Callcredit Blog

Focus on Fraudonomics: Fraudsters are increasingly targeting mobile devices as the key enabler for fraud and financial crime – do you have device identification in place?

Fraud & Verification

How many of you are reading this on your smartphone or tablet? I suspect the majority of you are. We are a mobile technology generation and we use it to access a wider range of services remotely than ever before.

According to research conducted on behalf of Bank of America on an average day, nearly 40% of “millennials” (persons aged 18-34) interact with their smartphone more than anything or anyone else. Falling into that age bracket, I don’t know whether to be shocked by that or not!

Technology has always been an enabler; be that through e-wallet payments, ordering a taxi, placing a bet or setting up a direct debit. Within financial services there are verifiable metrics which support this.

Enabling digital engagement within financial industry, recent statistics;

  • Visa’s third Digital Payments study found that 69 per cent of British “millennials” have used a mobile banking app, with more than half noting that they do so regularly.
  • That same report identified that UK consumers are also making use of device driven payments, with 34 per cent making a peer-to-peer (P2P) digital payment via a mobile device.
  • Within Nationwide’s 2016 annual report, their statistics show that 2.6m customer utilise remote Banking through their mobile web and application channels, circa  35% of their total 7.4M customer base.
  • VISA recently reported that the number of people using mobile devices for payments has tripled since 2015, 74% of UK consumers manage their money or make payments using their mobile device, and the fastest growth rate for mobile banking adoption is 55-64 year olds.

Increased digital engagement is not without its challenges though – the easier you make something for everyone; that means everyone. We (the good guys!) are not the only ones turning to mobile technology for its benefits, unfortunately fraudsters are also increasingly targeting mobile devices as a key facilitator for fraud. What better way for a fraudster to attack than remotely and facelessly?

Get ahead of the fraudster by knowing your customer’s device

Whilst the Financial Action Fraud UK stats show from 2015 to 2016 internet banking reduced by 25% and telephone banking reduced by 9%, we know that incidents of mobile banking fraud and device enabled fraud have continued to cause significant losses. These stats show the shift in focus of fraudsters and highlight the need for robust device identification when it comes to addressing fraud concerns presented within digital engagement. Knowing your customer, in a digital world, realistically means knowing their devices.

One industry challenge, particularly for where organisations are interacting with brand new customers, is to understand what atypical is.

  1. How do organisations understand whether it is typical for Josh Gunnell to use this smartphone to apply for financial products?
  2. How can we verify whether this is the same device that he downloaded his online banking app (to run his account on) versus when he completed the application form?
  3. Or, within the trade and retail space, is this device even Josh’s to sell, or is this his “lost” corporation owned device?

Get the right blend of data in the digital fight against fraud

This is where access to a blend of syndicated, personal and non-personal data enables fraud prevention services come into their own. The view of historic behaviours, geolocation or profile discrepancies and velocity of data very quickly helps identify trust and pinpoint risk. How likely is it genuine that the same identity is applying with subtle changes to the overall application data for multiple products across different devices, time zones and in different languages in a short timeframe? Services deployed in isolation would only expose one side of the story and a holistic view paints the best picture.

It’s important to remember that devices are increasingly becoming the portal through which active accounts are managed and transactions are facilitated. It is important that appropriate monitoring is not only deployed within application processes but within other device driven interactions where is it appropriate to do so.

In parallel with the above metrics, it is worth calling out that the value of mobile technology (as an asset) has increased in line with its functional capabilities – this year saw the launch of the iPhone X, the first mobile phone with a retail value of £1,000. They are an investment on both a personal and corporate level, across mobile phones, tablets and PCs. Device intelligence is something that organisations should be taken just as seriously internally as within dealing with the general public.

The value to a criminal isn’t just in the asset though. We store an incredible amount of information and account credentials within devices – so customers who lose their phone, lose much more than just the ability to post to Instagram or update a Facebook status.

Reporting a lost device to the police is a must

According to a report by Assurant, one of the largest mobile device insurers, a third of all British families suffered theft of a mobile device or tablet in the past three years, more than half failed to report it to the police. Recipero (part of Callcredit Information Group) stats show that mobile phone losses are three times higher than mobile phone thefts.

IMEI data is used across the law enforcement as a key data item in crime prevention for mobile devices, and therefore I can see value in making the most of this data (when available) to support authentication of users and understanding whether a device may be compromised. Indeed it plays into further value propositions to end-customers’ security concerns, that if the worst should happen and a device is stolen that an organisation could pro-actively (and remotely) disable activity for accounts which could be facilitated by that device.

It is sometimes easy to take for granted the ease with which we can now transact, but organisations must not get complacent in their delivery of services online. The digital channel, enabled by the ever increasing adoption of devices, by its very nature removes some historic controls – however I truly believe adaptive and appropriate device insights can be a highly cost effective way of mitigating risk and protecting genuine customers.

Author: Josh Gunnell

Leave A Comment

Your email address will not be published. Required fields are marked *