentication analytics Access Device(s) (Laptop, PC, tablet, phone) OnlyID Network Authentication Device (smart phone) 4 Your customer accepts the OnlyID push notification Authentication request pushed to user s device via secure, encrypted channel (not public SMS) 3 Web channel Secured channel 27
A Layered Approach to Fraud Mitigation Thank You Nick White Nick.White@FISGlobal.com