[Editor’s note: This is a guest post from Tim Dubes, Vice President of Marketing with Ocrolus, a cloud platform for analyzing financial documents based in New York.]
Mirroring the growth in online lending volume over the past half-decade, there has been an acceleration in fraudulent account takeover. According to a pymnts.com report, account takeovers jumped 300% year over year in 2017, and have continued to rise ever since. The trend was particularly pronounced in the lending space; lenders lost $4 billion from account takeover last year, according to Javelin Strategy and Research.
To combat this type of fraud, online lenders need to learn what account takeover entails from a tactical perspective and the tools that are available to combat nefarious activity.
Online Lending Fraud: Account Takeover
Account takeover is a form of financial identity fraud where a fraudster uses some combination of a victim’s PII and ultimately access to an associated financial account to secure a loan and then steal the funds. Fraudsters apply for a loan in the victim’s name, transfer the funds into the victim’s account, withdraw the money and then disappear.
Account takeover can be riskier than other forms of identity fraud, but it comes with several built-in advantages for fraudsters looking for a fast return for their efforts. Unlike synthetic identity fraud, for example, the account takeover perpetrator does not need to build a new identity and associated accounts, or even establish a long-tail financial history to commit the fraud. The fraudster is essentially taking over a person’s identity, pre-existing accounts, and credit history to illicitly funnel money into a safe haven, using the victim’s account as a pass-through vehicle.
Account takeover is facilitated like many other types of identity fraud: a bad actor obtains sensitive information, such as bank account numbers, usernames or passwords, and other key credentials from personal contacts, malware, phishing, or other violations of a victim’s privacy. The fraudster takes out a loan in the victim’s name, and routes the funds into the victim’s legitimate account.
Once the funds are in the victim’s account, the fraudster moves the funds into an intermediary account using SIM swaps, new phone numbers, SMS-grabbing malware, cloning phone identifiers, and other methods to circumvent bank security protocols.
After the money is in the intermediary account, the fraudster cashes out the funds by making ATM withdrawals, purchasing cryptocurrencies, transferring funds to online payment platforms, or buying e-commerce goods. The fraudster might try to hide the origin of the money by employing “mules,” or agents who transfer illegally obtained money, either wittingly or unwittingly.
Combatting Account Takeover with Technology
Account takeover poses unique challenges to online lending, but there are innovative technologies that can help lenders fight back against this form of fraud.
ThreatMetrix by LexisNexis Risk Solutions provides data that detects suspicious behavior or compromised devices before fraudsters can initiate account takeovers. ThreatMetrix’s Digital Identity Network analyzes millions of transactions across billions of devices for thousands of leading global businesses. This data allows organizations to verify that customers are who they say they are.
RSA Web Threat Protection uses behavioral analytics to separate fraudulent activity from legitimate transactions. The solution tracks a large variety of fraud threats, such as new account fraud, fraudulent money transfers, password guessing, credential harvesting, mobile and web session hijacking, and other behaviors that suggest potential account takeover attempts.
Fraud.net has an award-winning AI-powered suite of enterprise tools to manage risk for clients such as online lenders. Fraud.net’s AI, analytics, and data mining platform can quickly identify common schemes and attack methods, including account takeover. The suite’s ‘early-warning’ monitoring, powered by multi-dimensional risk analytics, helps to uncover account takeover fraud before it happens.
Ocrolus has a cloud-based platform for fintechs that transforms documents into actionable data. Powered by AI and a unique, human-in-the-loop data validation process, Ocrolus plugs directly into loan origination systems and includes built-in fraud detection for image alteration and data reconciliation.
Account Takeover: A Manageable Issue with the Right Technology
Account takeover is one of the most expensive and fastest growing forms of online lending fraud. However, by exploring new solutions developed for the fintech community, lenders can combat account takeover and minimize the negative impact it has on profit margins, platform security, public image, and the customer experience.
