Ai Editorial: How to stop fraud rings from using stolen or synthetic identities?

First Published on 29th May, 2018

Ai Editorial: The issue of identity theft or payments fraud isn’t new. But the functioning of fraud rings, in which fraudsters band together in organized groups, continues to get sophisticated, writes Ai’s Ritesh Gupta.  

 

Merchants are used to enticing online shoppers on their digital platforms, letting them select their preferred product via filters, visualize their shopping cart and eventually wrap it up via a frictionless check-out process. Now imagine the merchant being an illegitimate seller of stolen credit card details and extending the same shopping experience on the dark web! The nexus of fraud rings and their way of functioning is streamlining selling of credit cards and other associated information for $10 or so. Specialists point out that a sense of security is the worst possible sign that the likes of airlines and other travel merchants can hang on to.

Continuous and a bigger threat

The team at Riskified highlights two pertinent points related to fraud rings. First, at the end of the day no entity is safe from the assault of fraud rings. Second, these groups “tend to strike big, and have access to technology and resources that are unavailable to solo or less professional fraudsters”. From automated bot attacks to organized account takeovers, fraudsters are working out new ways to dupe and that too at a rapid pace.

As for one of the routes chosen to dupe genuine customers, these fraud rings find a way to verify fraudulent transactions by contacting phone/ mobile service provider to swap a victim’s phone number on to a new SIM card the scammers own. Criminal cases have indicated that fraudsters have spotted a major vulnerability in the way banks are using their customers’ mobiles to identify them. (A couple of days ago one such case emerged in the U. K. where a victim had  his £17,000 mortgage deposit cleared out of his bank account as fraudsters managed to change his  number on to a new SIM). Such incidents indicate fraud rings have access to detailed information about victims –could be  via data breaches or from the dark web, gaining batches of credit card numbers, complete with CVV, expiration date etc. So the stakeholders involved need to go for a stringent authentication mechanism. As for how fraud specialists like Riskified are helping retail companies, they observed that such transactions feature first time customers and were initiated using a particular phone carrier and a relatively small and uncommon ISP. There is a way to turn down all resulting fraud bids without impacting authentic orders.

Synthetic identity fraud

Another alarming trend as far as fraud rings are concerned is related to the issue of synthetic identity fraud. This type of fraud doesn’t feature taking over existing identities and emerged since financial institutions improved how they prevent and detect traditional identity fraud. This forced fraudsters to nurture synthetic identity fraud. It is initiated by using a blend of fake information, such as a fictitious name, along with real data, to set up fraudulent accounts.  For instance, “Social security numbers” (in the U. S.) that get targeted most are ones infrequently used or ones those are less likely to use their credit actively. So scammers set up such fake identities using potentially valid social security numbers with wrong personally identifiable information (PII). So there could be a real address and the social security number may seem authentic, but the number, name, and date of birth sequence do not match with any one person.

A major problem is the fact that it often is not identified as fraud and the crime can go undetected for an indefinite period. Criminals and other fraudsters rely in large part on the credit reporting system to create and use these synthetic identities.

The account can remain active, and possibly fraudsters capitalize on credit line increases and enhanced credit standing. Finally they max out the credit line and vanish without a hint. For those who get or potentially could get impacted, synthetic identify fraud isn’t easy to identify and prevent. According to a last year’s report released by the United States Government Accountability Office, banks can lose an estimated $50-$250 million in a year from synthetic identity fraud -related unpaid debt. The report also highlighted that fraudsters also exploit credit bureau procedures to improve their credit history by getting legitimate credit users to act as accomplices and add synthetic identities as “authorized users” on accounts in good standing. Over a period that can span months and years, identity thieves may make small charges and clear them, too. This way they set up a decent credit score and gain higher credit limits. In the end, they typically they charge the maximum amount on credit cards for transactions such as airline tickets and this stage is known as the “burst out”. 

The industry is on look-out for astute detection tools to detect and prevent such type of fraud. Advanced data analytics and biometrics are being recommended as solutions for the same.

Key takeaways to curb the activity of fraud rings:

·          Focus on how devices and accounts are connected in order to competently unearth the activity of fraud rings. Device behavior analytics includes transactions from TOR, high-risk locations, IPs, and ISPs, geo-location, IP address, and time zone mismatches etc.

·          Investigate anything that seems unusual or suspicious.

·          Explore how collaboration such as a cross-industry approach or contributing in fraud intelligence can help law enforcement identify, investigate and prosecute fraud.

·          How can unsupervised machine play its part in ascertaining correlations and linkages to find fraud rings? How can the combination of unsupervised and supervised machine learning help? How are specialists evaluating unconventional data points, integrating different data streams that were structured, unstructured, real time etc. and relying on machine learning models to curb the threat of fraud rings?

·          Insert analytical details around uncommon conduct and usual trends as features in technical fraud discovery procedure.

 

Hear from airlines and other industry executives about travel fraud at the upcoming 7th Annual Airline & Travel Payments Summit (ATPS), co-hosted with UATP, (4- 6 September 2018 in Phuket, Thailand).

For more click here

Follow Ai on Twitter: @Ai_Connects_Us