Executive View

Deduce Customer Alerts and Identity Insights

Fraud is a pervasive and growing problem in most online businesses today. Fraud is eroding profits and decreasing consumer confidence across retail, finance, travel, healthcare, and many industries. The Deduce platform includes Customer Alerts and Identity Insights which serve to provide transaction confirmation and reassurance to consumers as well as actionable, fraud risk- reducing intelligence to corporate clients.

John Tolbert

jt@kuppingercole.com

1 Introduction

Fraud is a major cost to businesses worldwide. Cybersecurity Ventures estimates that cybercrime costs will reach $10.5 trillion by 2025. Fraud has been exacerbated by the Covid pandemic. Banking, finance, payment services, and retail are some of the most frequent objectives of fraudsters, as expected. However, insurance, gaming, telecommunications, health care, cryptocurrency exchanges, government assistance agencies, travel and hospitality, and real estate are increasingly targeted as cybercriminals have realized that most online services trade in monetary equivalents. Moreover, after years in the sights of cybercriminals, banking and finance in general are better secured than other industries, so fraudsters attack any potentially lucrative target of opportunity. Fraud perpetrators are also continually diversifying and innovating their Tactics, Techniques, and Procedures (TTPs).

The most prevalent types of fraud businesses and government agencies experience today are:

Account Takeover Fraud (ATO) – occurs when fraudsters use breached passwords and credential stuffing attacks to execute unauthorized transactions. Additional means for account takeover fraud are malware attacks (man in the middle and man in the browser) as well as the use of Remote Access Tools via Trojan or social engineering scams.

New Account Fraud (NAF) – also called Account Opening (AO) Fraud, often happens as a result of using stolen identities or assemblages of personal information to create a synthetic digital ID, and can be more difficult to detect but has advantages for attackers. This type involves gathering complete sets of or bits of PII (Personally Identifiable Information) on legitimate persons to construct illegitimate accounts. Educational, financial, and medical records can be sources of PII used for assembling fake accounts, which are then often used to abuse promotions and instant loans and/or used as mule accounts to move money around.

The chief mitigation strategies against these types of fraud employ real-time risk analytics and decisioning. Risk-based Multi-Factor Authentication (MFA) can eliminate a substantial portion of ATOs by increasing authentication assurance levels. Risk-based MFA often evaluates credential intelligence, device intelligence, user behavioral analytics, and behavioral/passive biometrics. To decrease NAF/AO/Synthetic Fraud, increasing identity assurance at registration and authentication time with identity vetting services is recommended. Bot detection and management can also be helpful at cutting other types of fraud.

Risk-based MFA and transaction processing solutions operate optimally when integrated with or informed by Fraud Reduction Intelligence Platforms (FRIPs). FRIPs provide to risk-based MFA and transaction processing systems the information needed to make more accurate decisions on whether or not transactions should execute. FRIP solutions generally provide up to six major functions:

  • Identity proofing
  • Credential intelligence
  • Device intelligence
  • User behavioral analysis
  • Behavioral/passive biometrics
  • Bot detection & management
Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.