opinion
Jane Crossley discusses detecting and preventing account takeover fraud in Credit Today's Speaking Out column.
As a direct result of the credit crunch, lenders have had to become more cautious with their limited capital; resulting in a significant drop in the number of successful credit applications. This toughening up of credit acceptance criteria is bad news for fraudsters, with fewer opportunities to obtain credit through application fraud. Yet fraud is still on the increase, rising by more than 14% year on year for the half year to June 2008. The fastest growing form of fraud, with a 157% increase in the same period (source: CIFAS), is account/facility takeover fraud.
With further economic developments since September, a bigger rise is likely in the second half of the year as fraudsters turn their attention to existing accounts. Using information obtained through illicit means such as phishing, mail interception and other social engineering techniques, the fraudster poses as the account holder to notify the bank or lender of a bogus change of address. Shortly afterwards, they request a new card to replace one that has been 'lost', which is diverted to the bogus address. Alternatively they may request a new password and log in details. Using this information they are then free to run up credit or empty a current account, before the account holder even notices anything untoward; the entire process only taking anything from a few weeks to a matter of days.
With this type of fraud on the increase it's time to shore up defences, which are generally more focused on application fraud. Requesting additional verification from customers for every change of address is both impractical and time consuming, as is asking all customers to collect new cards from branches, especially if the organisation doesn't have a branch network.
A better approach is for banks and lenders to employ a fraud model to identify likely cases of account takeover fraud, and to target only these specific cases for further substantiation or alternative delivery methods. A model based on known fraud cases can be applied at two stages. The first is for every address change request, comparing the original account postcode with the new location, and flagging any that appear suspect. For example, if a change of address shows the customer moving from an affluent area to a significantly less desirable postcode where the likelihood of fraud is high, further proof can be sought to ensure the request is genuine. The second is to apply the same method for lost and stolen claims, comparing the previous address of the account holder with the current address. At this stage you could insist upon branch collection, requiring presentation in person with other forms of ID, signature matching and the deterrent of future identification through CCTV.
The problem of fraud will not go away, and fraudsters are ingenious to say the least. Only by keeping pace with the latest fraud techniques and developing appropriate methods of defence can banks protect themselves and their customers from this growing menace.
Click here to view the article as it appeared in the magazine
Click here to download Adobe Reader for free
