If you want your fraud prevention methods to be effective, you need to think about more than stopping fraud attacks. Cost management and user experience also need to be part of your strategy so that you can scale.
When it comes to fraud risk — how much is too much?
A positive customer experience is the key to competing in digital financial services, but it can also lead to increased fraud risk. If it is easier for legitimate customers to use your products and apply for your services, then it may also be easier for fraudsters to exploit their vulnerabilities.
If your fraud checks are too lenient, your fraud risk increases dramatically. Conversely, if you adopt a zero-fraud policy, you’re likely to lose a large pool of potential customers. Your rules could be too stringent, resulting in too many false positives and subsequent rejections of creditworthy customers. Or, your platform could rely too heavily on cumbersome onboarding processes, lengthy verification processes, and transaction delays, resulting in a poor user experience (UX), drop-off, and decreased customer retention.
This guide covers:
Without these factors, there is a good chance that your fraud prevention strategies are operating in silos, which makes it more difficult to scale as you grow and introduce new services and products. Also, you will have less opportunity to catch more fraud at origination, potentially increasing the cost of fraud for your organization.
In Alloy’s State of Fraud Benchmark Report, 98% of financial organizations said that they experienced fraud in 2023. Although respondents claimed fewer fraud attacks occurred compared to the previous year’s respondents, they also recovered fewer financial losses.
Clearly, fraud is a widespread threat. Fraudsters continually test fraud prevention systems for gaps in coverage and try to discover vulnerabilities that they can exploit with coordinated fraud attacks.
Your fraud prevention systems should be able to fend off the majority of these attacks without manual intervention and without significantly impacting the customer experience.
But how? The answer is more data — and better data processes.
For some financial institutions and fintechs, adding new data sources also means overcoming data visibility, availability, and workflow challenges. That’s why data orchestration is one of the most important processes for any fraud prevention strategy.
For the latest trends in fraud prevention, download Alloy’s free State of Fraud Benchmark Report.
Without data orchestration, growing your database is easier said than done.
But what exactly is data orchestration?
Data orchestration integrates large amounts of diverse data into a unified system that makes data both more accurate and more accessible.
Instead of a multiple-point solution where different data sources are integrated, a platform that uses data orchestration allows you to run multiple data sources simultaneously.
Organizations using a data orchestration platform can easily reconfigure data sources or add new ones to help prevent fraud as they grow and scale. For example, if you are a bank launching a mobile app to attract new customers, then the number of accounts you onboard is about to increase — and so is your likelihood of fraud. (Remember, fraudsters like to continuously test for vulnerabilities. When you launch a new product, that is a whole new channel for them to explore and potentially exploit.)
With a data orchestration platform, you can quickly add the new data sources you need in anticipation of these fraudsters, then layer them into both your onboarding and ongoing monitoring processes to help protect both your customers and your business.
When all the data sources are run and analyzed in tandem, it centralizes your view of the customer. This allows you to create more holistic customer risk profiles, allowing you to stop more fraud at origination and throughout the customer lifecycle. If a fraudster does make it through your onboarding process (because that will happen), these profiles also make it easier to spot discrepancies in behavior, so you can stop fraud as soon as possible.
Get a better idea of how to choose a data orchestration platform.
More sophisticated fraud attacks are becoming increasingly common. Fraudsters are using artificial intelligence (AI) to create more synthetic identities, deep fakes, and phishing scams than ever before. That is why it is important to shift your fraud prevention strategies from transaction-centric to identity-centric models that focus on identifying fraud throughout the customer lifecycle rather than just at onboarding or at the time of transactions.
You must remember — there is always a person behind the fraudulent actions. If you can identify the person, you can stop fraud much faster. You will also be able to:
Consider an identity-based approach that splits applicants into three groups:
Using multiple data sources via data orchestration allows you to determine which group any given applicant falls into. Applicants who are clearly safe or clearly risky can be auto-approved or auto-denied, respectively, without affecting the UX of your application.
If you can't confidently auto-approve or auto-deny an applicant using standard data sources, you can send them through a self-cure step-up authentication process. If the applicant cannot successfully pass the step-up, you can manually review their application. For applicants who pose a low fraud risk, another option is to allow them to onboard with more limited access to account features and closely monitor their behavior with a machine learning (ML) model.
Data sources are one of the most important resources in your fraud prevention toolkit. Like any tool, some data sources are built for specific purposes, while others can be used broadly. While every customer might not require every data source, no one data source is sufficient to adequately address the whole spectrum of fraud risk.
These are the key questions that your data sources can answer about an applicant:
The tools at your disposal will depend on the vendors you use. Most data sources for fraud prevention fall under one of the following categories:
Generally, each data type is suited to a different purpose — whether that’s third-party fraud detection, bot detection, or catching synthetic identities. Generally, data types can be mapped to the key questions indicated below. You may have access to multiple fraud prevention tools within each data type, and each tool may vary in terms of specific fraud use cases and cost structure.
Keep in mind that multiple data types may attempt to answer the same question. For instance, behavioral data and device data both provide bot detection. This is not necessarily redundant because behavioral and device data approach bot detection differently.
What about applicants who fall somewhere in between clearly risky and clearly safe? They may be a legitimate applicant who is part of a traditionally underbanked population — like a young student with a thin credit file or an immigrant who is new to the country — or they could be fraudulent.
This is where step-up verifications can help you tell the difference. Requiring a scan or image of ID documents, along with a selfie or liveness test for comparison, adds friction to the customer experience. It’s not likely that you will want to put every applicant through that process. But step-up verifications provide the following:
In short, some applicants will fall between clearly risky and clearly safe.
Step-up verifications are designed to give these applicants a second look. They effectively de-risk your applicant pool by identifying those who cannot be auto-approved.
Graduated onboarding involves opening the account for these applicants but stops short of granting access to every feature. For 60 or 90 days, watch these customers closely for potential signs of fraud. If, by the end of this period, the customer has behaved normally and hasn’t raised fraud flags, then grant them full access (with ongoing fraud monitoring in place).
Fraudsters are increasingly exploiting vulnerabilities in financial institutions’ fraud checks post-day zero. For instance, a fraudster might use a ‘clean’ stolen ID to pass standard onboarding checks and then alter their contact details to gain more control over the account. This is why extending the same robust fraud and AML monitoring for your account opening process beyond day one is critical to fraud prevention.
At Alloy, we recommend implementing close monitoring protocols post-onboarding to combat fraud risk during the new account period. You can do this by re-screening new client information or deploying friction-right step-up verification once high-risk activities are detected by your ML model.
Here’s how a multi-layered approach to fraud prevention might work in practice:
Risks like these may be enough to warrant freezing an account for investigation. Alternatively, you could follow up with a request for proof of address to give you more confidence in the identity of the user.
This approach works for deepening your relationships with “good” customers, too. If, by the end of the initial 60-to-90-day period, the customer has behaved normally and hasn’t raised fraud flags, then you can automatically grant them full access to their account features using Alloy’s Entity Fraud Model: our ready-to-go ML fraud model for banks and fintechs.
As fraud and compliance evolve, we continuously update our product to serve our customers. Alloy's best-in-market solution, Onboarding Plus, is an extension of our current onboarding infrastructure that empowers you to extend identity checks to address threat vectors beyond origination. OnboardingPlus is a scalable alternative to rejecting risky applicants outright, allowing you to onboard more customers with less risk during high-risk ongoing events.
When it comes to scaling your fraud prevention strategies, keep these four factors in mind:
Understanding fraud means also understanding identity and all the tools at your disposal. A successful fraud prevention strategy will empower you to balance customer experience and fraud risk, approving as many legitimate customers as possible — while keeping them safe and your business secure.