This article is part of Kyckr’s new Future of Financial Crime Series which will feature interviews with leading industry professionals and thought leaders to learn more about the trends that will shape the future of financial crime.
The following is an interview we recently had with Adam Elliott, President and Co-founder of ID Insight.
What is the state of financial crime today?
The financial crime we focus on specifically is account takeover fraud and new account fraud solutions for the financial services community. These two types of fraud are two of the biggest problems facing the financial services industry, with much of this type of fraud being driven by the digital transformation happening across the industry. A few short years ago, banks and credit unions would try out offering the option of opening new accounts online, only to be burned by the associated fraud, at which point they would retreat.
The days of “trying it out” are long gone; going digital is now a must. It is a competitive issue and thus, financial institutions are barreling forward and now having to build fraud detection strategies on the fly to combat the ever-evolving fraud.
Fraud is also more organised and complex than it has ever been. First-party fraud, synthetic fraud, and identity fraud schemes are all being exploited at a rapid pace. What is behind all of this is twofold. First, all the data breaches and creation of synthetic identities, and second, credential stuffing which allows criminals to significantly scale their attacks and use thousands of identities in minutes.
How has financial crime evolved over the past 5 years?
Digital, digital, digital. Back in 2016, we were seeing that about 20% of new account openings in banking were digital (the other 80% of account openings happening in the branch). Flash forward to 2021 and we crossed the chasm and are now seeing more than 50% of account openings happening online. Think of that for a moment – the first digital account openings happened right around 1999. For the next 17 years, they increased from 0% to 20%, and then in the last five years digital openings have gone from 20% to over 50% - and it’s not slowing down. Fraud attempts in the digital new account channel are happening 11 times more than in the branch.
Also – financial crime and fraud is much more organised. As organisations’ defenses tighten up, the fraudsters adapt to new tactics. We see this every day as the fraud rings get larger and larger. For example, we will see a list of many separate identities applying for a new account across multiple financial institutions all at the same address. We recently saw 17 different identities show up across 25 banks and credit unions all at an address in the middle of Wisconsin that was a simple residential townhome.
They are also now quickly evolving their tactics. The fraudsters used to make up an email address as part of their scheme. They now realise that they have to ‘farm’ the email for a few months to avoid detection. Similarly, the fraudsters would use whatever Internet Protocol (IP) address that was available. Now they realise that they need an IP address close to the victim to avoid detection.
What’s the future of financial crime?
I think we will continue to see exponential growth in attempts and organisation. As those attacks are identified, we will again see a return to the much less sophisticated attacks. We have seen this cycle repeat itself many times.
In the world of fraud, the fraudsters always seek out the systems of the fewest controls and exploit them. When the EMV chip card was announced to launch, counterfeit card fraud exploded. When EMV was fully rolled out, counterfeit pretty much went away. What this means is that you cannot lower your defenses on fraud controls that were once in vogue as the fraudsters will seek out those old avenues when the new avenues have a roadblock put up.
Also, I am very curious about how fraud will manifest itself with regards to biometrics. Biometrics is now a normal part of our daily routine. Financial institutions are in the middle of a mass migration to facial recognition software and driver’s license identity to open new accounts. How that will occur exactly I am not sure, but what I do know is that it will come under attack and the fraudsters will come up with ways to get through the front door once again.
