Share
A brief history of the evolution of fraud technology
Online fraud can feel like a never-ending game of cat and mouse, with fraudsters constantly trying to stay one step ahead and fraud technology racing to catch them.
Practically every day, fraudsters find new ways to exploit weaknesses in security systems for their own gain. Meanwhile, banks and fintechs must stay vigilant and adaptive.
To make fraud prevention even more complicated, as banks and fintechs keep up with fraudsters, they also need to meet consumer expectations. Consumers have grown accustomed to the instantly gratifying digital experiences offered by companies like Uber and Amazon, and they expect a similarly seamless experience when they open online financial accounts. But delivering that type of customer experience is far from straightforward. The complex nature of opening a financial account just isn’t the same as purchasing a book online or requesting a ride share.
In The Identity Decisioning Imperative, a 2022 report Alloy commissioned from Forrester, 64% of leaders at enterprise banks said a growing proportion of their customers expect fast, fully-digital experiences, and 65% said that, increasingly, fraudulent applicants are outmaneuvering their identity decision protocols. Banks and fintechs must grapple with the challenge of providing a frictionless and secure onboarding process and digital banking experience while also safeguarding against the increasingly sophisticated and evolving techniques used by fraudsters.
If we take a look at the evolution of fraud technology over the past two decades, it helps us gain a better understanding of how banks and fintechs can break that cycle, maintain their customers’ trust, and continue to keep up with customer expectations for the onboarding experience—even as new threats emerge.
The chase begins: the rise of online fraud
The adoption of online banking services, including online account opening, has experienced unprecedented growth over the last 20 years. The result has been a rapid increase in banks’ demand for deposit dollars through digital channels, alongside the emergence of numerous digital-only banks and fintech banking apps — also known as neobanks — in the market.
In 1994, Stanford Federal Credit Union was the first financial institution to offer internet banking to all of its US customers. It was followed closely by Presidential Bank, which gave customers online account access in 1995. By the early 2000s, almost all traditional banks began to offer online account opening services to their customers.
The rise of fintech companies also pressured banks to improve their digital experiences to remain competitive. Fintechs provided consumers with access to new, innovative digital financial services — for example, digital wallets, peer-to-peer lending, budgeting apps, and cryptocurrency exchanges — that traditional banks were slow to adopt. Traditional banks had to invest in technology, create new digital channels and features, and partner with fintech companies to meet customers’ changed expectations.
This led to an increase in the number of neobanks banks and a shift towards more convenient and accessible banking experiences for customers. By 2009, the first all-digital banks, Ally and Simple, had already appeared in the US. Ultimately, the rise of fintech forced traditional banks to adapt and embrace new technologies to meet changing customer needs.
As more and more transactions move online, fraudsters have adapted to exploit vulnerabilities in online systems. Like a mouse tunneling through the walls, they use a variety of methods to steal personal and financial information — such as hacking, malware, phishing attacks, and social engineering scams — to find the best pathways and exploit weaknesses. Fraudsters will continuously test a bank or fintech's fraud controls. This type of fraud is also called ambient fraud, and often goes unnoticed at first. However, once a fraudster finds a gap in fraud controls, they will take advantage of it and cause significant damage. Mobile devices, in particular, have become a prime target as mobile online transactions have increased.
This rise in online fraud led to the emergence of new fraud technology, which includes tools and techniques to prevent, detect, and mitigate fraudulent activities.
Early days of fraud tech: dependence on consortium tools
When opening an account online first became a widespread option, banks primarily relied on consortium tools, Ilike FIS Global solutions’ QualiFile® and ChexSystems®, and large credit bureaus to run compliance and know your customer (KYC) checks. These systems matched individuals' personally identifiable information (PII) to a record in their system and relied on traditional credit scoring, but they weren’t well-equipped to serve every market.
Certain consumer segments — like young people and individuals who are new to the country — have limited or no credit history, which made it difficult for consortium tools to assess their risk and eligibility. This led to low automatic approval rates and poor customer experiences, which banks and credit unions had to tolerate due to the lack of other fraud tech options. At the same time, a large number of data breaches provided fraudsters with access to the same datasets, which they were quick to exploit.
Single-point solutions emerge
Over time, single-point solutions like iovation helped banks better understand the risks associated with an IP address, email, or phone number. A single-point solution operates by focusing on a specific data point, such as device intelligence, email risk assessment, or identity verification. Then, it provides a signal score for that data point. Signal scores are used to indicate the likelihood that a given data point is accurate or relevant based on the data source, the level of verification, and the historical accuracy of similar data points.
Banks and fintechs started to combine various single-point solutions that focused on different points with their existing systems and layer additional controls linearly to mitigate fraud. This fragmented approach was inefficient for multiple reasons:
The more solutions organizations added, the more complex and unwieldy their fraud detection protocols became, which made it difficult to manage and improve the accuracy of fraud detection.
Different single-point solutions provided different signals and scores, making it difficult to determine which signals and scores were most important and which should be given the most weight.
Layering single-point solutions only decreases the number of applicants you can accept and often leads to false positives.
Finally, with each solution focusing on its own narrow area of expertise, banks still lacked a holistic view of fraud prevention across the organization.
Then, there was the fact that single-point tools primarily focused on risk reduction, rather than improving conversion or enhancing the customer experience. Unnecessary cancellations and delayed transactions led to frustrated customers and – combined with high rates of false positives – revenue losses for banks and fintechs, which delayed industry growth and slowed down access to banking services.
A new fraud frontier: the increased use of AI
Another significant development in the evolution of fraud technology is the increased use of artificial intelligence (AI) and machine learning. Fraudsters use AI and machine learning algorithms to analyze large amounts of data and detect patterns that can be used to commit fraud. These technologies allow fraudsters to identify vulnerabilities in security systems and quickly adapt to changes in security protocols.
On the flip side, AI has also become an indispensable tool in the fight against fraud. AI enables more advanced and sophisticated methods of fraud detection and prevention through the use of predictive models and fraud scores.
The effect of predictive models and fraud scores
Predictive models use machine learning to identify patterns and unexpected behaviors in transactional data. Through the use of historical data and other data analytics, these models learn from past fraud attempts and continuously improve their ability to identify potential fraud and improve the accuracy of fraud detection.
Providers like ID Analytics®, Ekata, Socure, and SentiLink entered the market and enabled banks to combine signals from multiple single-point providers into a single signal score that could inform fraud scores and decision-making.
Fraud scores are numerical values assigned to a transaction or an individual to indicate the likelihood of fraud. They are typically calculated based on various data points and analytics—including device information, geolocation, user behavior, and historical fraud patterns—to evaluate risk and to decide whether to approve, deny, or flag a transaction for further review.
Predictive models and fraud scores enable real-time fraud prevention by proactively flagging potential fraud issues. This also reduced the manual effort required to review transactions.
However, these models still had limitations, as fraudsters continued to use AI to learn how to mimic the behavior of legitimate users.
The introduction of device and biometric technologies
The rise of predictive models and fraud scores also helped drive the development and adoption of device and behavioral biometrics in fraud prevention. Device and behavioral biometrics offer more reliable ways to verify user identity and detect fraudulent activity, since they’re based on unique physical and behavioral characteristics that are more difficult for fraudsters to replicate.
Device biometrics, such as fingerprint or facial recognition, verify that the person accessing an account or performing a transaction is the authorized user and not a fraudster with stolen credentials.
Behavioral biometrics, such as keystroke dynamics or mouse movements, identify patterns of behavior that are unique to each user and detect deviations that may indicate fraudulent activity.
As a result, these technologies have become an increasingly important part of fraud prevention strategies for many banks and fintechs.
HOT TIP
To best leverage device and biometric technologies, banks and fintechs should use web tags — or pieces of code embedded in website pages to collect specific information about users interact with the site. This information can include page views, clicks, and mouse movements and can be used to analyze user behavior and identify patterns that could indicate fraud. For example, if a user's mouse movements are erratic, or they're clicking buttons too quickly, this could be a sign of an illegitimate user.
Combining web tag data with other biometric signals, like device fingerprinting and IP geolocation, helps build a more comprehensive picture of user behavior that can be used to prevent fraud.
The future of fraud prevention technology
The moral of this (hi)story is, in the evolving landscape of fraud prevention, there isn’t a “silver bullet” solution. It’s a complex problem, and a linear approach isn’t good enough. The use of data orchestration tools, which collect, combine, and synthesize data from many different sources, enables organizations to make better decisions and take quicker actions. An Identity Decisioning Platform (IDP) is a data orchestration tool that provides an end-to-end system for identity and risk management decisions from onboarding and beyond. IDPs connect to multiple data sources using a single API, enabling organizations to:
View all of their identity and risk data in one dashboard
Easily test and add new data sources
Set custom workflows as well as logic and risk thresholds
Understand customers and their behaviors from day one
Continuously monitor for fraudulent activities
Review flagged activity, collaborate with other team members, and make approval or denial decisions from a simple user interface
Partner with fraud mitigation experts who have a deep understanding of fraud trends, tools, and techniques to stay ahead of the constantly evolving fraud landscape
Combine onboarding data with ongoing fraud monitoring data
Fraud doesn’t stop at onboarding. Increasingly, fraud prevention tools will need to cover the full scope of the customer lifecycle. During onboarding, banks and fintechs will assign risk scores to each applicant. After onboarding, they will evaluate and adjust those risk scores with ongoing biometric, device, and transactional data to build an evolving risk profile for each of their consumers. This allows banks and fintechs to expand their thresholds for onboarding riskier applicants by keeping rigorous, holistic oversight on them after onboarding. The more signals, or pieces of information, that are collected during the onboarding process, the more data there is to use for ongoing fraud detection and prevention.
Flexibility is paramount
The evolution of fraud prevention technology is far from over. Fraudsters will continue to innovate and evolve, and so will fraud prevention technology providers. The key to staying on top of all these changes is having a data orchestration tool that allows you to quickly test and add new tools into the mix to improve your fraud prevention without sacrificing your conversion rates.
IDPs allow banks and fintechs to gather more customer data and detect fraudulent behavior with higher accuracy while reducing false positives and manual workloads. In the game of cat and mouse between fraudsters and fraud technology, an IDP seals the mouse holes, teaches the cat better hunting skills, and scares off any other pests lurking around—all at the same time.