We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
The rise in identity fraud has set new records in 2022. This was put in motion by fraudulent SBA loan applications totaling nearly $80 billion being approved, and the rapid rise of synthetic identity fraud. Almost 50% of Americans became victims of identity fraud between 2020 and 2022. The National Council on Identity Theft Protection found that, on average, there is an identity theft case every 14 seconds. Last year alone, businesses lost $20 billion to synthetic identity fraud, $697B from bots and invalid traffic, and more than $8 billion from international revenue share fraud (IRSF).
Cyberattackers use a combination of real and fake personal information, including Social Security numbers, birthdates, addresses, employment histories and more, to create fake or synthetic identities.
Once created, they’re used to apply for new accounts that fraud detection models interpret as a legitimate new identity and grant credit to the attackers. It’s the fastest growing form of identity fraud today because it’s undetectable by many organizations’ existing fraud prevention techniques, models, and security stacks.
Existing fraud models fall short
Fraud prevention analysts are overwhelmed with work as the variety of the evolving nature of bot-based and synthetic identity fraud proliferates globally. Their jobs are so challenging because the models they’re using aren’t designed to deal with synthetic identities or how fast fraud’s unstructured and changing nature is.
Approaches using structured machine learning algorithms are effective to a point. However, they’re unable to scale and capture the nuanced type of attacks synthetic identities are creating today. Machine learning (ML) and artificial intelligence (AI) techniques to capture the nuanced nature of attacks aren’t as effective as needed to strop attackers, either.
LexisNexis Risk Solutions found that existing fraud discovery models are ineffective at detecting between 85% to 95% of likely synthetic identities. Many existing modeling techniques for fraud detection lack real-time insights and support for a broad base of telemetry data over years of transaction activity. The lack of real-time visibility and limited transaction data sets translate into inaccurate model results.
Given their limitations, existing fraud prevention model techniques aren’t treating identities as a new security perimeter, which is core to sustaining a zero-trust framework while putting an entire organization at risk. CISOs have told VentureBeat they need enhanced fraud prevention modeling apps and tools that are more intuitive than the current generation, as they’re onboarding more fraud prevention analysts today in response to growing threats.
How AI Is Helping To Stop Identity Fraud
Reducing false positives that alienate real customers while identifying and stopping synthetic identities from defrauding a business is a challenge. Each identity-based artificial intelligence (AI) provider is taking a different approach to the problem, yet all share the common attributes of relying on decades of data to train models and assigning trust scores by a transaction. Leading vendors include Experian, Ikata, Kount, LexisNexis Risk Solutions, Telesign, and others.
For example, Telesign relies on over 2,200 digital attributes and creates insights based on approximately 5 billion unique phone numbers, over 15 years of historical data patterns, and supporting analytics. In addition, their risk assessment model combines structured and unstructured machine learning to provide a risk assessment score in milliseconds, verifying whether a new account is legitimate or not.
Providing fraud prevention analysts with more informed insights and more effective tools for creating constraint-based rules for identifying potential identity fraud risks needs to happen. Enabling more real-time data across a global basis of transactions will also help.
The goal is to better train supervised machine learning algorithms to identify anomalies not visible with existing fraud detection techniques while supplementing them with unsupervised machine learning exploring data for new patterns. Combining supervised and unsupervised machine learning in the same AI platform differentiates the most advanced vendors in this market. The following are five ways AI is helping to detect and prevent growing identity fraud:
- All businesses are being forced to move higher-risk transactions online, putting more pressure on AI to deliver results in securing them. Often, customers prefer to use online over in-person methods for convenience and safety. Getting identity verification and affirmation right means the difference between securing a customer’s account or having it breached. Using AI to balance trust and the user experience (UX) is critical for these strategies to work. Trust scores help fraud prevention analysts create more effective constraint-based rules and workflows that save time while reducing false positives that impact customers’ experiences.
Unfortunately, synthetic fraud has successfully evaded fraud prevention techniques that don’t provide a solid methodology for trust scores. For example, a vendor shouldn’t provide a trust score if it weren’t based on a multi-year analysis of transactions combined with real-time trust identity management and trust identity networks, as Kount, Telesign, and other leading providers offer.
- AI needs to provide the insights for identity proofing, fraud detection & user authentication to work well together. Today, these three strategies are often left in separate silos. What’s needed is the contextual intelligence AI can provide to ensure an organization has a 360-degree view of all risks to customers’ entities. CIOs and CISOs tell VentureBeat that going all-in on fraud detection means integrating it into their tech stacks to get the decades of transaction data combined with real-time telemetry needed to battle synthetic fraud today.
Breaking down the barriers between systems is table stakes for improving the accuracy of identity spoofing, fraud detection, and user authentication. To excel at battling synthetic fraud, it takes an integrated, end-to-end platform designed to integrate with a wide variety of real-time data telemetry sources combined with decades of transaction data. The richer and more representative the data set and telemetry data, the higher the probability of spotting synthetic fraud attempts. Jim Cunha, secure payments strategy leader and senior vice president at the Federal Reserve Bank of Boston, wrote, “Organizations have the best chance of identifying synthetics if they use a layered fraud mitigation approach that incorporates both manual and technological data analysis.” He continued, “In addition, sharing information both internally and with others across the payments industry helps organizations learn about shifting fraud tactics.”
- AI’s many predictive analytics and machine learning techniques are ideal for finding anomalies in identity-based activity in real-time. The more data a machine learning model has to train on, the greater the accuracy of its fraud scores. Training models on identity-based transaction data provide real-time risk scoring for each transaction, thwarting identity fraud. When evaluating fraud detection platforms, look for vendors who can combine the insights gained from supervised and unsupervised machine learning to create the trust score they use. The most advanced fraud prevention and identification verification platforms can build convolutional neural networks on the fly and “learn” from the data patterns identified through machine learning algorithms in real-time.
- Identities are the new security perimeter, making zero trust a given in any fraud prevention platform. Getting zero trust right as a strategy is indispensable in reducing and eliminating identity fraud. When zero trust’s core principles, including least privileged access, identity and access management, micro-segmentation, and privileged access management, are all supported by AI, successful fraud attempts drop rapidly. Human and machine identities are often the most challenging threat surfaces for any organization to protect. Therefore, it makes sense that Telesign is seeing their enterprise customers adopt identity verification as a part of broader zero trust framework initiatives.
- AI reduces the friction that customers experience while onboarding, alleviating false positives. One of the paradoxes that fraud analysts face is what level to set decline rates at to protect against fraud and allow legitimate new customers to sign up. Instead of making an educated guess, fraud analysts can turn to AI-based scoring techniques that combine the strengths of supervised and unsupervised learning. In addition, AI-based fraud scores reduce false positives, a major source of customer friction. This translates into fewer manual escalations and declines, and a more positive customer experience.
Telesign’s approach is differentiated in its reliance on the combination of phone number velocity, traffic patterns, fraud database consortiums, and phone data attributes. Its scoring methodology also evaluates identity signals, looking for any potential anomalies that could indicate a synthetic identity. The system automatically “learns” based on data patterns discovered using predictive analytics and supervised and unsupervised machine learning algorithms. The following graphic explains the workflow:
Real-time telemetry data is key
Synthetic identities are just the beginning to show how ingenious attackers will get trying to steal identities and defraud businesses and governments for billions of dollars yearly. Too much implicit trust in fraud prevention systems is like a door left open to a bank vault with all the contents freely available. Removing implicit trust using data can only go so far. Enterprises need to tighten up their tech stacks and eradicate any implicit trust at all, and that step alone, along with getting a few high-profile zero trust wins starting with MFA and identity access management, along with privileged access management.