Kuppinger Cole’s recently released Leadership Compass on Fraud Reduction Intelligence Platforms (FRIP) names ID Dataweb as arguably THE technology leader when accounting for innovation and product capabilities. With an estimated worldwide cost expected to reach $10.5 trillion (yes, trillion) by 2025, cybercrime prevention should be the #1 focus for any publicly facing application. If there is a way to reduce that risk while maintaining customer experience, a business can drive their customers to a safe secure digital experience, thus increasing revenue while limiting risk. Kuppinger Cole’s FRIP Leadership Compass recommends ID Dataweb’s AXN platform as one of the most, if not THE most, innovative and capable platforms for solving this fraud problem.
Below I will talk about the most common types of fraud and recommended solutions, but to read exactly what Kuppinger Cole is talking about and compare vendors in the space, please download the free report here.
How are fraudsters costing businesses $10,500,000,000,000 through fraud?
According to Kuppinger Cole’s report, the three most common types of fraud are:
- Account Takeover Fraud (ATO)
- New Account Fraud (NAF)
- Sim Swap Fraud (subset of ATO)
In Account Takeover Fraud, a fraudster will use breached passwords and credential stuffing attacks to execute unauthorized transactions. Everyone now knows that passwords (what you know) are the weakest of all of the authentication factors. In fact, there are only two types of passwords in the world, those that have been breached and those that are about to be (I can’t find the citation for this but trust me!). The solution for this is weirdly simple, use the other two factors – what you have and what you are. But you need to be certain that you know exactly who the user is when assigning those factors to a credential.
In New Account Fraud, a fraudster will open accounts using a collection of stolen PII (Personally Identifiable Information) to execute transactions or transfer money. This is particularly insidious because the victim won’t know until it shows up on their credit report often at an innopportune time. To solve this problem, the account registration process needs to properly prove and verify an identity upon account creation without being so onerous that legitimate customers stay away. Being able to prove the identity outside of the stolen PII is key, it has to be independent and impossible to fake.
SIM Swap Fraud is a subset of account takeovers. By pointing a customer’s legitimate phone number to the fraudster’s device, many of the fail-safes that companies use to determine if a customer is legitimate are sidestepped. A One Time Password (OTP) goes to the bad guy’s phone so the bad guy gets to vouch for themselves = not good security. Again, simple fix, check for SIM swaps or recent ports on a device before even sending the OTP.
Why is ID Dataweb so well suited to solve fraud?
As Kuppinger Cole reports, ID Dataweb’s AXN (Attribute Exchange Network) “facilitates orchestration of identity attributes and risk factors for analysis.” By orchestrating signals about the user, their devices, their risk data, their credit bureau data and creating a single trust score, the AXN provides a standards-based way for an application to easily verify a user’s identity or risk at the time of account creation, authentication or transaction. ID Dataweb has built a series of commonly used templates that can be inserted into any process for one time or ongoing identity verification.
Specifically for ATO fraud, ID Dataweb can provide risk analysis on the user or the device at time of authentication or before a high value transaction, determining how likely that user is who they say they are. Additionally, for the organization that utilizes the other factors (what you are, what you have), ID Dataweb can verify the user’s identity at the time of credential issuance or recovery, making that biometric or device authentication that much more secure.
New Account Fraud is one of the most common problems ID Dataweb solves. By integrating with all of the major customer identity platforms, we insert a verification workflow directly into the account creation process. This workflow is designed to be as frictionless as possible by first verifying a user’s phone possession and ownership, orchestrating data signals from many sources. If that isn’t sufficient or the user doesn’t pass that verification, we can step up to verifying that data against a selfie and government ID, again orchestrating the collection of data across up to a dozen sources invisibly to the end user. The organization is going to have a much better assurance that their new user is who they say they are.
SIM Swap fraud is ridiculously easy to solve. When verifying an identity or using MFA, simply check with the appropriate Telco to see if the SIM card has been swapped since the last verification. If it has, step the user up to a more stringent verification like checking their government issued ID against a selfie.
There is a reason Kuppinger Cole rates ID Dataweb so highly in this report, we are very well positioned to solve the most common cybercrime and fraud issues. Identity verification and risk detection are the cornerstone of a successful customer facing application. As the Leadership Compass explains, ID Dataweb has a “strong positive” on the product capabilities and innovation needed to solve this growing fraud problem.