Winning the Fight Against Application Fraud: How to Mitigate Risk and Onboard More Customers
Financial crime is booming in the United States. And for financial institutions (FIs), application fraud is a top concern. For a good reason: by 2023, application fraud losses are expected to grow to more than $4.1 billion. That staggering statistic comes from a fall 2020 study conducted by Aite Group, a financial services research and consulting firm.
Application fraud is a broad term. For the sake of simplicity, we can think of it as the act of opening a new account for the purpose of conducting criminal activity. Under this umbrella term, we can also include the three main types of activities used for carrying out application fraud: first-party fraud, money mule activity (both witting and unwitting) and synthetic identity fraud.
Although FIs are investing heavily to combat application fraud, the criminals are managing to stay one step ahead. Indeed, 78% of the fraud executives in Aite Group’s survey reported increases in application fraud. Looking at downstream events, more than 71% saw increases in money mule activity and synthetic identity fraud.
In a recent webinar hosted by American Banker, I joined Trace Fooshee, a senior analyst at Aite Group, to talk about the financial fraud landscape. We covered a lot of ground—including the market trends that are driving application fraud; the impact of the COVID-19 pandemic; fraud executives’ top concerns and areas of investment—and how improving customer experience relates to better fraud controls. In this blog post, I’ll provide a high-level recap of the highlights.
Fraud patterns reveal an enterprise-like value chain.
Before sharing his analysis of financial fraud trends, Mr. Fooshee provided context for our discussion. He established the concept of fraud as an enterprise (or “Fraud, Inc.”), explaining that if you examine fraud trends and patterns over time, a value chain model emerges that is very similar to that of a commercial enterprise.
The enterprise value chain starts with mining raw material, which in the case of fraud is the acquisition of sensitive information. Next, the raw material has to be manufactured and distributed. For Fraud, Inc., the various carding forums and marketplaces on the dark web illustrate this phase. In this model, the act of compromise and theft comes next, followed by the final phase: money movement and cash out.
The impact of recent market trends on application fraud.
When we think about financial crime in the enterprise context, we can begin to see how fraud patterns have evolved over recent years. In turn, we can better understand why application fraud is on the rise—and make predictions about where those patterns are headed.
Consider, for example, the recent surge in data breaches. Since 2017, more than 23 billion data records have been compromised. What changed in the market during that time? For one thing, card data security improved significantly as EMV (or smart chip technology) emerged.
Prior to EMV, fraudsters were primarily focused on acquiring card data. But when EMV chip cards began rolling out in the United States, it disrupted the criminals’ revenue channels (and nearly eliminated card counterfeiting). So Fraud, Inc. did what savvy corporations do when faced with market disruption: it innovated. Pivoting quickly, fraudsters turned their focus to personally identifiable information (PII), which up until that point had been more of a by-product than the main objective.
Today, identity is no longer associated solely with a person’s name, social security number, address and phone number. And the cost of PII is readily available on the dark web, at historically low rates.
COVID-19 created a prime environment for fraudsters.
The impact of the pandemic on the banking industry has been enormous. And once again, Fraud, Inc. pivoted to take advantage of the situation, further accelerating application fraud growth.
Amid the economic fallout of the pandemic, fraudsters began targeting government payments to individuals and businesses—thereby increasing the demand for fraudulent accounts. Fraudsters needed accounts they could use to intercept the payments, traffic the money into and cash out the funds. Significant increases in money mule activity, for example, are indicative of this trend.
Since the onset of the pandemic, 72% of FIs have experienced unemployment fraud attacks and 54% have experienced Small Business Administration (SBA) loan fraud attacks. But the effects of the pandemic don't stop there.
Although the migration toward digital banking has been gaining momentum for years, the COVID-19 outbreak forced an accelerated shift. In the face of shutdowns and social distancing restrictions, many institutions had to quickly move from what used to be a nearly all-branch experience to a mostly online experience. An industry survey conducted in July 2020 found that 91% of American consumers had banked virtually over the previous 30 days and 52% said they were visiting branches less frequently.
The rapid shift to digital channels has created new application fraud challenges. In addition to data being readily available (as noted earlier), identity verification has become increasingly difficult for FIs. Banks and credit unions are finding it harder to confidently answer questions like: Is the individual opening the account really who they say they are? Can I do business with this person? And what kind of services and privileges should I offer?
Synthetic identity fraud is a primary concern for financial institutions.
Criminals have three main objectives when committing application fraud: creating accounts with synthetic identities, creating accounts to proliferate mule activity, and first-party fraud. As application fraud continues to accelerate, synthetic identity fraud is driving the lion’s share of losses. In 2020, for example, the estimated $2.2 billion in credit card application fraud losses derived from synthetic identity fraud.
Although the growth in application fraud manifests in both DDAs (demand deposit accounts) and credit cards, the rise in activity impacted by the pandemic slightly favors DDA application fraud. In both cases, the pace of synthetic identity fraud is a primary concern among fraud executives.
FIs are investing heavily in combatting application fraud and its derivative criminal activities—with the most funding going toward identity authentication and digital identity verification controls.
Fraud executives must balance risk mitigation with customer experience.
While FIs work to keep customers safe, they also need to keep them happy.
Consumers are coming to expect fast and convenient digital experiences. During the account opening process (and with digital interactions in particular), consumers can become frustrated by identity authentication and verification tools that don’t meet their growing expectations.
According to the Aite Group study, only 12% to 17% of applicants complete an online new account opening process, with abandonment typically occurring after the second or third page of the application.
The problem is that the risk mitigation tools many institutions have in place do not allow for the flexibility required to move consumers through a quick and easy onboarding experience.
Investment in application fraud controls has increased exponentially in recent years. The percentage of FIs that “plan to add or change DDA application risk assessment vendors in the next one to two years” has grown from just 9% in 2015—up to 43% in 2020.
One thing to keep in mind is that first impressions are important—and every new customer’s journey begins at the time of a new account opening. Whether in-branch or online, a financial institution’s application onboarding process must not only mitigate risk, but also allow more applicants to open accounts.
Accomplishing both those things requires a move away from binary application decisioning, which relies on a single data type or source—to a more holistic approach that looks across a consumer’s deposit activity and account behavior.
With binary responses, the bottom line represents a “yes or no” decision. If a person is not in a fraud database, they will likely be approved; if they are in a fraud database, they will likely be declined.
New predictive analytics and scoring tools allow banks to move beyond binary decision-making. A tailored score, for example, lets banks dial in the level of risk they are willing to take. Predictive scoring empowers banks to improve strategic decision-making, which impacts both fraud losses and the number of account approvals. They can better tailor product offerings and account privileges, approve more accounts, and better control marginal accounts that might not have been approved previously.
Solving complex application fraud challenges with Early Warning.
Application fraud consistently ranks as a top pain point among fraud executives. As the digital economy grows and evolves, it has become increasingly difficult to protect sensitive information, while simultaneously meeting customers’ expectations for fast, easy online experiences.
At Early Warning, we have a broad view not only of our customers, but also of how consumers are interacting across the financial ecosystem. What we’re seeing aligns very much with the results of the Aite Group study.
Addressing today’s complex application fraud challenges requires an end-to-end approach. From Identity Chek® Service to Real-time Deposit Chek® Service to Zelle®, Early Warning offers a holistic onboarding solution that lets banks and credit unions reduce fraud loss, onboard more accounts, and then allow those newly onboarded customers to start using their services right away.
More statistics, deeper analysis and an audience Q&A.
As I noted at the top of this post, we covered a lot of ground in the American Banker webinar. If you’d like to hear the full results and analysis of Aite Group’s survey, as well as multiple audience polls and an enlightening Q&A session, you can watch the on-demand webinar here: How to Combat Application Fraud While Improving the Customer Experience.