During our second session of Fraud Office Hours, an attendee asked, "What information indicates synthetic ID fraud or identity theft in combating new account fraud?" Watch this video clip and read below to see how Unit21's Head of Fraud Risk, Alex Faivusovich, responded.
What Information Indicates New Account Fraud Such as Synthetic ID Fraud and Identity Theft?
"Collecting the maximum amount of indicators during the onboarding journey of the customer is the most essential and critical thing you can do.
During this time of economic distress, many companies are paying more attention to new account fraud - for good reason.
Because new account fraud impacts your growth capabilities, it’s a serious problem for companies looking to scale. This has only been compounded by companies that have traditionally focused on 'growth at all costs,' which is a mentality that has been changing in risk and compliance - with organizations shifting to strategies that lead to intelligent, calculated, sustainable growth.
New Account Fraud Prevention: What Information to Look At
The best - and most critical - strategy for preventing new account fraud is to collect the maximum amount of indicators during the onboarding journey of the customer. While most businesses focus on monetary indicators, non-monetary indicators can be just as useful when trying to detect suspicious activity.
Financial institutions (FIs) should collect as much different personally identifiable information (PII) as possible, enabling them to understand all the different elements of the prospective customer. Organizations then need to evaluate each of these indicators separately, one by one, exploring the associated risk for each specific element.
This starts at a high level, with FIs examining all of the PII as a whole. This information can be used to identify whether or not the identity is real. Next, organizations need to dig deeper and determine with surety whether the person going through the onboarding journey and attempting to onboard to your platform is the right person - in this case, the person for which PII has been presented.
At this point, it’s beneficial to examine each risk factor in detail, exploring the risk associated with each risk signal you’ve collected on the potential customer throughout onboarding. To do this, ask some questions about the risks associated with different factors.
A good method is to ask yourself: “What is the associated risk around…”
- the device(s) being used
- the phone number being used
- the email being used
- the geolocation of the user
- the IP address of the user
Any risk signals you can collect information on should be examined for potential threats both individually and as a whole. By exploring each risk factor in detail, teams can catch fraud that would otherwise slip through the cracks.
For most financial institutions, the process and relationship with the identity verification vendor will be critical, as it will define what information you have access to - and what analysis methods are possible. Ideally, you want a vendor that doesn’t limit your ability to analyze the various risk signals that could be present during onboarding.
This analysis will also help financial institutions understand where you need more (or less) controls to protect against synthetic ID and identity theft fraud adequately. Teams can determine where the most significant exposure lies, and then make efforts to close those gaps.
How Unit21 Helps with New Account Fraud Detection and Prevention
Most importantly, we want to help risk and compliance teams be intelligent about how they identify users, enabling teams to detect—and act on—fraud easier, faster, and more effectively.
One of the main ways we help at Unit21 is by providing a flexible rules engine for identify verification. Risk and compliance teams can use waterfall logic that filters down into decision-making. For example, we can streamline a few different onboarding paths for users that include automatic acceptance, automated rejection, and screening methods for those that fall somewhere in the middle.
If certain credentials are met during onboarding, then we may be comfortable accepting the user immediately. For example, this could be set up to occur if the user passes watchlist screening, PEP screening, phone number screening, address screening, and device screening. Conversely, if any of these come back negative, we can automatically decline the customer from onboarding. In both these instances, the acceptance or rejection is fully automated by the system.
But addressing customers that fall in the middle can be more challenging to manage. With Unit21, risk teams can set up secondary screening that incorporates secondary logic or even funnels the user through another provider for additional verification. If this isn’t enough—or doesn’t suit the case—the user can also be funneled into a manual verification. This will alert an investigator to manually review the case and make a determination on approving or rejecting the new user.
But we don’t stop there—after all, the users’ journey doesn't end at onboarding. Post-onboarding monitoring solutions can be used to watch activity of individuals that are higher risk and potentially still pose a risk. Teams can create a subset of rules for higher risk individuals and filter them into a more stringent monitoring program. This will provide early warnings based on their behavior, and can be used to signal to the risk and compliance team if they may be attempting fraud.
Here at Unit21, we’ve seen very positive results come from combining the use of transaction monitoring with non-transaction signals, allowing us to better detect and prevent fraud.
Looking for more insights? Check out our second session of Fraud Office Hours on-demand for a deeper dive into current fraud trends and which preventative measures to consider.