Shifts in Fraud Tactics Cause Big Headaches Across Verticals
While each industry faces unique challenges and opportunities in terms of fraud vectors and fraud prevention, new research that conducted comprehensive interviews with fraud management executives revealed certain commonalities across industries.
According to a white paper by Mercator Advisory Group and sponsored by IDology, the growing number of data breaches in the United States is increasing the ability of fraudsters to gain identity information and account access information—and creating new risks for service firms.
It found that in particular, multi-layered authentication protocols are critical for assuring the success of identity verification and fraud management strategies, as well as preserving a positive user experience for customers.
“Identity fraud is an evolving risk that affects many industries and technologies,” said John Dancu, chief executive officer of IDology. “Today, companies are struggling to balance security and authentication with the need to deliver a customer-friendly experience with little to no friction, especially given that the mobile and online channels are increasingly targeted by fraudsters and the growing consumer adoption of these channels.”
The report noted that, for instance, a shift to more electronic records and payments means that a greater share of sensitive personal and financial information is stored remotely. With this shift, the potential for breaches of security systems has grown in the past few years and there have been a number of notable data breaches across industry categories.
Within the healthcare industry alone, in just the first five months of 2015, data breaches occurred at three major health insurers in the United States—Anthem, Premera Blue Cross, and CareFirst—affecting up to 92 million patient records. But the report found that companies have not come to grips with the potential consequences.
“Medical personnel, for example, often underestimate the potential for identity theft since an in-person visit by the consumer is required for most prescriptions and treatments,” the report noted. “Once they have hacked patient records, criminals can use the stolen identity or insurance information to obtain healthcare themselves, acquire prescription drugs for resale on the black market, sell the insurance information to uninsured persons or develop other schemes to perpetrate fraud such as creating a fake clinic or facility to sell but never ship medical equipment reimbursable by a health insurer or Medicare/Medicaid.”
The threat is not limited to healthcare. Companies involved in alternative financial services, for example, have found that social media and email can connect fraudsters to unsuspecting consumers and help drive social engineering scams in which fraudsters trick victims into divulging their credentials.
One VP of risk management at a financial services firm noted in the report that “Identifying the person speaking or registering is our No. 1 priority. If we give approval to the wrong person, then everything down the road can go wrong and we’ve opened up a big pool of fraud—unauthorized charges, charge-backs and Better Business Bureau inquiries.”
Also, mobile account acquisition, opening and self-service are important focus areas for investments in fraud management technologies. Dancu added, “The research shows that, with the rise of mobile devices being utilized to access accounts across many consumer-facing industries, mobile security needs to be a top priority for organizations as the mobile channel is the next battleground being used by cybercriminals.”
That said, fraudsters are also adapting their strategies and discovering new methods to attack sensitive personal, financial and healthcare data.
“To combat fraudsters, it is imperative for organizations to employ robust, layered identity verification and fraud prevention solutions that are optimized for these channels. We hope this research educates risk professionals in all industries and furthers the dialogue within the fraud prevention community that as consumers change habits, our view of fraud prevention should change with them,” said Dancu.
Photo © alexskopje
Source: Information Security Magazine