How Account Abuse Became Fraud’s New Normal and How You Can Stop ItWebinar I August 5, 2020

2

Dan Jiao - Director, Asia Pacific Sales at Ekata

Speaker Introductions

Jeff Sakasegawa - Trust & Safety Architect at Sift

3

Agenda

• Trends & Challenges

• Account Protection Analysis

• Dynamic Friction Solution

Poll Question: Which industry do you best

represent?

Trends & Challenges

6

Synthetic Identity - A “Real” ImposterDate of BirthAugust 5, 1980

NameDaniel Jiao

Address1301 5th AvenueSeattle, WA 98101

Social Security Number (Government ID) 555-99-1212

Phone Number(206) 555-1212

SYNTHETIC IDENTITY

7

Synthetic Identity Is A Growing Global Issue

8

Typical Fraudster Behavior Differs …

Find or steal credit card (or other payment) details

Impersonate the owner

Have access to the delivery point (email address or physical address)

Combine government ID with fake identity attributes

Establish a credit history

“Bust out” – max out credit line without an intention to repay

STOLEN IDENTITY FRAUD SYNTHETIC IDENTITY FRAUD

123

123

9

… Leading To Different Risk Signals

Stolen Identities Synthetic Identities

Data inconsistencies

Fraud velocity

Historical fraud ban lists

Low signal High signal

10

Why Fighting Synthetic Identity Fraud Is Hard

DETECTION AND CATEGORIZATION

TOOLS AND EXPERIENCE

FRAUDSTER SOPHISTICATION

● Nurtured identities● Established credibility● Do not exhibit initial risk● No direct impact

● Ineffective fraud tools● Lack of experience● Lack of knowledge sharing● Poor detection methods

● Patience● Larger scale fraud● Act legitimately● Defend its identity

11

Other Anticipated Challenges

Information used for fraud prevention may be harder to get as regulation and

consumer sentiments shift in the future

● Decrease in website data● Limited access to IMEI for device tracking● Rise of virtual cards● Heightened privacy laws and regulations (e.g. GDPR)

12

Why Does This Matter?

• Challenges are REAL

• Synthetic identity fraud is GROWING

• Banking alternatives are on the RISE

• Traditional techniques FALL SHORT

The Customer Account Journey

The Account Lifecycle

Your Name

Email Address

Phone Number

Password

**********

Register

Customer creates account

Email Address

Password

Login

Customer logs in Platform is used or transactions are made

Account modifications may happen here

Account Opening Fraud Account Takeover (ATO) Fraud

15

Common Issues Across Verticals

eMerchants

Transaction fraud

Travel Industry

Loyalty fraud

Financial Institutions

Loan defaults

Sharing Economy

Bad behavior and promotion abuse

Social Platforms

Phishing and social engineering attacks on other accounts

Account Opening

17

Account Opening Basics

• Varying levels of required inputs for new accounts

• Customers expect a frictionless experience

• Fraudsters becoming more sophisticated

Your Name

Email Address

Phone Number

Password

**********

Register

18

************

************

************

************

************

Register

Account Opening Fraud On The Rise

• As online activities continue to climb, so does fraud –

and it starts with account opening

• Fraudsters take advantage of stolen or synthetic

identities to create fake accounts

$3.4Bin account opening fraud losses in the U.S. Source: Javelin 2019 Identity Fraud Study

Account Takeover

20

Account Takeover (ATO) Basics

• ATO is when a fraudster obtains a legitimate user’s account details in attempt to take over their online accounts

• Fraudsters attempt this by:

• Credential stuffing using account data purchased on

the dark web

• Leveraging account recovery services

• Phishing or social engineering

Email Address

Password

Login

21

ATO Behavior And Its ImpactA fraudster may attempt to:

• Change account details

• Make fraudulent purchases

• Attack additional accounts owned by

the user

300%Largest spike of ATO growth from previous 5 yearsSource: Rippleshot Study – State of Card Fraud: 2018

Resulting in:

• The merchant experiencing customer

churn, reputational damage, and

monetary losses

• The customer experiencing loss-of-trust

and the potential for additional accounts

being compromised

$4B In losses from ATO fraud in 2018

Source: Javelin 2019 Identity Fraud Study

Poll Question:Where does your business put

the most resources for preventing account abuse?

Dynamic Friction Solution

24

Accuracy Driven By Data Delivered At Speed

At any given point in the user journey:

• First and third party data sources

• Assess risk based on fraud type(s)

Leverage machine learning to have the most up-to-date fraud prevention

25

Data Needs for Comprehensive Risk Assessment

Device fingerprintingBehavioral biometricsUser inputted identity data

Third

Par

ty D

ata

Ban ListsProduct/SKU DataCRM History

Firs

t Par

ty D

ata

26

Layering Solutions Is Critical

SIFT SCORE

Risk-based insights to both prevent fraud attempts and provide frictionless experience

SYNTHETIC IDENTITY

EKATA IDENTITY RISK INSIGHTS

27

Examples Of How Layering Data Helps

• It takes two to tango

• Fraudsters duplicate

• Excuse me, you are who now?

• Post hoc analysis

28

Dynamic Friction For Account OpeningUtilize Dynamic Friction to alter onboarding based on trust/risk level

Additional DocumentationUpload passport,

driver’s license, etc.

Further VerificationSMS OTP, email, or

manual review

Block Sign UpPrevent the registration from happening entirely

Sift ScoreEkata Identity Risk Insights

Known Good

HighRisk

FrictionlessStreamlined account creation

Email Address

Create Password

Register

29

Dynamic Friction For Account LoginUtilize Dynamic Friction to alter login experience based on trust/risk level

Frictionless

Ideal, streamlined login

Watch ListPeriodically review

high-value accounts

Trigger 2FA

SMS OTP, email, voice, or biometric

Block LoginReset password or

escalate

Sift ScoreEkata Identity Risk Insights

Known Good

HighRisk

Email Address

Password

Login

30

Agenda

• Combat account opening and account takeover fraud across the user journey

• Uplevel your company’s intelligence to combat synthetic identities

• Leverage Dynamic Friction to customize experiences based on risk assessment

Concluding Thoughts

Questions?