What is application fraud?
Application fraud is a form of identity theft.
Applying for new products, often credit cards, bank accounts, loans, tax rebates using somebody else’s stolen identity and costs the financial sector millions each year.
In addition to the financial loss, this type of fraudulent activity can create high levels of brand damage and negative publicity, customer loss and reduced levels of satisfaction.
Our recommendations
Early behaviour profiling is a key part to combating Application Fraud.
Real customers don’t apply for credit cards and loans everyday.
For your company’s protection, we advise monitoring behavior across multiple user interaction points on your website or app, using a wide net of well-tuned sensors. It is important to understand both ‘good behavior’ and ‘negative behavior’ to properly assess the risk of a transaction.
To detect fraudulent activity, it’s also important to understand the users behavior in context to their recent action and overall site activity. Has the user reset their password and applied for a loan from a different location than usual? Did they fill out the application in less than a second? Is this the fifth application today? Are there currently signs of a distributed botnet attack on your website?
Brand image and customer perception should be considered. Some companies prefer overt security countermeasures: sending the customer a text message to confirm the receipt of a new application, for example.
Some prefer invisible, behaviour-targeted countermeasures. Our products can be configured to either preference.
Risk-based authentication solutions
There are many subtle signs that can be monitored by your risk-based authentication solution to accurately assign a risk score to a user in a given session. For an effective RBA framework, one needs to have the correct layers in their environment and set intelligent rules to properly identify fraudulent attempts.
Layers such as passive biometrics and behavioral analytics provide pinpoint accuracy verifying the legitimacy of a user, especially when combined with intelligent interdiction; the act of only asking for additional authentication when suspicious behavior occurs.
Learn more about our verification solutions, which include risk-based authentication.
Application fraud statistics in North America
According to Statista, by September 2017, 22% of internet users in the United States had been victims of identity theft. By using social engineering, collecting information about an individual from what they voluntarily share online, bad actors can learn about you and begin filing applications pretending to be you. The damage can be far-reaching when combined with the information fraudsters can purchase on the dark web.
The Breach Level Index tells us that there are 9.7 billion records that have been lost or stolen since 2013 – that’s more records than there are human beings on planet Earth! 158 Million Social Security Numbers (SSNs) were breached in 2017 alone, making nearly 49% of the U.S. population vulnerable to application fraud.
If such a high percentage of people have their information compromised, it seems logical that companies are changing the way that they verify your identity. You can read here how different verification methods are making the breached data useless, to improve customer experience, and fare better against application fraud.