Come Together to Defeat Fraud
By Greg Woolf, Founder and CEO, FiVerity
Jan 11, 2022
Although banks have expressed interest in collaborating to fight fraud, a range of legal, competitive and logistical concerns have held these efforts back - most notably, restrictions on sharing consumer Personal Identifiable Information (PII). We'll see this situation change in 2022, as losses across banks reach unprecedented heights.
Banks lost an estimated $20B last year to synthetic identity fraud (SIF) alone. Fraudsters on average use a single SIF profile to open eight to ten trade lines, often at multiple banks. Simply sharing information on suspected fraudsters is a highly effective means for banks to root out a range of cyber fraud.
That said, up until now, those efforts have been localized and direct, and mainly utilizing word-of-mouth or direct off-the-record conversations between peers. This will change in 2022.
Momentum is already building, with nonprofits dedicated to information sharing and organizations adding new banks to their coalitions for the coming year.
Private sector companies are also offering new tools to enable sharing and solve the privacy and regulation issues that complicate the process. Data encryption offers the potential to facilitate widespread intelligence sharing, while meeting the customer privacy and other needs of financial services institutions (FSIs).
Distributed encryption across a broad network ensures that no single FSI holds the complete key to decrypt consumer data. In this case, each institution within the network can only access a fraudulent profile if they already have the corresponding PII. This allows companies to receive alerts on fraudsters within their portfolio but stops them from seeing private financial information about their competitors' customers.
Because of technology like this, FSIs will finally be able to share details on fake accounts with each other, slowing the spread of SIF.
In addition to collaboration across banks, removing silos between anti-fraud, cyber security and other teams within banks can improve fraud detection. Although these teams historically focused on different threats from different actors, cyber fraudsters combine elements of traditional identity theft with automation, machine learning and other sophisticated technologies.
An effective partnership across teams requires joint education on the criminal organizations and individual hackers working against them, combining defensive playbooks, jointly evaluating new technologies, and coordinating reporting with law enforcement. Next year, to help combat fraud, you will see more and more FSIs recognize these inefficiencies within their organizations and promote internal collaboration.
For example, as Dustin White, Visa's Global Head of Risk Analytics and Platforms noted in a recent podcast on sharing info to combat fraud, "...oftentimes, information sharing begins in your own house - making sure that the various teams within a financial institution are interconnected. Looking holistically across the data that you already have really matters, and it matters more today than ever because of the increase in fraudster activity and the digitization of crime."
Government agencies and regulators have already begun working with the private sector to raise awareness of cyber fraud and develop new defenses. This will expand in the coming year as stopping SIF takes a group effort.
In 2021, the Federal Reserve sponsored a private-public committee that developed a uniform definition of SIF to help collaborators to speak the same language when working h. To encourage information sharing on suspected fraudsters, FinCEN is reminding banks that this practice is not only legal, but encouraged. The Federal Reserve echoed this sentiment in the first of a series of whitepapers on SIF:
"No single organization can stop wide-ranging, fast-growing synthetic identity fraud on its own. Fraudster tactics continually evolve to stay a step ahead of detection - and the most sophisticated fraudsters can operate at scale in organized crime rings, generating significant losses for the payments industry. It is imperative that payments industry stakeholders work together to keep up with the evolving threat posed by synthetic identity fraud, which includes anticipating future fraud approaches."
Due to a range of actions taken by the government, non-profits, and the private sector over the past two years, impediments to information sharing will rapidly diminish in 2022. This, combined with the continued growth of cyber fraud, will provide the catalyst our industry needs to finally embrace information sharing.