Fighting Fake Accounts: Time to Look Beyond Simple MFA

In March 2021, the US Federal Bureau of Investigation (FBI) released its 2020 Internet Crime Report (ICR) data. The report indicated that the bureau had logged over 791,790 incidents of cybercrime in 2020, which resulted in about $4.2 billion in losses. This number rose by almost 69% in comparison to 2019.

Online fraud and identity theft are growing concerns. There is always a chance of a fraudster lurking in the background to grab the right opportunity to take over your digital accounts. But the good news is that agencies, companies, and countries are coming together to close the security gaps and stop fraudsters from preying on online customers.

This article explores the various facets of the rise in fake accounts and access to false information and how companies like Prove, with its Trust Score™, can combat these problems in real time.

Identity Theft Combat

Identity theft has been on the rise as more and more customers have taken to the digital space due to the COVID pandemic. According to the Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), “About 4.8 million identity theft and fraud reports were filed by the FTC in 2020, up 45% from 3.3 million in 2019, mostly due to the 113% increase in identity theft complaints.”

Global fraud detection and prevention players are stepping up their game to combat this rise in cybercrime. According to reports, the size of the global fraud detection & prevention market in 2020 stood at $31.5 billion.

While the rising strength of the fraud detection market gives hope, it’s also crucial to understand how fraudsters are presently bypassing the checkpoints by following the typical user behavior journey.

Types of Cyber Fraud

The role of digital in our lives is expected to become even more pivotal in the coming years. From banking and shopping to education, our reliance on digital is likely to grow multifold. Fraudsters are aware of this fact, too.

Here are a few key trends that anticipate new types of fraud to help businesses keep a check on lurking cybercriminals:

  • Synthetic Identity Fraud: A fraudster uses a combination of real and fake information to create an entirely new identity or a fake account. This is presently the fastest-growing type of financial crime. 
  • Automated Attack: This includes the creation of scripts where fraudulently acquired information is used to activate fake accounts. According to a report by Experian, this fraud is expected to grow in 2021, especially as the industry moves away from usernames and passwords.
  • Account Takeover: Fraudsters pose as ‘real’ users to gain access to accounts and then share this stolen information to conduct unauthorized transactions such as third-party transfers and unauthorized purchases.
  • New Account Fraud: In this case, cybercriminals use the information to open new accounts in the name of genuine users. This is often done by accessing a customer’s personal information and using it to circumvent identity verification checks to open a new fake account.

Creating fake accounts and conducting unauthorized transactions through such accounts are possible through leaked or stolen data. New account fraud is largely seen in account transactions and credit card identity theft, where information is used to make online purchases. 

Digital transactions are on the rise. Companies that fail to up their fraud prevention techniques and online security technology are likely to suffer substantial financial losses and even lose their customers' trust. A robust security system will also enhance the overall customer experience. Fortunately, companies like Prove have a solution. 

Augmenting Identity Verification with Trust Score™

The prevalent practices to prevent identity takeover and fake accounts usually involve leveraging multi-factor authentication (MFA) using SMS-based one-time-passcodes (OTPs). While SMS OTPs serve the purpose of Possession checks, they are susceptible to interception in several ways. One such fraudulent interception, SIM swap, is on the rise globally and poses a serious threat to standard identity verification and authentication practices. Therefore, in addition to running Possession checks, it is crucial to establish the Reputation of the phone number being used for opening an account. The reputation of a phone number—providing insights into the characteristics, activity patterns, and events associated with it—is built over years of usage. This is prohibitively hard and expensive for fraudsters to replicate. Prove combines SMS OTP-based MFA with Trust Score™ to establish both Possession and Reputation, thereby reinforcing legacy authentication practices.

Mobile Auth™, which provides passive authentication, is a worthy alternative to using SMS OTPs to establish phone number possession. Mobile Auth™ uses mobile networks to verify that an activity is coming from an expected device. A highly secure capability, Mobile Auth™ works silently in the background and ensures a frictionless user experience. Several enterprises use Mobile Auth™ to adopt passwordless user experiences and digital journeys. As SMS-based OTPs increasingly come under scrutiny for their vulnerabilities in preventing sophisticated fraud, Mobile Auth™ presents an opportunity to look beyond them with an added benefit of a better and frictionless user experience.

The menace of fake accounts can be countered effectively only with the combined strength of Possession and Reputation checks. And Prove’s Trust Score™ and Mobile Auth™ are purpose-built for this.

This article is a synopsis of a full-length article originally published by Prove.