How to scale your fraud prevention

If you want your fraud prevention methods to be effective, you need to think about more than stopping fraud attacks. Cost management and user experience also need to be part of your strategy so that you can scale. 

When it comes to fraud risk — how much is too much?

A positive customer experience is the key to competing in digital financial services, but it can also lead to increased fraud risk. If it is easier for legitimate customers to use your products and apply for your services, then it may also be easier for fraudsters to exploit their vulnerabilities.

If your fraud checks are too lenient, your fraud risk increases dramatically. Conversely, if you adopt a zero-fraud policy, you’re likely to lose a large pool of potential customers. Your rules could be too stringent, resulting in too many false positives and subsequent rejections of creditworthy customers. Or, your platform could rely too heavily on cumbersome onboarding processes, lengthy verification processes, and transaction delays, resulting in a poor user experience (UX), drop-off, and decreased customer retention.

This guide covers: 

  • The necessity of data orchestration to scaling fraud prevention
  • The importance of prioritizing identity over transactions
  • How to efficiently auto-deny and auto-approve customers
  • Practices for extending your onboarding controls past day one, including using step-up authentication to approve and service more good customers while keeping your fraud risk under control

Without these factors, there is a good chance that your fraud prevention strategies are operating in silos, which makes it more difficult to scale as you grow and introduce new services and products. Also, you will have less opportunity to catch more fraud at origination, potentially increasing the cost of fraud for your organization. 

The current state of fraud

In Alloy’s State of Fraud Benchmark Report, 98% of financial organizations said that they experienced fraud in 2023. Although respondents claimed fewer fraud attacks occurred compared to the previous year’s respondents, they also recovered fewer financial losses. 

Clearly, fraud is a widespread threat. Fraudsters continually test fraud prevention systems for gaps in coverage and try to discover vulnerabilities that they can exploit with coordinated fraud attacks.

Your fraud prevention systems should be able to fend off the majority of these attacks without manual intervention and without significantly impacting the customer experience. 

But how? The answer is more data — and better data processes. 

For some financial institutions and fintechs, adding new data sources also means overcoming data visibility, availability, and workflow challenges. That’s why data orchestration is one of the most important processes for any fraud prevention strategy. 

For the latest trends in fraud prevention, download Alloy’s free State of Fraud Benchmark Report. 

Why data orchestrational is critical

Without data orchestration, growing your database is easier said than done. 

But what exactly is data orchestration? 

Data orchestration integrates large amounts of diverse data into a unified system that makes data both more accurate and more accessible. 

Instead of a multiple-point solution where different data sources are integrated, a platform that uses data orchestration allows you to run multiple data sources simultaneously.

Organizations using a data orchestration platform can easily reconfigure data sources or add new ones to help prevent fraud as they grow and scale. For example, if you are a bank launching a mobile app to attract new customers, then the number of accounts you onboard is about to increase — and so is your likelihood of fraud. (Remember, fraudsters like to continuously test for vulnerabilities. When you launch a new product, that is a whole new channel for them to explore and potentially exploit.) 

With a data orchestration platform, you can quickly add the new data sources you need in anticipation of these fraudsters, then layer them into both your onboarding and ongoing monitoring processes to help protect both your customers and your business.  

When all the data sources are run and analyzed in tandem, it centralizes your view of the customer. This allows you to create more holistic customer risk profiles, allowing you to stop more fraud at origination and throughout the customer lifecycle. If a fraudster does make it through your onboarding process (because that will happen), these profiles also make it easier to spot discrepancies in behavior, so you can stop fraud as soon as possible.  

Get a better idea of how to choose a data orchestration platform.

Prioritize identity over transactions

More sophisticated fraud attacks are becoming increasingly common. Fraudsters are using artificial intelligence (AI) to create more synthetic identities, deep fakes, and phishing scams than ever before. That is why it is important to shift your fraud prevention strategies from transaction-centric to identity-centric models that focus on identifying fraud throughout the customer lifecycle rather than just at onboarding or at the time of transactions. 

You must remember — there is always a person behind the fraudulent actions. If you can identify the person, you can stop fraud much faster. You will also be able to: 

  • Better identify fraud types 
  • Tailor fraud prevention methods to address vulnerabilities 
  • Create better fraud risk mitigation across different channels

Consider an identity-based approach that splits applicants into three groups:

  1. Applicants you definitely want to approve
  2. Applicants you definitely want to deny
  3. Applicants that need to go through a step-up authentication process and/or a manual review

Using multiple data sources via data orchestration allows you to determine which group any given applicant falls into. Applicants who are clearly safe or clearly risky can be auto-approved or auto-denied, respectively, without affecting the UX of your application.

If you can't confidently auto-approve or auto-deny an applicant using standard data sources, you can send them through a self-cure step-up authentication process. If the applicant cannot successfully pass the step-up, you can manually review their application. For applicants who pose a low fraud risk, another option is to allow them to onboard with more limited access to account features and closely monitor their behavior with a machine learning (ML) model.

Using complementary data sources

Data sources are one of the most important resources in your fraud prevention toolkit. Like any tool, some data sources are built for specific purposes, while others can be used broadly. While every customer might not require every data source, no one data source is sufficient to adequately address the whole spectrum of fraud risk.

These are the key questions that your data sources can answer about an applicant:

  • Is this application created by a bot?
    The first step should be preventing bots from entering your system, even before you collect any applicant’s personally identifiable information (PII).

 

  • Is the person on the application real?
    To prevent synthetic identity fraud, you need to verify that the applicant is a real person. Data sources that offer fraud scoring automatically flag potentially fraudulent PII or suspicious activity.

 

  • Is the named customer filling out the application themselves?
    To prevent third-party fraud, use data sources that can detect identity theft. These tools trigger step-up verifications or a manual review, even if a fraudster is using legitimate PII that belongs to someone else, like in certain cases of synthetic identity fraud.

The tools at your disposal will depend on the vendors you use. Most data sources for fraud prevention fall under one of the following categories:

Fraud types

Generally, each data type is suited to a different purpose — whether that’s third-party fraud detection, bot detection, or catching synthetic identities. Generally, data types can be mapped to the key questions indicated below. You may have access to multiple fraud prevention tools within each data type, and each tool may vary in terms of specific fraud use cases and cost structure.

Fraud types chart

Keep in mind that multiple data types may attempt to answer the same question. For instance, behavioral data and device data both provide bot detection. This is not necessarily redundant because behavioral and device data approach bot detection differently.

Using automated step-up verifications and robust post-onboarding checks to stop fraud

What about applicants who fall somewhere in between clearly risky and clearly safe? They may be a legitimate applicant who is part of a traditionally underbanked population — like a young student with a thin credit file or an immigrant who is new to the country — or they could be fraudulent.

This is where step-up verifications can help you tell the difference. Requiring a scan or image of ID documents, along with a selfie or liveness test for comparison, adds friction to the customer experience. It’s not likely that you will want to put every applicant through that process. But step-up verifications provide the following: 

  • A way for good applicants to prove their identity while keeping bad actors at bay 
  • An opportunity to uncover a significant amount of fraud using more secure methods than knowledge-based authentication
  • A self-serve route that reduces the load on operational teams who otherwise would need to review every single application

In short, some applicants will fall between clearly risky and clearly safe. 

Step-up verifications are designed to give these applicants a second look. They effectively de-risk your applicant pool by identifying those who cannot be auto-approved.

Graduated onboarding involves opening the account for these applicants but stops short of granting access to every feature. For 60 or 90 days, watch these customers closely for potential signs of fraud. If, by the end of this period, the customer has behaved normally and hasn’t raised fraud flags, then grant them full access (with ongoing fraud monitoring in place).

How to mitigate new account fraud? 

Fraudsters are increasingly exploiting vulnerabilities in financial institutions’ fraud checks post-day zero. For instance, a fraudster might use a ‘clean’ stolen ID to pass standard onboarding checks and then alter their contact details to gain more control over the account. This is why extending the same robust fraud and AML monitoring for your account opening process beyond day one is critical to fraud prevention.

At Alloy, we recommend implementing close monitoring protocols post-onboarding to combat fraud risk during the new account period. You can do this by re-screening new client information or deploying friction-right step-up verification once high-risk activities are detected by your ML model

Here’s how a multi-layered approach to fraud prevention might work in practice: 

  • Let’s say a fraudster has successfully managed to bypass your onboarding controls using a stolen ID. 
  • They attempt to change the address on file to their own to prevent your organization from contacting the real ID owner. 
  • Once the fraudster tries to change the address, Alloy can trigger an automatic KYC refresh, flagging any associated risks with this new PII — for example, if updates to a residential address actually match a commercial address. 

Risks like these may be enough to warrant freezing an account for investigation. Alternatively, you could follow up with a request for proof of address to give you more confidence in the identity of the user. 

This approach works for deepening your relationships with “good” customers, too. If, by the end of the initial 60-to-90-day period, the customer has behaved normally and hasn’t raised fraud flags, then you can automatically grant them full access to their account features using Alloy’s Entity Fraud Model: our ready-to-go ML fraud model for banks and fintechs. 

As fraud and compliance evolve, we continuously update our product to serve our customers. Alloy's best-in-market solution, Onboarding Plus, is an extension of our current onboarding infrastructure that empowers you to extend identity checks to address threat vectors beyond origination. OnboardingPlus is a scalable alternative to rejecting risky applicants outright, allowing you to onboard more customers with less risk during high-risk ongoing events. 

When it comes to scaling your fraud prevention strategies, keep these four factors in mind:

  1. Data orchestration is critical to fraud risk mitigation, helping create more holistic customer profiles. 
  2. Prioritize identity over transactions to stop more fraud at origination.
  3. Use step-up verification to approve more applicants while decreasing both fraud risk and customer friction.
  4. Retrigger your fraud and AML checks from account opening beyond onboarding.

Understanding fraud means also understanding identity and all the tools at your disposal. A successful fraud prevention strategy will empower you to balance customer experience and fraud risk, approving as many legitimate customers as possible — while keeping them safe and your business secure.

Alloy is an end-to-end, omnichannel Identity Risk Solution that helps you manage fraud, credit, and compliance risks throughout the customer lifecycle.

More on fraud

See what you’re missing

First, we’ll learn about your needs, answer your questions, and then see how Alloy can help.
Back