Originally presented at the Visa Risk Executive Council summit for industry-leading risk professionals, a private event held during Visa’s Payments Forum
The Expanding Landscape of Fraud
In our rapidly digitizing world, a post-pandemic shift towards online interactions has inadvertently provided a fertile breeding ground for fraud, particularly in the digital onboarding and payments space. A startling illustration of this issue comes from the CEO of a $20 billion bank who, in 2022, reported that half of the new accounts opened through their online credit application process were fraudulent, resulting in losses of $250 million. But the alarm bells don't stop ringing there. Our deep dive into the data uncovered even more unsettling findings. We found linkages connecting each fraudulent account across multiple financial institutions (FIs), exposing an additional potential risk of $1.2 billion in undiscovered fraud.
The Business of Cyber Fraud: Siloed FIs vs. Unified Fraudsters
Cybercrime losses are currently estimated at $8 trillion for 2023, which would make it the third-largest economy after the US and China. Disturbingly, cyber fraud has evolved into a mature, organized business. On the dark web, criminal enterprises sell AI and automation toolkits designed to exploit the 1.3 billion breached identities. They operate like a global enterprise business, with sophisticated departments for sales, marketing, customer service, and malware or fraud product updates.
In recent discussions with a Bank, their CEO explained how the bank fell victim to a ransomware attack. They were advised to pay a $250,000 ransom by the FBI and their cyber insurance company because the hackers were a "reputable organization." Such is the brazen, professionalized nature of these criminal operations. However, when they attempted to pay the ransomware fee, they were delayed for 2 days while the criminal enterprise consummated a merger with one of their rivals, per the advice of the investment bank brokering the deal.
Cyber criminals and fraudsters team together, sharing vulnerabilities in almost real-time, constantly testing and iterating attacks across multiple institutions. In contrast, FIs are restricted by regulations from sharing information, most often working in silos limited to their own systems and data. This stark difference provides criminal enterprises with a distinct advantage.
Regulatory Backing for Combating Fraud
Government regulators are aware of this burgeoning problem. Many agencies have spun up innovation initiatives to explore how traditional Know Your Customer (KYC) practices could be improved through engagement with financial institutions and technology companies in public/private partnerships. In October 2018, shortly after the FFIEC issued a 7-agency joint press release on the benefits of FI’s sharing BSA resources, we were invited to brief members of the House Financial Services and Senate Banking Committees on using AI and digital identity to modernize fraud detection and have been active contributors to the anti-fraud ecosystem ever since.
In 2020, we participated in the Federal Reserve’s task force that defined the industry standard for synthetic identities. Subsequently, in 2022, FiVerity participated in an FDIC/FinCEN-hosted Tech Sprint, a competition seeking better solutions for "Digital ID Proofing of Remote Banking Customers". Our team’s proposal for a secure, anonymized info-sharing platform won the "Effectiveness & Impact" category.
The ideal platform for anti-fraud collaboration is uniquely designed to combat fraud with an integrated, multi-layered approach. By gathering intelligence from a diverse set of sources, which includes FI’s, as well as their solution and data partners, of all sizes. Leveraging real-time information sharing and the power of AI and machine learning, the platform sifts through anonymized customer data to find fraudulent matches, patterns and trends. Users are provided with instantaneous updates on potential threats, real-time monitoring, alerting, and proactive risk-scoring, The result is a platform that offers a distinctively effective shield against fraud, which has continued to foster engagement and support from regulators.
Collective Action: The Power of Collaboration
The fight against fraud is an evolving battleground and collaboration emerges as our greatest weapon. This collaboration, involving individual financial institutions and partner networks, facilitates the creation of a broader, diversified dataset, forming a formidable "aggregate network."
An aggregate network operates on a simple premise – pooling intelligence from myriad sources, forming an interconnected web of data to better understand and predict fraud patterns. This approach amplifies our capabilities in fraud detection and prevention, with the potency of the network directly tied to the volume and diversity of the data it holds.
Our aggregate network has grown through strategic partnerships with various data partners, and FI solutions, including online account opening and lending platforms, to offer advanced fraud detection to over 50 banks, credit unions, and FinTechs. This collaborative approach has delivered a significant uptick in our fraud detection capabilities, resulting in a notable increase of 45% over the traditional “siloed” approach.
By continuously monitoring and alerting members to fraud signals and matches, we can fight back against the alliance between cyber criminals and fraudsters. We invite you to join our network to help you and your peers fight fraud as it continues to grow with support from the regulators. Together, we can future-proof our industry against this ever-evolving threat.