November 08, 2023
The key to fighting fraud at scale
Shahar Ronen
Shahar Ronen
Product Manager
Shahar is a product leader who helps companies fight fraud and reduce risk with data and machine learning.
Fraud rings. Repeat offenders. Stolen credentials on the black market. These are just some of the ways fraudsters are organizing collectively. And with fintechs losing an average of 1.7% of their revenue to fraud every year, it feels like working together is working for fraudsters.
If cybercriminals are more effective by associating in a network, why can’t fintechs use a network of their own to combat fraud at scale? This piece shows how using network-based strategies, which incorporate risk signals from the broader fintech ecosystem, gives fraud and risk teams an edge in combating fraud.
Defining the fraud crisis
There are three especially challenging areas of fraud that we should define:
First, companies encounter synthetic identities, which are fully or partially fabricated identities used to commit fraud. Synthetic identities are estimated to be today’s fastest-growing financial crime. Of the many forms of fraud risk leaders encounter, synthetic identities are the type they feel least equipped to handle. [1]
Second, companies must contend with account takeovers (ATOs)—where attackers use stolen credentials to gain control of an account, which they can use to make purchases or steal funds. In 2022, ATO losses hit $11bn and the number of attacks increased by 155% from 2021.
Finally, in identity theft, fraudsters use compromised personal information to steal funds or open accounts under a victim’s name. Risk leaders say identity theft is the most common form of fraud they deal with, and about 69% of consumers say they’ve been a victim of identity theft more than once. [1]
Complexities of the fraud crisis
But what makes these types of fraud so challenging to tackle? A few things.
Stealing data is easier than ever: Dark web marketplaces enable fraudsters to buy personal information to craft synthetic identities or buy credentials to take over accounts. Also, using bots to carry out credential-stuffing attacks makes it relatively easy to find vulnerable accounts to take over.
Fraud rings: Fraudsters are working together to share resources (like stolen credentials) and build up credit or transaction history for fraudulent accounts, making them seem more legitimate.
Password convenience vs. security: Multi-factor authentication (MFA) and password hygiene are some of the most popular fraud defenses. But relying on individuals to do the “heavy lifting” isn’t always successful; an estimated 64% of people repeat passwords exposed in breaches.
Too many checks deter good customers: Identity verification checks can help stop fraudsters. But often, these checks add friction, leading legitimate customers to drop off. Risk leaders have to walk a fine line between rigorous checks and a smooth experience.
Chain reaction: Most fintechs don’t share fraud data with each other, and attackers can use that visibility gap to defraud multiple apps, spreading fraud across the ecosystem.
Fight fire with a network
Using network-based strategies can help fight network-based attacks. This means expanding and diversifying the signals you assess—both in-house and from other sources within a network—throughout the entire user journey. Here are a few examples of how Plaid is putting this approach into action.
Verifying at sign-up
From the very beginning, fintechs verify a customer’s identity during the sign-up process. Risk leaders should not only confirm that the provided identity information is valid and correct but also assess its risk of fraud. It’s important to analyze attributes like a user’s device, IP address, and behavior. Additionally, tapping into a network of insights can be powerful. Plaid Identity Verification’s machine-learning-based synthetic and stolen identity scores do just that, helping you understand the likelihood an identity is stolen or synthetic.
Similarly, risk leaders can combat repeat third-party and synthetic fraud with insights from other apps and services by using Plaid Beacon to pinpoint identities associated with fraud on other platforms. Using fraud reported from other companies can be a powerful input during sign-up and on an ongoing basis to protect your platform and stop repeat fraud.
Ongoing monitoring
Once a customer is verified and onboarded, companies should monitor for risky behavior and transactions on an ongoing basis. With Plaid, companies can detect ATO risk when the source of funds changes by verifying that a customer owns the bank account. With Identity Match, Plaid compares the provided identity data with what’s on file with the financial institution to return a score indicating how well each piece of identity data matches. If an attacker has gained control of an account and links it to a fintech app or service, Plaid can help you spot the discrepancy and understand payer or payee risk.
Securing transactions
When it comes to payments and moving money, you shouldn’t have to pick between mitigating risk and a great customer experience. Built on the industry’s leading consumer-permissioned open banking network, Plaid Signal analyzes 1,000+ attributes to predict risk and prevent costly returns. Signal’s machine-learning-powered risk engine protects over $2 billion in monthly transactions across a diverse set of customers and financial institutions. This means you can facilitate near-instant ACH transactions while significantly reducing risk of returns.
Tackle fraud at scale with Plaid
As fraudsters grow their networks, companies need to fight fraud with a network of their own. With Plaid, companies can learn and benefit from our reach across the thousands of apps and services powered by Plaid to stay ahead of novel threats. This network effect enables companies to not only enhance their risk programs and models but also create a connected network to build a safer digital finance ecosystem for consumers and fight fraud at scale.
Reach out today to learn about a smarter way to protect your company and customers.
1. Plaid-commissioned survey through Opinium conducted on April 17 – 23, 2023, for the purpose of understanding trends in anti-fraud work.