The January Fraud Avalanche: Mark Your Calendar for The Post-Holiday Fraud Frenzy

Every risk professional circles “January” in red: it’s a peak season for fraud attacks. NeuroID’s data confirms significant increases in the number of attempted fraud attacks at the top of the year: in January 2023 alone, our customers had fraud attack rates 70% higher than the monthly average. That’s not just a light winter flurry of fraud, it’s an avalanche crashing down the mountain, engulfing everything in its path. 

January’s torrent of attempted fraud attacks isn’t a surprise, especially coming off of the holiday season, where you likely took on more risk (for the benefit of more reward). But because it can take 30 to 60 days to truly gauge fraud loss and threshold impacts, it’s difficult to pre-emptively adjust controls and prevent the January onslaught. Difficult—but not impossible. NeuroID’s diverse customer pool of top five banks, challenger banks, lenders, payment processors, insurers, consumer finance platforms, and more, provides our data scientists with a rich dataset for in-depth trend analysis. We’ve examined our unique fraud attack data across customers from all of 2023, looking at the timing, causative factors, efficacy of response strategies, optimal responses, and more, to see what can be done to proactively mitigate January fraud (and other seasonal attack trends). 

For example: NeuroID alerts customers to fraud attacks in real time, notifying customers when we see a prolonged increase in the number of high risk users attempting to open accounts in excess of their baselines. NeuroID looks at these attacks hour-by-hour to assess their duration, potential damage, and attack patterns. Customers in January suffered a 93% increase in the number of hours they had risky applicants attempting to onboard above their baselines, which means more manual reviews, identity checks, fraud mitigation costs, and potential credit repairs. That 93% increase in hours under siege translates to an extra full-blown fraud attack each month. In a typical week, our customers get attacked an average of once every other week; in January, it’s one attack every ten days, with 25% of customers having more than 3 fraud attacks in the month. 

70% more fraud attacks, 93% more hours of elevated risk, and more than half of all customers targeted with at least three major attacks: any one of these stats would stand out on its own. All coming at once is a harrowing trend indicative of the January avalanche, where fraudsters crash down en masse on digital businesses. 

While we’ve provided industry data on other kinds of specific attacks in the past (check out our reports on bots and application fraud trends), January is unique. There is no leading type of fraud or significant vector where we can advise customers to tailor new thresholds. We can track the attacks and their styles, but we can’t say there’s a clear pattern of increase: It’s an onslaught from every angle. 

From the industry’s perspective, January seems inevitable, doomed to repeat itself in fraud and mitigation expenses this year. But is there something you could be doing differently today to prepare, not just for this month, but also for the rest of the year’s fluctuations?

Key Factors that Trigger the January Avalanche

In December, as the Thanksgiving/Black Friday/Christmas/Hanukkah spending season ramps up, risk teams within digital businesses reassess their opportunity cost. We see that internally, as NeuroID customers tailor their tolerances in exchange for more business. Others who rely on manual reviews may hire additional temporary staff to ensure that too much excess fraud doesn’t creep through. This typically pays off, with a swell of new customers and sales as the quarter (and year) comes to a close. 

Enter: January. Our data shows the first weeks of January has only a mild rise in fraud attacks. This mild rise, however, crucially includes probing behavior (probing that our customers tell us they only capture with NeuroID behavioral analytics). These are the first warning signs—the rumblings at the top of the mountain before it all comes rushing down. 

Mid-January—specifically, around the second and third week of January—the avalanche kicks off. The temporary staff has been let go, but fraud controls have not necessarily gone back up. Consumers are back online making returns and taking advantage of New Year’s promotions. Money is moving and fraudsters of all types are eagerly following close behind. This is where the fraudsters’ probing pays off, as they’ve mapped the gaps in your fraud stack. They’re ready to strike. 

And strike they do. By mid-to-late January, the fraud attacks are in full-force. Some last weeks while others last only a day or two (but can still bring high-damage).

Your 2024 Resolution Checklist: Proactive Prevention

January isn’t the only month with increased fraud attacks (want a fully predictive timeline of when to expect attacks, based on our research? Sign up for our seasonality trend report, coming soon). Behavioral analytics gives you the ability to scale up automation and adjust fraud detection sensitivity and rules in anticipation of fraud ebbs and flows. 

Based on our research, there are three key ways to bolster your January fraud prevention:

1. Prepare for seasonal trends. Post-holiday vulnerability is only one of the many ebbs and flows of fraud throughout a year. Bolster defenses ahead of the big red-flag months—but keep an eye on the right vectors to target. A catch-all approach can actually hurt real customers more than fraudsters.
2. Invest in Automated, Adaptive Fraud Detection. There are often signals that fraud teams can put controls around (think, a certain IP range). But there’s also the unseen fraud that’s untraceable and is only caught in hindsight. That’s where technologies like NeuroID’s behavioral analytics come in. With dynamic adjustments to fluctuating risk levels, NeuroID provides early warnings of increased activity that can’t be caught with other controls.  
3. Monitor for Probing. While every attack style went up in January, with no singular style, vector, or target, there were still signs of pre-mediation ahead of attacks. Probing and small-scale testing is a clear indicator, and one that only behavioral analytics can fight. NeuroID’s crowd-level monitoring alerts in real-time to unusual activities, offering insights into the nature of the threat and how to preempt and prevent damage from the attack. 

A dynamic risk tolerance can go a long way. Fraud solutions that are flexible throughout the year help you adapt to not only high-risk periods, but new emerging attack styles. NeuroID predictive analytics help you prepare for known periods of increased fraud activity, new attack styles, and anything else that 2024 throws at you.