In our first blog on Money20/20 USA , I reviewed the key messages and challenges presented in Las Vegas and explained key risks to digital identity. These risks that must be solved to enable the future of money are the security challenges surrounding digital transformation and the rise of the synthetic identity problem. My question for today is: What can service providers, vendors and financial institutions do about it? Three key themes were consistent across several sessions I attended.
I’ve attended many security conferences over the course of my career in cybersecurity, but this was my first time at Money20/20 USA. I had to blink a few times when I stepped onto the show’s Expo floor. Did I take the wrong flight and end up at a security conference — or, to be more specific, an Identity conference?
The discussion around my dinner table the other night centered around a recent fraud incident that affected a good friend. A $34,000 invoice came in with instructions to make a payment on an expected business transaction. Within a few seconds, the email disappeared, and several minutes later, another email appeared. It came from the same sender and all details appeared to be the same. The payment was made.
Several weeks later, the person received a very angry phone call saying the payment was not received. Totally confused, they called the bank to verify that the payment had left the account and that the wire was received on the other side. Turns out, the first email was real and the second was a fraudulent intercept that mimicked the first one exactly except for different wire instructions. Now, their bank will not return the funds since they, as the legitimate account holder, authorized the payment.
The Federal Reserve recently released a white paper on synthetic identity fraud, highlighting once again the vexing threat this trend poses to the payments industry and our economy on the whole. According to AboutFraud.com: “Synthetic fraud is the fastest growing form of identity theft in the U.S., comprising 80% of all new account fraud and 20% of all credit card losses.”
In May 2019, the Government Accountability Office (GAO), released the report “Federal Agencies Need to Strengthen Online Identity Verification Processes.” The report has far reaching implications for digital identity standards for both the public and private sectors. In this blog we analyze the report, how it influences the private sector and how to apply a risk-based approach to meet the overhauled digital identity guidelines.