By Mike Gross, Head of Global Fraud & ID Product Innovation, Experian
Fraud continues to be one of the biggest issues facing today’s digital landscape. According to Experian’s 2019 Global Identity & Fraud Report, 55 percent of businesses have seen an increase in online fraud losses over the last 12 months. What’s more, only 50 percent of companies believe they have a high level of understanding about how fraud affects their business. One reason for this may be that businesses tend to focus on catching fraud in the act rather than keeping fraudulent attempts away from their virtual door. Since fraud attack rate combines both detected and missed fraud attempts, this important metric tends to get overlooked. Even if it is reported, the fraud attack rate often sits on the sidelines because many businesses believe they have little control over who is trying to get in.
What your Fraud Attack Rate is trying to tell you
Successful fraud attacks are one of the clearest indicators to fraudsters which businesses are the most vulnerable and easiest for them to commit fraud. If you are an “easy target,” that generally means that fraudsters have found they can at least get in and begin to transact. With the fraud prevention tools you have in place, you will catch some of the fraud but not all. Fraudsters depend on this thinking because you are busy trying to stop all of the fraudulent attempts rather than closing that virtual door. So, if you have a high attack rate, fraud losses can be nearly 56% higher than a business with a low attack rate. What’s more, businesses with a high attack rate generally have much higher operational expenses – like fraud investigator headcounts - because they are “busy” trying to catch fraud from attempts already in their system. So, while the business with the higher attack rate might be detecting more fraudulent attempts, they are actually spending more money than if they changed their thinking to stopping fraudseters from ever getting through.
It’s time to rethink the impact that the fraud attack rate has on a business. Here are three things to consider.
- Make it hard for fraudsters to get in
Criminals are always on the lookout for soft targets. They scour the dark web and online forums to find the types of businesses that are easier to attack than others. They coordinate with other criminals to orchestrate attacks. And they learn. Businesses should take a hard look at internal policies and procedures to better understand where gaps reside. It is less complicated to keep someone away rather than trying to get them out when already in the system.
- Look beyond your own walls
Oftentimes, businesses within a sector will experience similar types of fraud attacks. If a business is in an industry that only contains a few major players, such as airlines, telecommunications, or delivery services, a change in policies in just one of those businesses can really shake things up and either eliminate or increase points of possible attack. So while evaluating internal policies is crucial, it’s also important to conduct frequent and thorough competitor analyses to determine how often industry peers have experienced fraud attacks, when they are most frequent, and their overall impact. These types of reviews can also shed light on potential roots of the problem, whether it is human error, ongoing phishing attacks, lack of resources, or even weak internal policies. By conducting regular audits, businesses can anticipate potential issues in their plans and procedures, make any necessary changes to the plan, and implement the right layered fraud prevention solutions.
- Equip your business with the fraud prevention strategies that are the right fit
Remember, fraudsters count on businesses to be “busy” trying to stop fraud once they are in that virtual door. The more attacks that occur, the higher the probability that fraud will get through. We’ve found that the most effective fraud prevention strategies contain both technical and human elements because that is the way most criminal businesses operate. Strategies like machine learning are key because they help identify attacks quickly – so is a consistent strategy to identify real customers right away. By slowing the flow of fraudsters that actually get through, the number of fraud attacks will begin to slow too. It will never completely go away but it will slow the number down to a manageable level.
By keeping the fraud attack Rate top of mind, businesses are setting themselves up to be better prepared to defend against fraudulent activity and to potentially lower their chances of attackers targeting their business. Ultimately, a strategy which includes both technology and fraud experts will help turn fraudsters away, mitigate potential loss, build customer trust, and increase customer retention.