Content Library

On the front lines of a fraud attack

Fraud front lines 2

Fraud is an inevitable evil. Our clients will always see some level of ambient fraud — which is the small-scale fraud that financial institutions (FIs) see on a consistent basis. If/when ambient fraud identifies holes in their processes, it can turn into an orchestrated fraud attack very quickly, making it essential to respond as soon as possible. Many of our clients choose Alloy because they look at us as the industry’s leader in fraud prevention. I find that most of my clients have implemented all of our best practices into their fraud prevention processes and don’t think twice about it. However, we have other clients who are a bit more hesitant to take our suggestions wholeheartedly. I certainly understand that their business is on the line, and they have their own compliance and risk operations teams that bring with them their own perspective and experience. They recognize Alloy’s value, but there is still a lot of trust that needs to be built. And that takes time.

Whether or not they took our guidance out of the gate, one thing remains the same: when a client is under a fraud attack, and their security measures failed to stop the attack, they turn to Alloy as their trusted advisor to help end the attack fast.

You’re under a fraud attack. Now what?

A few months ago, on a typical Monday morning, I received an urgent email from one of my clients who had seen a big spike in new applications over the weekend and had determined that the bulk of those applications were fraudulent in nature — I’m talking a 1642% spike in applicants big. Massive, unexpected spikes in volume usually mean one thing: a fraud attack. Everything else on my list took a back seat, and this client quickly became my top priority for the day.

By the time I had read their email that morning, they had already taken their product offline. They stopped all new applications while they were scrambling to figure out how to respond. This client had implemented lighter-weight fraud controls than we typically recommend, and suddenly they found that the measures they had in place did not hold up to a fraud attack. I jumped on a call with them right away to find out more information and start putting together an action plan to stop the fraud and get them back online.

Your dedicated fraud response team

I’d love to end this story by saying that I jumped into their dashboard, found out the issue, made some workflow changes, and provided some recommendations to future-proof their business. Sophie to the rescue!! But fraud prevention is a team sport — and fortunately, Alloy has a team of experts ready to help.

I brought together our CEO, Tommy Nicholas, and members of the implementations and solutions architecture teams to build a fraud response task force for the client. Together, we worked through the steps Alloy has honed to respond to fraud attacks:

  1. Triage: We investigated and identified the type of fraud they were seeing.

  2. Discovery: We evaluated their existing workflows to find the gaps that let the fraud through in the first place.

  3. Remediation: We presented our findings and gave specific recommendations that the client could immediately implement to stop the current fraud attack and prevent future ones. Then, we helped the client make the changes they felt confident with.

In this case, we recommended:

  • Adding data sources: We performed retroactive studies to implement new data vendors that specialized in protecting FIs against the type of fraud we identified. As a result, we got them live with the new data sources in just a few days.

  • Collecting more data points: Many fraud vendors and scores improve their performance as more data is collected — particularly device and network data that can be collected passively. We helped the client install, configure, and enable a third-party device analysis SDK to enhance their fraud capture performance with existing vendors.

These two recommendations were enough to get their product back online and safe from the worst of the fraud attack they were experiencing. In most cases, we can help clients triage and remediate the worst of a fraud attack in hours or, at worst, a few days. However, stopping the bleeding is just one part of the equation. Alloy doesn't just want to help clients stop fraud — we want to improve conversion and customer experiences as well!

We use our experience to help clients think through future-proofed strategies that will get them beyond "stopping the bleeding" and towards a position that is proactively in control. This allows them to identify fraud more precisely and avoid false positives.

Here are some more things we recommend to strengthen your fraud detection practices:

  • Pre-submit data: Implementing behavioral intelligence tools that track user behaviors before the user submits an application is a critical practice that companies often either overlook entirely or don't use properly to differentiate between risky and genuine applicants.

  • Dynamic step-up verification: Clients rarely have a sophisticated answer to the question, "What happens when we DO suspect a client is fraudulent?" Usually, they perform manual investigations on these applicants, send them through a generic document verification flow, or simply decline them outright. We recommend clients take a more nuanced approach where applicants are sent to the correct next step (review, document verification, phone-based verification, etc) based on the specific risks they pose. Our Journeys features and deep roster of partners make this easy!

  • Final Outcomes: Fraud is a team sport, as we said above! We recommend clients send regular final outcomes — ideally in an automated fashion — so both Alloy and your other partners can help you stay on top of fraud trends in your data that you should be aware of or respond to.

A lot of folks see Alloy as just a fraud and risk management tool. The fact of the matter is that we have a huge, talented and experienced team of data, risk and fraud experts ready to roll up their sleeves and fight against fraud with you. Our large client base comes with a lot of data, which our skilled team analyzes to develop best-in-class recommendations for many different use cases. As time marches on, so does the robust data with it, which helps us make better, strategic decisions in the war against fraud. And the people who benefit the most from our knowledge and expertise are our customers. We're here as a resource for our clients, and I’m lucky enough to be on the front lines.

Not sure what to do when you’re under a fraud attack?

Related content