Fraud Risk Management in the Data Breach Era

by Carmel Maher

Carmel Maher

Fraudsters are incredibly adept at changing tactics, making fraud risk management challenging.  To further complicate this, several fraud trends have emerged over the past few years. According to Javelin, in 2017 the rate of account takeover fraud (ATO) tripled, and fraud committed online is on the rise due to EMV, with card-not-present fraud now 81 percent more likely to occur than point-of-sale fraud.¹ In addition, identity fraud hit an all-time high in 2017, with a significant percentage of social security numbers being compromised in data breaches.²

With these mounting threats, fraud risk managers are acutely aware that they need to be one step ahead of these criminal minds or they might find themselves two steps behind. Fraud risk management strategies often require personally identifiable information (PII) to verify applicants and assess risk during account opening. However, some industry analysts question whether PII is still useful in detecting fraud with so much consumer information being exposed through proliferating data breaches.³

With 27 million records (and counting) compromised through data breaches thus far in 2018⁴ and more than nine billion records that contain sensitive PII exposed since 2013⁵— is PII still an effective method for assessing whether an applicant is a legitimate consumer or a fraudster? ID Analytics designed a study to answer this question and help the industry understand the impact of data breaches on the value of PII in fighting fraud.

The study analyzed three questions to investigate whether there may be signals in a consumer’s contact PII (mailing address and phone number), that could help detect fraudsters, despite the prevalence of compromised consumer information:

  1. How do legitimate consumers change their contact PII?
  2. How do fraudsters change their victims’ contact PII?
  3. Do patterns exist in the way fraudsters use and change contact PII that distinguish them from legitimate consumers?

Want to learn what we discovered? Download our research brief, Fraudsters Phone Home: How PII drives identity fraud strategies in the data breach era.

Carmel Maher is the Product Marketing Manager for ID Analytics

 

1 Javelin, (2018) Identity Fraud Hits All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy & Research Study [Press release]. Retrieved from https://www.businesswire.com/news/home/20180206005363/en/Identity-Fraud-Hits-Time-High-16.7-Million. (accessed August 16, 2018).

2 Ibid.

³ PaymentsSource, https://www.paymentssource.com/opinion/passwords-usernames-and-other-pii-need-to-be-retired (accessed August 16, 2018).

Identity Theft Resource Center, https://www.idtheftcenter.org/wp-content/uploads/2018/08/Data-Breach-Package-2018_July.pdf (accessed August 16, 2018).

⁵ Ibid, 3.