We’ve all heard about the consumer victims affected by the series of massive data breaches and the litigation being brought forth against the most recent hacking victim, Equifax.
But what’s not being talked about are the other victims of this attack: businesses where stolen data will be used to illegally to obtain money, goods, services and more. For online lenders, data breaches of the size and extent of what we’ve been experiencing can lead to devastating financial and customer losses.
Savvy lenders are proactively tackling this coming wave of fraud and not waiting for catastrophe to strike. Lenders can simultaneously protect their business against losses while becoming a critical line of defence against identity fraud for their customers.
This most recent hack has released the names, social security numbers, addresses, birth dates, credit card numbers, and confidential documents of 143 million U.S. consumers. The sheer magnitude of information available in this breach makes it especially easy for criminals to curate profiles that can be used for account takeover and synthetic identity fraud.
Because many online lenders rely on email verification and victim emails were not a part of the hack, there is a false belief that this type of identity check will be effective at uncovering fraudulent activity. However, savvy criminals can easily concoct emails that appear legitimate or even use an aged email to sneak by an identity verification process. More identity data elements need to be verified and connected to the individual.
To truly defend against data breaches, it’s critical to do more robust linkage analysis between a name, address, phone, IP and other non-PII data. As there is certain data that cannot be falsified. For example, a proximity of IP address to the applicant’s physical address or phone location. Or verifying the email provided matches the applicant’s phone number and email address.
When identity data is reviewed as part of a whole rather than individual pieces, red flags become obvious. For example, a prepaid phone, a newly-created email with an IP address far from the billing address, is glaringly fraudulent. Better yet, apply rules and thresholds to automate the process and need for manual review.
Eva Casey Velasquez, President and CEO of the ID Theft Resource Center which provides non-profit resources and support to victims of identity fraud has recommended businesses take action with multi-factor authentication processes.
“We are encouraging businesses to be fearless in their security,” she said. “At the end of the day, it is your customer base that you are helping.”
The rate of data breaches continues to pick up speed with no end in sight. Lenders that fortify their fraud management strategies with a multi-layer approach will be able to block the attacks from this Equifax data breach and all of the others that will inevitably follow. They’ll also earn the approval of their customers who will appreciate the thorough protection.