New Research Shows How Behavioral Analytics Predict Fraud Risk Against Advanced Attacks
by PaymentsJournal | December 20, 2023
A financial institution’s onboarding process is a critical factor in a customer’s decision to go with a new financial provider. But many organizations introduce unneeded friction to that onboarding, in an attempt to verify applicants’ identities easily and securely. In the best cases, this increased friction is frustrating to customers and hurts conversions—in the worst cases, it hurts conversions and still doesn’t prevent fraud attacks.
To mitigate fraud attacks, FIs need a friction-free way to see how humans, fraudsters, or bots are engaging with their onboarding—and assess these interactions in real time, protecting good customers from the friction of long step-up processes and manual reviews. Behavioral analytics is a game-changer for both these goals—and NeuroID’s new research illuminates how.
Advanced Detection to Prevent Advanced Fraud
As the saying goes, an ounce of protection is worth a pound of cure. For FIs to remain competitive, legally compliant, and trusted by their customers, they must come to terms with the rapidly evolving fraudulent tactics that bad actors are employing. They must also find ways to strengthen their defenses that incorporates solutions that weren’t built for a point-in-time attack, but to scale across any fraud attack style targeting customer onboarding (without hurting conversions).
To gain a better understanding of these challenges facing the FI landscape, NeuroID monitored fraud patterns across 17 of its customers. Their research found that 74% of fraud attacks were especially fast, lasting no more than 33 hours. And customers experienced an average of nine attacks within a five-month period.
NeuroID’s research noted that the relative speed of these attacks could be attributed to a sophisticated group of fraudsters working in unison to carry out their schemes at an efficient speed. It’s also likely that these professional fraudsters have adopted automated processes to execute repetitive tasks such as creating accounts and stuffing credentials. As anyone in the industry knows, once fraudsters have uncovered a vulnerability, they will unleash their attack via multiple points, hoping to break through before the area of vulnerability can be fixed. If fraudsters aren’t stopped at this point, the damage is potentially exponential and irreversible.
NeuroID’s research looks in greater detail at the various tactics these fraudsters are using to commit distinct types of advanced attacks, including:
- Ambient fraud: This is an ongoing type of fraud by which bad actors are consistently looking for weak links to launch a full-on attack. Although FIs can easily detect this type of fraud, many shrug it off due to its seemingly small scale. However, when the fraudster discovers a vulnerability at scale, the losses can be substantial.
- Fraud ring attacks: These highly sophisticated attacks are carried out in a coordinated effort by professional fraudsters who leverage the latest in technology, communication, and payments to steal from their victims.
- High-velocity attacks: Especially nefarious, these employ a more brutal attack after a weak link has been detected. Upon discovery of the vulnerabilities, the fraudster publishes this information on the dark web, inciting an onslaught of risky applications that aim at firing at all of an organization’s fraud defenses.
According to NeuroID, even if 90% of risky applications were stopped, the remaining 10% can still be problematic because of their high volume. FIs must realize that advanced fraudsters have crucial insights that will help them refine their tactics and create new methodologies to get around security measures with any future attacks.
How Behavioral Analytics Works
Behavior is unique to individuals and nearly impossible to spoof. Behavioral analytics capture the way a user interacts with an online form or application, which leaves a footprint that can’t be replicated. Therefore, the intention of the user is revealed with every swipe, text, type, and similar nuances.
NeuroID’s behavioral analytics detect when a user is not who they claim to be based on their behavior, specifically if their actions are incompatible with someone who is accustomed to their own personally identifiable information (PII). With that information, FIs can make real-time decisions on where to apply friction (for risky users) or to lighten friction (for trustworthy users), thus solving the dual challenge of stopping fraud while streamlining conversions.
For example, a credit card issuer uses NeuroID to identify fraud on two fronts: the prequalification and customer account application phases. During a six-week period, NeuroID detected five spikes in risky activity on the issuer’s website, in addition to 500 risky user flags. With this information, the issuer included document verification for these suspicious applications, leading to many of the risky applications being abandoned. This solution was able to read the intentions of these bad actors with behavioral analytics insights in real time, thwarting any future fraudulent attacks.
Behavioral Analytics Essential for Fraud & Friction Mitigation
Behavioral analytics are essential to mitigating fraud at the application level for FIs. By identifying suspicious activity early, without harming legitimate customers, FIs stand to minimize considerable losses and increase conversions. Behavioral analytics help identify high-risk applications for further investigation and reduce needless disruptions for legitimate customers.
Although organizations, including banks, sometimes see fraud as just a cost of doing business, the reality is that they can mitigate some of the significant costs fraud costs with behavioral analytics in multiple ways. For example, NeuroID has helped FIs save costs by reducing the overhead associated with closing down fraudulent accounts, reducing API calls by providing decisioning higher in the onboarding funnel, and reducing friction by enabling unique tracks based on determinate decisioning. As fraudsters continue developing the newest methods and avenues for attack, organizations must remain vigilant and employ the newest, most sophisticated methods to identify and mitigate fraud without harming the conversion experience.