On the KNOW team, we like to think of ourselves as fundamentally optimistic. It takes a healthy dose of the glass-half-full mindset to think we could pull off a 2,000-attendee show, but that optimism also extends to our programming. Our programming tracks tend to emphasize the positive outcomes of enhanced identity solutions like Compliance, Security, User Experience, and Inclusion. We actively seek out diverse perspectives from the next wave of innovators in the space, so we can give our attendees the most comprehensive overview of emerging solutions for complex industries.
But fraudsters are innovative too.
Nothing is unhackable, and no platform is immune to theft or misuse. That’s why fraud, the notoriously glass-half-empty side of identity, is so prominent in KNOW sessions and in continued conversations outside our conference halls. Figuring out the best ways to accurately assess risk and mitigate fraud losses is a primary reason KNOW community members come to Vegas each year. Today, we’re taking a deeper look at the state of identity fraud and the top fraud vectors that we’ll be watching this year.
The face of fraud today
The fraud landscape is notably varied across industries. Broadly speaking, identity fraud is the use of personal identity information by someone other than the correct individual without consent in order to gain an illegitimate benefit. As more transactions take place through digital channels, it becomes increasingly challenging for service providers to determine that the user they’re encountering is actually who they claim to be. The latest statistics on fraud provide a stark illustration of the increasingly daunting challenge businesses face in fighting fraud:
- For financial services firms, the average cost of fraud has risen nearly 10% over the past year. Each dollar of fraud now costs companies $2.92, up from $2.67 just one year ago. That means that it costs financial services firms nearly three times the actual amount of fraud losses to recover other costs stemming from reputational damage, regulatory penalties, or declines in customer retention.
- Fraud in the healthcare sector costs U.S. firms and providers $68 billion per year. That amounts to around 3% of the country’s $2.26 trillion health care expenditure. Other estimates put fraud costs at up to $230 billion - 10% of annual healthcare spend.
- In commerce and retail, successful fraud attempts are up almost a third over last year, driven largely by the mobile channel adoption for transactions. On average, fraud costs represent over 2% of mobile commerce platforms’ annual revenue.
Fraud vectors our community is talking about
Where is this uptick in fraud across industries and transaction types coming from? Fraudsters shift with emerging platforms and transaction channels. Essentially, they go where the money is. Since our last KNOW Identity conference, though, we’ve seen increasing demand for solutions to address a few key fraud vectors:
Synthetic identities have been on our agenda since year one, but the size and scope of the problem haven’t subsided. Synthetic identity fraud occurs when an illegitimate user takes real, valid personal data attributes from different individuals (a social security number from one, a name from another, an address from a third) and combines them into a single, fictional, Franken-identity.
Synthetic identity fraud costs banks alone up to $2 billion per year and is responsible for 20% of credit losses. At our KNOW Identity Forum in New York this past June, one speaker’s number one takeaway for the identity community was to find a viable solution for synthetics. Fake people are costing real money, and digital businesses are willing to invest in innovative platforms to cut synthetic identity fraud.
Account takeover (ATO) can happen in a number of ways, but the end result is that the customer is no longer the owner of their account. Across digital transactions, almost all login attempts are fraudulent. That’s not an exaggeration: up to 90% of logins are fake, and companies are on the hook for losses or illegitimate charges that result when fraudsters are successful.
ATO now costs over $5 billion in the U.S. alone and leads to out-of-pocket costs 5x higher for users than the average fraud event. Larger, more damaging data breaches in recent years have also made account credentials easily available for the fraud-inclined; the third quarter of 2017 (right after the Equifax breach) saw a 53% jump in ATO-related fraud. To address this vector, we’ve seen a rise in demand for risk assessment and scoring tools using alternative data like mobile information or behavioral biometrics.
SIM swaps are an increasingly common topic of conversation within the KNOW community. The good news is that many digital platforms have seen the light and moved toward multi-factor authentication (MFA). The bad news is that many of those MFA processes are SMS-based, opening the door for this emerging fraud vector. With SIM swaps, a fraudster acquires enough information to credibly impersonate a user and convinces the mobile phone carrier to port that user’s phone number to a different SIM card. The fraudster can then exploit SMS-based one-time passwords or MFA processes to take control of accounts linked to that phone number.
In a recent case, for example, a customer is suing AT&T for failing to prevent a SIM swap that resulted in the theft of $24 million in cryptocurrency. With more of our lives and transactions occurring via mobile channels, it’s a real threat to user safety and company bottom lines. As a result, we’re seeing a greater interest in more secure authentication channels, as well as better intelligence around user mobile identity and behavior.
Friction and false positives
Fighting friction often has a few undesirable side effects, however. The twin F-words, friction and false positives, can sometimes be even more costly to businesses than the fraud they’re intended to prevent. 77% of online businesses, for example, prioritize delivering a frictionless experience, yet 58% say fraud prevention blocks this goal. When deployed incorrectly, identity-related friction in a transaction can lead to high abandonment rates and lost revenue. False positives, which incorrectly flag a legitimate transaction as fraudulent, can pack a punch as well. By some estimates, false declines cost merchants $2 billion annually. For many companies, those losses are far greater than the cost of measured fraud.
What we’re discussing at KNOW
Online platforms face simultaneous mandates to minimize friction and fraud while maximizing security and sales. It’s a tall order to satisfy all those goals, especially when they seem mutually contradictory. This year at KNOW, we’re prioritizing discussions around innovative authentication platforms to curb ATO. We’ll dive into the idea of “friendly friction,” the concept that a new generation of customers demands some visible security barriers for higher-risk transactions, like payments or ride-sharing. We’ll also take a critical look at “alternative” data sources, from behavioral analytics to mobile intelligence to augment existing verification and authentication solutions.
Let’s get to work - we’ve got a lot of fraud to fight.