As EMV adoption has forced fraudsters to migrate to different points in the transaction process, many have gravitated toward the application stage, making tools that combat application fraud all the more important.
Stopping application fraud is what ID Score 9.5 is designed to do, ID Analytics product strategist, identity and privacy Ken Meiser said. The latest iteration of the company’s flagship product, released at this year’s Money20/20, ID Score 9.5 has several improvements that will improve application fraud detection rates.
ID Analytics was well aware of the recent data breaches, Mr. Meiser said. A three-time data breach victim himself (including Equifax), Mr. Meiser said ID Analytics keeps evolving their fraud detection patterns as they assess each instance and factor those lessons into a system that screens more than one million applications each day.
“Such breaches are not brand new,” he explained. “You need to assume your PII (personally identifiable information) has been compromised.”
By employing behavioural models, ID Analytics does not have to rely solely on PII, which can be vulnerable as fraudsters stealing identities or creating synthetic ones can use a mix of actual and altered information in an attempt to avoid detection.
When assessing risk, the models evaluate attributes and compare behaviour patterns from a database of information generated by 400 partners. So if a person applies for credit at a telco and bank, the pattern can be compared to a person’s unique behaviour patterns and those of people most like them. Any anomalies could be indicators of fraud.
Mr. Meiser said he’s seeing slightly higher attempts related to specific types of identification but it isn’t certain if those are related to recent breaches or less recent ones. Regardless of where the compromise occurred, specific use patterns tend to emerge. There is an initial activity burst around the stolen identification before a six-month dormancy period. Following some more activity, things get quiet again until the one-year mark.
“At the one-year point what we’re noticing is the industry of activity changes,” Mr. Meiser said.
Another strong indicator is the address attached to that identity changes after the first burst, suggesting the identity may have been sold to someone using it in another vertical. Not good news for people affected by a recent high-profile breach.
“The Equifax data has not been heavily trafficked yet,” Mr. Meiser said. “When they do those folks will be at risk for a very long time.”
ID Analytics also uses convolutional neural networks (CNN), which try to mimic the way the human brain solves problems, Mr. Meiser said. New to the financial services sector, CNN recognizes patterns in images or data sets.
“It’s very good at taking a complex problem and breaking it into subordinate steps,” Mr. Meiser said. “The net result of having a CNN model is you get better fraud section than other techniques and it’s faster.”
ID Analytics’ clients are seeing a 20 per cent effectiveness increase in the amount of detected fraud, he added. As much as 75 per cent of actual fraudulent activity can be detected in a 100-person sample by isolating the two or three most likely applicants and spending time most efficiently on those.
The seconds improved fraud detection measures shave off response time are crucial because in many cases fraudsters quickly act so they can steal as much as possible before they are detected, Mr. Meiser said. While the first purchase in a string might not arouse suspicion, each subsequent one contributes to pattern recognition. Issuing companies can nullify new cards before they are activated.
With the average damage from card fraud approaching $3,500, that number adds up quickly, Mr. Meiser said.
“As consumer behaviour evolves, scoring models also have to evolve or we’ll lose our ability to distinguish the cutting edge fraudster.”