With data breaches, hacks, scams and phishing attacks all on the rise, businesses worldwide are facing a difficult challenge. On the one hand, they are being compelled to make verification harder, but on the other, from a customer experience (CX) point of view, they must do so while keeping friction to a minimum.
The recently published sixth annual Fraud Report from identity verification company IDology found that striking the balance between these two issues is being seen as a chief concern amongst US businesses.
IDology surveyed businesses across several industries including financial services, fintech, healthcare and ecommerce to find out more about the prevalence of their approach to fraud prevention.
Nearly 60% of the businesses surveyed by IDology said that they had suffered increased fraud attempts last year, with financial services and healthcare reporting the largest rise. The awareness of fraud and data breaches, widely reported in the media in recent years, has also led to increased concern from consumers, with 57% telling IDology they are more worried about their personal information being exposed.
Mobile and phishing attacks rise, card fraud still on top
Although credit, debit and prepaid card fraud continued to dominate as the most prevalent form of fraud across the industries surveyed at just over a third of all cases (67%), 2018 saw a surge in mobile and phishing attacks.
According to IDology, mobile fraud and phishing increased by 63 and 66 per cent respectively year on year. The former can be executed via techniques such as porting and spoofing, while the latter is typically fake emails designed to look like legitimate companies.
You have probably heard a lot about phishing from your older relatives who call you every time they get a message from ANZ.co.rus telling them they need to disclose their PIN for “security reasons”. There is nothing more dangerous than a Boomer with an iPad.
Although there is nothing new about phishing (it has its roots in the Nigerian scams that have been around since I was on ICQ and dial up), it continues to be effective. According to Verizon's 2018 Data Breach Investigations Report, 93% of last year's security breaches can be linked to the technique.
Credit card fraud: It could happen to you
I have had some recent experience with credit card fraud unfortunately. Now let me preface this by saying I am a careful person. I only buy things from secure websites, my card does not leave my wallet, and I always look both ways before crossing the road.
Nevertheless in December, I got a call one Monday morning from one of my banks informing me that my card was “compromised”.
Panic set in. “How bad is it?” I croaked. There was a pause.
Actually, I had noticed I couldn’t use the card on Sunday, but naively put it down to banking app maintenance. Little did I know; my card was locked due to fraudster activity.
The crooks did two small transactions at a service station, before splurging $147.65 on a pizza order. Later I would learn this kind of escalation was common – a couple of small attempts before the big kahuna. Pizza!
Upon the fourth transaction, the bank figured out something fishy was going on (why would I order pizza in Melbourne???) and put a lock on the card. I had a new one come in the mail a week later and while I was waiting I decided to call the bank in question. Yep, I was going to get to the bottom of this.
To this day, I don’t know how the crooks got my data. I swear the card had not left my sight, but a bank rep told me it could have been from an unsecure web purchase, or, scariest of all, due to a brute force attack.
As it turns out, a card can theoretically be brute forced (a fancy way of saying “guessed”) in less than 6 seconds with the right software tools.
When I asked the bank if they could guarantee my new card wouldn’t be brute forced, they became evasive. Presumably the optics of admitting they can’t make such promises are not good so I got passed around the office, talking to multiple reps and getting similar generic answers.
“Be vigilant,” they told me. “Be careful where you shop”, another added. Thanks.
Striking the balance
For the first time in six years, IDology found that friction, not shifting fraud tactics, was the number-one challenge faced by businesses.
The decline in concern about tactics is due to fraudsters doubling down on proven techniques rather than branching out into new scamming frontiers, according to the report.
So how to strike that balance between friction and protection?
IDology says that businesses should look to implement a multi-layered identity verification solution which examines an assortment of attributes and can dynamically make decisions based on a variety of parameters such as device, location and activity.
“We are at a crossroads where the movement to mobile meets high consumer expectations and sophisticated fraud schemes,” says Julie Conroy, research director for Aite Group’s Retail Banking & Payments practice.
“Identity verification is now something that businesses must consider as a key strategic factor for market differentiation and growth. A seamless, comprehensive and multi-layered approach with an anti-fraud consortium network of companies across industries is now table stakes.”
Going forward, survey respondents said that they expect identify verification via mobile device attributes, artificial intelligence, machine learning and the submitting of ID documents via mobile devices to be the key areas of focus.
For example, mobile network carrier data can help verify device ownership in real-time while AI and machine learning can be used to predict and track fraud trends. Snapping pics of identity documents is also easy and quick. But there is of course the question of where that data is stored.
Why friction matters
Just as Boomers are more likely to get suckered in by a phishing scam, Millennials and Gen Zers are more likely to say “screw it” when faced with friction.
39% of Millennials and 37% of Gen Zers told IDology that they had abandoned signing up for a new online account because the process was too difficult or took too long in the past 12 months. Over the same period, just over a quarter of Boomers (27%) said the same.
With friction leading to abandonment, businesses must be more aware than ever to the importance of balancing protection and convenience.
“When considering a future where businesses employ mobile verification strategies and machine learning to both enhance the user experience and deter fraud, there is reason for optimism,” IDology concluded. “Validating identities with behind-the-scenes methods and applying friction only when needed can facilitate faster on-boarding while still deterring fraud.”
If you are looking to reduce friction in your business and improve CX, contact Fifth Quadrant today to learn more about how we can help you.