The News:
Digital fraud continues to rise across a variety of industry groups, according to the TransUnion 2023 State of Omnichannel Fraud Report, with the study indicating that 4.6% of all customers’ digital transactions globally were suspected to be fraudulent. However, because the number of transactions conducted digitally has dramatically risen in the last few years, the total volume of suspected digital fraud attempts has increased by 80% from 2019 to 2022 on a global basis, while rising 122% for digital transactions originating in the U.S. during that time.
Globally, the gaming and retail industries saw the highest rate of suspected digital fraud at 7.5% and 7.2%, respectively, followed by video gaming (5.4%), financial services (4.2%), and communities, such as dating sites (4.0%). The highest rate of growth globally since 2019 was observed in the travel & leisure industry, which saw a 117% increase in suspected digital fraud globally as more consumers looked to resume traveling following the pandemic period.
You can view the original press release highlighting fraud rates across several verticals here.
Understanding typical customer engagement patterns and then quickly identifying anomalies is a key strategy for identifying potential instances of fraud. By also incorporating contextual data around each interaction, which can include geolocation data, customer preferences, device types, login times and frequency counts, as well as other publicly available data about customers, organizations can more easily fight fraud while continuing to drive customer engagement.
Using Contextual Data to Fight Fraud While Improving Customer Experiences
Analyst Take:
The use of an omnichannel communication platform can provide significant benefits to customer-facing organizations, based on the ability to get a 360-degree view of a customer and all their interactions with the company across any channel. But with fraud rates on the rise across many industry segments, the contextual data that is available through these omnichannel platforms can also be used to quickly spot and stop fraudulent activity.
Contact center, customer relationship management (CRM), customer data platform (CDP), and analytics platforms and software can be utilized to capture, store, and surface contextual information, which can then be used to create customer profiles outlining their typical behavior patterns. If interactions or transactions occur that do not fit these typical behaviors, fraud alerts can be created that are based on risk assessments, rather than a blanket layer of additional customer steps, which can create friction and impact customer experience.
Using Contextual Data to Uncover Fraud in Retail Stores
Retail organizations are often the targets of fraud, according to the Transunion study. As such, contact center software solutions, such as those from Genesys, Five9, Zendesk, and others can help detect scams that are based around the growing use of the buy-online, pick-up-in-store (BOPIS) model. For example, a fraudster will order a product online, and then pick it up in a nearby retail store. However, before they walk out of the store with the product, the criminal will call customer service and cancel the order, hoping that the retailer’s systems are not updating in real time, which would alert them that customer picked up the product but is receiving a refund. By incorporating real-time tracking of customer’s journey, organizations can spot this type of activity and flag it, ensuring that an agent or fraud professional investigates the refund before it is issued.
If it is a legitimate return (such as the customer quickly realized that the item purchased was incorrect), incorporating an additional contact with the customer is an opportunity to provide additional service, upsell or cross-sell additional products, or collect feedback on their recent experience. Additional customer contact also can be an opportunity to reinforce and remind customers to take certain precautions to fight fraud.
To enable this function, it is imperative that all customer journey information can be easily surfaced and accessed in real time. CDPs such as those from Twilio, Tealium, and Insider, among others, can ensure that data is not locked in silos and can be easily available.
Utilizing Location Data to Improve Banking Security
Geolocation data can also be useful in not only detecting potential instances of fraud, but also as a method of reducing customer friction. For example, if a banking customer who lives in the United States travels to a foreign country and tries to log onto their bank from an unknown device, such as a business center computer at a hotel, contextual data can be useful to fight fraud and improve the customer’s experience.
As a hotel computer is a new device and is not linked to a customer’s profile, the connection will be deemed risky, so the customer will be asked to authenticate via a secondary factor, either a text message or an email link. After completing that authentication step, the customer logs in, and geolocation data from that computer will indicate that this device is physically distant from the customer’s typical login location. Because the customer is so far from their typical login locations, and is using an unknown device, it is appropriate to step up her authentication via a third layer of security, such as the knowledge-based account challenge questions.
However, contextual data can also be used to reduce friction while maintaining security. Consider if the customer, 15 minutes before logging onto the online banking system on the hotel computer, had made a withdrawal at the ATM in the hotel lobby using a debit card. In this case, the fraud department could have contacted the customer via mobile phone to verify that she was indeed making the withdrawal, since the customer was making a withdrawal many miles from home. In this case, the stepped-up authentication requiring answers to the challenge questions during the online banking transaction could be bypassed without incurring additional security risks, because contextual data would show that the customer was at the hotel 15 minutes prior to logging on, and the bank’s fraud department had just verified the customer’s identity.
Using Contextual Data to Identify Account Attacks
One of the key ways to quickly assess whether there is a coordinated attack against a customer’s account is to monitor account logins. If an account is seeing multiple login attempts within a short timespan that are spread out across many devices, it can indicate that someone is attempting to fraudulently gain access to an account. While in some cases, a customer may have simply forgotten their password, a check of geolocation data can also help pinpoint instances of a criminal trying to hack into an account, particularly if the login attempts are in distant locations from the customer’s primary geographic location.
Contacting the customer to verify if the login attempts are genuine can help fight fraud, while also offering an opportunity to educate the customer on the need to change their passwords frequently to reduce their cyber-vulnerabilities.
Incorporating Third-Party Sources to Identify Fraudsters and Enhance Customer Profiles
Contextual intelligence data can also be incorporated with open-source intelligence sources (OSINT) to identify potential fraudsters, as well as protect legitimate customers. OSINT data is public data that can be used to help establish that a person is a legitimate entity, with links to real-world assets, accounts, and activities. For example, most legitimate people who interact with organizations have a significant digital footprint, which links data such as their email address, social media accounts, physical addresses, and, in many cases, to other key data, including membership in specific groups or to employers.
Fraudsters who set up fake accounts to engage in criminal activity likely will have far less data associated with their false profile. For example, while it is easy to set up a social media account, it is far more difficult to establish the connections with other individuals, associations, or businesses that are typical of legitimate customers.
In practice, organizations can run email addresses through tools that will check these OSINT sources to further fill out their customer profile data that is often held within a CRM. This enriched customer profile can be further vetted against other contextual data, to provide a more complete picture of the customer, and whether they appear legitimate. For example, if a customer’s profile indicates that they live in one state, but their interaction geolocation data shows they are accessing the website or financial institution from multiple places on a frequent basis, it could be a sign that the account is fraudulent.
These data and insights permit an automated system or a manual reviewer to make more informed decisions about whether to allow this person to continue with their account activity or purchases, or if additional vetting or outright blacklisting is required to fight fraud. If the account or customer is found to be legitimate, the extra vetting and information uncovered can be used to provide additional customer insights (e.g., a legitimate customer that logs in from many countries is clearly a frequent traveler) that can be used to help smooth subsequent interactions.
Author Information
Keith has over 25 years of experience in research, marketing, and consulting-based fields.
He has authored in-depth reports and market forecast studies covering artificial intelligence, biometrics, data analytics, robotics, high performance computing, and quantum computing, with a specific focus on the use of these technologies within large enterprise organizations and SMBs. He has also established strong working relationships with the international technology vendor community and is a frequent speaker at industry conferences and events.
In his career as a financial and technology journalist he has written for national and trade publications, including BusinessWeek, CNBC.com, Investment Dealers’ Digest, The Red Herring, The Communications of the ACM, and Mobile Computing & Communications, among others.
He is a member of the Association of Independent Information Professionals (AIIP).
Keith holds dual Bachelor of Arts degrees in Magazine Journalism and Sociology from Syracuse University.
