During a call with a client one day, we took some time to discuss my process when seeking to develop a new fraud method.
The example that I kept referring to looks like the attached picture.
The last column represents the end goal: cash, items, accounts, cars, houses, policies, licenses, downloads, etc.
Then the work begins:
What information is available?
Personal Information: SSNs, emails, phones, DOBs, Addresses, etc.
Payment Information: Checks, Cards, Generated Numbers, Access to accounts for funding, third-party ATOs, etc.
System Knowledge: What platforms sell the product or allow for cash outs and transfers, where can money be funneled / held / withdrawn, etc.
How can these multiple systems be combined to get the outcome that the method is seeking?
How can the fraudster maintain insulation from all of the footprints (either digital or physical).
Along this process, different requirements and different limitations are introduced, leading to the need to be nimble. This is easily accomplished when dealing with 1000’s of sets of various pieces of information.
The moral of the story is: ZOOM OUT.
What is the one thing that fraudsters have that we don’t? Access to various sets of information. 1? 10? 50?….. 1,000’s? Any number is accurate and there are no limitations placed on them (until they are busted).
Scary thoughts I know, but there are 3 steps that I prescribe we take to head them off at the pass for the operations that are under our responsibility:
Truly Holistic Fraud Prevention Strategy and Knowledge. Big words, but simple enough to work with. Assume that every process offered to a user for interaction / influence over a company’s operation will be misused. The first step is to validate information. The second is to verify authority to the information. The third step is to identify intent.
Handle volume by strategically partnering with services providers that fit the needs of your company. I’ve consulted many merchants and FI’s and discovered that far too often, “Square pegs have been sold to fill round holes” – leading to unhappy customers. The key term here is Strategy. Take the time to discover what you need and choose a vendor that has proven effective at solving that particular problem.
Collaborate. The vast majority of fraud methods that are illustrated through thought leadership channels are all similar. A fraudster used compromised information to fill out a form that we created. Transaction forms, account creations, login forms, customer service tickets…. etc.
If we work together to expand the knowledge of the collective, we will begin to see through lines between the methods and we can work to solve the problem.
Be Proactive, my friends.