The beginning of a new year is a great time to resolve to improve your customer experience. One of the best places to start is the new account creation process. Financial institutions can spend hundreds, even thousands of dollars per new customer acquisition. Yet too often, potential customers abandon the online account creation process because it is too difficult or confusing.

Why do financial institutions require customers to use a multistep process to open an online account? One major reason is identity theft. According to LexisNexis, 41 percent of new account fraud (NAF) uses real identities with correct personal information, making it very difficult to detect when a stolen identity is used. In this scenario, the bank likely has little or no information to authenticate the new customer. They might only be able to verify that that information belongs to a real person, but not necessarily the right person.

Read the white paper: Transparently detecting new account fraud

The Age of Identity Theft

It has never been easier to buy stolen identities on the black market. Indeed, 15.4 million consumers were victims of identity theft or fraud in 2016, the highest figure recorded by Javelin Strategy & Research since the firm began tracking fraud instances in 2004. Dozens of sites compete in the criminal underground to resell stolen identities, which are indexed and priced according to the victim’s FICO score. According to Brian Krebs, a single stolen identity with a perfect credit score can cost as much as $150.

To help prevent fraudsters from opening new accounts using stolen identities, a financial institution should assess a potential new client from multiple angles by examining the data submitted by the user, information related to his or her online behavior, and specifics about his or her mobile device. Details related to the user’s IP address and mobile provider, as well as information about device spoofing or existing malware infections, can add up to create a picture of a risky new account.

Start the New Year with Happy New Customers

A key to balancing this multilayered security with the customer experience is to collect information seamlessly in the background without interfering with the account creation process. This can be achieved by using behavioral analytics to gauge the customer’s journey and identify geolocation mismatches and data inconsistencies.

Another way to extract deeper intelligence on a potential new customer is to compare information and behavioral data across outside organizations. For instance, a financial institution could analyze a phone number associated with a new account. Mobile carrier intelligence, which provides a reputation score, can then provide a wealth of risk assessment information.

Financial institutions could also correlate user and tracking history and link identities across different financial entities to detect cross-organization fraud patterns. Criminals often use a stolen identity multiple times with different providers to maximize their potential profit.

Welcoming New Customers, While Helping to Stop New Account Fraud

To minimize exposure to new account fraud, security teams should implement strong fraud detection solutions that offer mobile carrier intelligence features and other tools designed to help assess and predict the creation of phony new accounts seamlessly and transparently. With the power to identify new account fraud at your fingertips, fear of identity theft doesn’t have to make you break your New Year’s resolution to improve the customer experience.

https://youtu.be/xJgMiXuIAjI

Learn more about Transparently detecting new account fraud

More from Fraud Protection

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today