Financial institutions regularly use device identity for fraud prevention and to authenticate users at login. It is one of many controls that can be used to safeguard online interactions. But as with other security tools that rely on static measures, cybercriminals are finding ways to circumvent device ID. Taking over user accounts is one of the largest tactics, and in 2019 alone, account takeover fraud cost U.S. businesses nearly $7 billion in losses. Secondly, financial institutions are experiencing significant rates of fraud in the account opening process and have difficulty accurately separating genuine applicants from cybercriminals. Because new customers have never been seen before, their devices haven’t either, making device identity unhelpful for account opening protection.
New account fraud is one of the largest and most dangerous threats that businesses face when processing transactions online. According to an analyst from Javelin Strategy & Research, it’s the “most expensive form of identity fraud for businesses and consumers alike.”
In 2018 alone, new account fraud caused $3.4 billion in losses, an increase over previous years. The steady leak of personally identifiable information (PII) is largely responsible for the upward trend. The amount of PII exposed in data breaches — such as social security numbers, emails, addresses, phone numbers and device and network attribute — grew by 126 percent between 2017-2018. Hackers use the information to forge stolen identities and open fraudulent new accounts.
Why is new account fraud spiraling out of control? Because you can’t teach an old dog new tricks.
Out with the Old
Traditional methods for fraud detection and the safeguarding of digital identities are outdated and lacking. Advanced fraudsters are constantly finding new ways to steal identities or create synthetic ones, handedly sliding past these systems of defense.
Today’s detection tools also cause friction in the account opening process. And as any organization knows, friction is the number one reason customers will walk away from doing business with your brand. Online transactions should be seamless, not full of frustrating roadblocks to opening an account.
In with the New
The missing piece to the puzzle is behavioral biometrics. Powered by artificial intelligence and machine learning, behavioral biometrics works behind the scenes to monitor a user’s online behavior. By analyzing thousands of behavioral patterns specific to how a user acts during an online session, the technology can verify that the individual opening an online account is legitimate, and not a fraudster. Users are kept secure without having to take additional steps. It’s a seamless process.
In this infographic, we highlight the most alarming new account fraud trends and statistics, explain why traditional fraud detection methods fall short and examine how BioCatch’s behavioral biometrics technology closes the gaps.
BioCatch has been discussing the move to a world of passwordless authentication for a long time. The problem with conventional passwords is not only the annoyance of maintaining them – this has been highlighted ad nauseum – but also the simple fact that passwords are largely ineffective.
This week, we’re pleased to share this guest post from Patrick Hearn, expert in identity management and CEO of Endeavor Worldwide. Endeavor Worldwide is an international advisory firm that brings together senior company executives and government leaders, with specialty focus in Converged Identity Management, CyberSecurity and Industry 4.0.
Earlier this year, BioCatch announced that our digital identity solution is now available on the ForgeRock Marketplace. Combining BioCatch’s industry-leading solution with ForgeRock’s intelligent authentication technology makes it easy for ForgeRock clients to implement passive authentication, prevent account takeover attacks, and provide a better customer identity and access management experience. Other benefits include greater consistency and visibility across multiple digital channels, as the solution supports both web and mobile applications.
Despite their known vulnerabilities, one-time passwords remain one of the most widely used forms of two-factor authentication. From SIM swaps to phishing, malware, and a whole host of man-in-the-middle attacks, weaknesses in OTP security are putting customers, and businesses, at great risk.