Best Practices for Reducing Digital Account Opening Fraud

Best Practices for Reducing Digital Account Opening Fraud

Chris Purvis

Apr 2, 2021

As our world becomes more digital, so too does banking. While services such as viewing your balance or making a payment has been the norm for many years, the ability to open an account digitally lagged behind. Currently, only 56% of financial institutions allow digital account opening, but that number is expected to increase as more banks and credit lenders meet the expectations of their customers and also adapt to the digital acceleration that has resulted from the COVID-19 pandemic.

While digital account opening has many advantages, such as a significant decrease in onboarding costs and the ability to cater to customers’ schedules it also introduces the risk of digital account opening fraud. The ability to detect and prevent digital account opening fraud, specifically synthetic identity fraud, has made it difficult for many financial institutions to offer online account opening to their customers.

However, to remain competitive, many banks, credit unions, and other credit issuers must balance delivering a differentiated customer experience with the appropriate fraud controls. While there is not a silver bullet, fortunately, the tools, technologies, and solutions have matured to help detect and prevent digital account opening fraud. But first, let’s explore the potential fraud threats with online account opening and then understand the best ways to mitigate those risks.

Faceless Fraud

Digital account opening fraud is typically perpetuated by criminals purchasing personally idenitifiable information on the dark web, normally resulting from a data breach, or they may “steal” a victim’s identity through social engineering tactics like phishing, smishing, and vishing to create a synthetic identity. They then use that synthetic identity to open a bank account, apply for a credit card, or establish a line of credit.

Perpetrators nurture the accounts for many months or even years – paying the balance each month – to build up their credit history with the financial institution. At this point they will strike, typically referred to as bust-out fraud, and leave the creditor to write-off the debt and deduce what happened.

What is Causing a Rise in Synthetic identity fraud?

This rise of synthetic identity fraud allows cybercriminals to commit digital account opening fraud more easily. Here’s why:

  1. With synthetic identify fraud, there is no “real” victim to report the crime. Perpetrators can open and defraud numerous accounts without anyone raising the alarm.
  2. Due to the number of data breaches and security compromises, it is inexpensive to purchase a social security number – the scam’s cornerstone – on the dark web.
  3. Beginning in June of 2011, the U.S. randomized how social security numbers are issued. Consequently, banks can no longer use numbering conventions for crosschecking applicants’ place of birth, age, or other information.

Typical third party fraud controls, like sending a one-time passcode for second factor authentication or prompting the applicant to answer knowledge based authentication questions no longer apply because the criminal is in possession of all this information.

Fighting Back: Keep the Old, Add the New

Cybercriminals are continuously developing new and improved ways to commit digital account opening fraud. As a result, financial institutions need to remain vigilant, balancing both new technology and investments with traditional measures and controls.  Some legacy processes that may transition into the online world and prove effective, include:

  • Request applicant to upload documents. While this may introduce unwanted friction and add time to the process, new services have emerged to verify a document image for authenticity.
  • Consent Based Social Security Number Verification. The Social Security Administration (SSA) is currently developing a new electronic Consent Based Social Security Number Verification (eCBSV) system which will allow permitted entities to accept electronic consents. This may restore some of the advantages lost when SSN randomization was introduced but limited matching capabilities may be problematic or potentially introduce false positives.

While these methods may uncover some attempts to commit digital account opening fraud, they primarily rely on processes that impede the customer experience and may lead to abandonment or not scale to meet desired service levels.

How do legitimate users behave?

As the evolution of account opening fraud outpaces most legacy processes and systems designed to detect it, financial institutions, especially smaller ones, need to continue to invest in software platforms that lead with machine learning, enable consortium data sharing, and expore new technologies. One that has shown promise is behaviorial biometrics that can provide rich analytics and crucial insights into customer activities and intent. Behavorial biometrics, sometimes also referred to as user behavior analytics, can detect account opening attempts that deviate from legitimate users’ patterns, including keystroke dynamics, page navigation, and mouse and cursor movements. These ‘intent’ signals can be captured in real-time and flag which account activities require further investigation and authentication, helping to remove some of the manual review burdens.

When you marry the combination of explainable machine learning, consortium data, device intelligence, and behaviorial biometrics, millions of data points can be compared across industries, devices, and account types, allowing banks and other financial institutions to assess risk and design and develop protocols on how to handle the various risk levels. This is the backbone of Accertify Digital Identity, enabling genuine applicants to receive an optimal customer experience and proceed with little to no friction at all. At the same time, mitigate risk when suspicious patterns and attack vectors arise.

Request a Consultation to learn how Accertify Digital Identity can provide you a multi-layer defense against digital account opening fraud.