April 20, 2018
April 18, 2018
Across the globe, organized Identity fraud continues to grow as fraud syndicates exploit the lack of effectiveness of traditional personally identifiable information (PII). These fraudsters use money transfer and payment companies to move funds from legitimate customer accounts to their offshore accounts.
A leading provider of money transfer services was using ThreatMetrix for its customer logins and payment transactions. It wanted to expand the engagement to solve for identity assessment attacks from an organized fraud syndicate.
The operator identified multiple instances where seemingly legitimate accounts were being created using stolen and harvested credentials.
The established methods of identity assessment and verifications were not able to catch these requests and the fraudsters cleared all KYC protocols. There was no mismatch around customer PII data including age, gender, accent and phone numbers. Unbeknownst to the legitimate individuals these fraudsters had created a parallel persona including bank accounts to set the stage for the ensuing tax fraud at a later date, sometimes over a year later.
The operator realized that the static data it were using has been compromised through credit bureaus and the traditional methods of identity verifications had been shrinking. It needed a better way to differentiate the legitimate customers from these fraudsters without impacting user experience.
“Static data from the credit bureaus has been compromised through the recent breaches and identity leakage. Using this information for customer verification will result in fraudsters exploiting the verification methods easily. With the help of the technology that ThreatMetrix has provided us, we have been able to detect, deter and prevent the activity going through our platform.”
– Fraud and Risk Manager
Upon receiving the first customer complaint, the operator worked with ThreatMetrix to conduct a retrospective review of the transaction. By using the link analysis based on the devices, IP and identities, it was able to identify patterns and also pinpoint additional instances of fraud.
Exposing the Fraud Syndicate
The operator worked with law enforcement agencies to identify a previously known fraud syndicate that had laid dormant for the over three years, building the fake identity for customers. This syndicate was setting up online bank accounts with the stolen credentials that were then used to collect the tax refunds. By leveraging ThreatMetrix, the company was able to help the government agency identify and return approximately $2 million to over 60 customers.
Enhanced Identity Assessment
Leveraging information related to the customers’ true digital identities gave them a much clearer view of the requests that belonged to the syndicate. This allowed them to track the associated devices and other attributes efficiently, regardless of channel, use case, location, presented credentials, or PII. By collecting and maintaining nearly 250 user-specific pieces of information, the operator could identify the fraudsters with a much greater degree of accuracy. This allowed it to use dynamic information to take an extremely proactive approach to preventing known syndicate members from opening a new account or taking over legitimate accounts.
Multi-Channel Customer Protection
With the enhancements to the account registration process, the syndicate modified its behavior to use the stolen credentials to takeover user accounts. By leveraging information around links and associations, from the world’s largest Digital Identity Network built on shared intelligence from over a billion transactions per month, it was able to identify transactions coming from the fraud syndicates.
Since implementation, ThreatMetrix has helped the operator prevent fraud and continue to lead in the growing online lending industry by leveraging the following key capabilities: