The Singapore government recently announced its Fortitude Budget, with the main focus in supporting businesses and their digital transformation. While many businesses are prioritising business continuity, not all consumers and organisations are aware of the security threats that come as more of us continue to work and learn from home.
Fraud is a challenge that businesses have faced prior to the pandemic and will be exacerbated as digital transactions continue to rise. Experian’s research reveals that fraud is a significant problem globally for businesses and consumers, particularly as more users spend time online. The 2020 Global Identity & Fraud report, shows that fraud has increased in the last 12 months for three in five businesses worldwide.
With most fraud detector professionals working off-site during the pandemic and having zero or limited access to their on-site systems, some are unable to thoroughly identify and manage fraud cases. In the meantime, fraudsters have identified these gaps and are using malware and phishing campaigns to scoop up data, duping the unaware and unprepared.
Fraud increases during an economic downturn
Unfortunately, fraud typically increases during economic downturns. With the lockdown in Singapore and various countries in the region, manual identity checks have come to a halt. Being off-site means that fraud specialists are unable to access their fraud systems. We have observed early signs that have shown that the quality of application of credit have reduced, and this can be associated with increased fraud rates.
In the meantime, fraudsters have identified these gaps and are using malware and phishing campaigns to scoop up data, duping the unaware and unprepared. With phishing, fraudsters impersonate an organisation using fake emails or text messages, which require individuals to click on suspicious links or freely provide confidential information such as credit or debit card details, card verification values (CVVs), bank account numbers, and passwords. In recent high-profile phishing cases, fraudsters used the World Health Organisation (WHO) and Microsoft Teams as covers.
Fraudsters are now targeting home and small-business routers and changing DNS settings, so consumers are redirected to fake COVID-19 websites to unwittingly download advanced malware programmes. These stolen identities are then sold on the dark web. Fraudsters use this acquired data to create new accounts, take over existing accounts, or conduct synthetic identity fraud — mixing legitimate and fake customer information to create new accounts.
A data breach does not result in an immediate fraudulent attack using the stolen credentials. Today, fraudsters are focusing on obtaining maximum information which can be used later for various activities like new account creation or account takeover. There is an estimated lag of one to three months between fraudsters stealing customer data and the sale of that data on the dark web, account checking and synthetic ID fraud. At times, this fraud cycle can stretch to 24 months, which poses an extended period of worry for businesses.
How businesses can build a recession-proof fraud strategy
COVID-19 has accelerated the need for businesses to implement a recession-proof fraud strategy. An open API fraud management platform is an important component that enables businesses to respond to challenges swiftly:
Full digitalisation of the fraud detection process
An effective fraud management platform is digitised from end-to-end, covering initial identity verification stage to decisioning. This move to automation ensures the accuracy and timing for fraud detection and improves the agility and cost-effectiveness of fraud operations. The use of APIs further helps to future-proof a fraud management strategy.
Implementing a multi-layered fraud prevention framework
A platform-based model ensures that there are multiple data sources as well as integration with third-party services that counter increasingly sophisticated synthetic fraud attempts. This model generates different data sets ranging from entire user sessions, identity validation, to email risk scoring, biometrics and machine learning. This means that the fraud prevention strategy blends perfectly with customer experience and reduces false positives — keeping fraudsters out and letting legitimate customers in.
Remotely accessible case management platform
Remote access for team members empowers employees to review case summaries and configure workflows for added efficiency to support their investigations. This means that fraud detection work can go on anytime and anywhere, given the current work-from-home arrangements that are set to continue soon.
Digital capture and verification of identity documents
This abolishes the need for a physical presence when submitting and reviewing government-issued identity documents such as ID cards, driver’s licenses, or passports. The platform verifies documents in near-real-time, which is crucial for meeting AML and KYC requirements as well as digital onboarding. It also utilises compliance data checks and facial recognition to ascertain the authenticity of submitted documents.
Use of machine learning to detect fraud
The use of machine learning in fraud detection enables organisations to work with large data sets for sharper classification over typical static statistical models. This offers a learning mode to handle changes in fraud patterns. Machine learning is likely to become a mainstay as processes become more digital and fraud continues to pose a challenge.
Looking beyond COVID-19
Opportunistic fraudsters abuse the pandemic to target vulnerable businesses and consumers. As fraudsters step up their game, so should business leaders. There has never been a more important time to make fraud management a priority. Open API platforms that offer digitised, multi-layered, flexible, and remotely accessible fraud solutions will help organisations and their customers look beyond the crisis and be better protected against fraud.
