About the author
Mohammed Fouladi is a strategic tech leader with extensive experience in development and implementation of solutions in the areas of cyber security, identity proofing and fraud prevention. With proven skills in solving complex problems, creative thinking and identifying action plans to ensure a successful conclusion, Mo’s expertise is in product innovation, developing strategies for identity proofing, fraud detection and prevention, assisting customers in technology adoption and new feature development based on emerging customer offerings.
For many businesses, particularly retailers, a significant part of their revenues come from transactions in Q4. This festive season may also be a time to clear as much of their inventory as possible, especially with shop closures during the pandemic and disruptions to major global supply chains, businesses have a larger volume of stocks to move.
Many businesses have significantly increased their digital presence over the last two years. Along with the increased digital presence comes a number of promotions across industries from e-commerce to financial institutions pushing cashback deals or card promotions. The increased digital activity isn't just exciting for businesses and consumers, but also for fraudsters waiting to strike.
Historical fraud trends during the festive season such as gift card fraud or coupon fraud may mask the underlying reality that fraud can evolve quickly around macro-economic conditions.
The rise of synthetic identities
One trend we are seeing these days is what the industry term social engineering or synthetic identity fraud. Essentially, it's taking partial genuine customer data and then combining with partial man-made creative data. Fraudsters then use these new synthetic identities to apply for new credit cards, get free gifts, apply for micro loans or open new accounts. As various combinations can be easily derived, large numbers of accounts can be quickly created.
Because of the small ticket size, many organisations do not conduct sufficient due diligence. And so, businesses end up with a large number of new sign-ups which can make their year-end promotions seem like a great success but upon closer inspection, many sign ups may be fraudulent. This is in addition to genuine customers with their information compromised. This calls into question the true costs of customer acquisition.
We are expecting the number of synthetic identity fraud cases and the number of accounts that will be created by fraudsters and genuine customers who may try to exploit loopholes and security gaps to rise significantly, particularly in the festive season.
Fraudsters adapting to local nuances
Though social engineering has been around for many years, fraudsters and fraud syndicates have become smarter to localise to ensure a higher success rate.
Two recent major data breaches in Australia involving Medibank and Optus in November and September 2022 are examples of that. Consumers have been on edge about data leaks and stolen identities, so when social engineering scammers were calling consumers, pretending to be from Medibank or Optus, offering identity protection, they'd least expect themselves to fall prey.
We've seen similar workings across the globe too. For example, in Singapore, Covid-19 vaccination scams by scammers pretending to be from the Ministry of Health. In Malaysia, personal data has been leaked during the recent General Election. In the Philippines and Indonesia too, with many cases of data being sold on the dark web. The context may change but the social engineering phenomena is global – only that the criminals' modus operandi gets updated.
Uncertainty and anxiety in markets make it easier for fraudsters to strike
This Q4, businesses may be operating with a lot more anxiety given the uncertainty in the global economy. Many merchants are anticipating or are already experiencing supply chain issues. They have likely overstocked on certain items, which means they will be coming out in the market offering a higher level of incentive for consumers too.
Higher transaction volumes, bigger promotions also mean a greater opportunity for fraudsters to leverage identity data or financial data via these merchants.
Unfortunately, many merchants don't have the necessary protective measures in place. For one, merchants are not required by law to perform customer KYC when anyone comes on their platform and creates an account as opposed onboarding for financial institutions, where you have to verify your identity with an ID card or take a selfie to prove your liveness. Anyone can come and create an account on an e-commerce platform, and all you need is an email. And there are so many websites and services that you can create emails on-demand.
So this is a massive risk taken by the merchant platforms because if they don't have that necessary protective measure, fraudsters can easily use stolen credit cards and so on to purchase goods and services. Ultimately, that liability will fall back on the merchants. And on top of financial and reputational losses, merchants are at risk of becoming victim to major syndicate-level fraud. Card schemes like Visa and Mastercard have recommended 3D Secure 1 (3DS1) and 3D Secure 2 (3DS2) as a protective measure, but not every merchant has actually adopted that framework. With so many reports anticipating fraud happening at a different rate this particular festive season, we think it's key for businesses to adopt a fraud prevention strategy even if it is not yet required by law to do so.
A fraud prevention solution that fits your business needs and budgets
Many are worried about fraud prevention measures being a potentially expensive investment. It needn't be so. There are some basic checks one can perform, and as part of what we offer at ADVANCE.AI, to understand the identity of risk of the consumers that are creating accounts on your platform. There are steps you can take to help answer questions such as:
Is the email address an active email address?
What is the age of that email address?
What is the riskiness of the email domain?
Has this email been involved in any kind of malicious activity before?
Through various checks, we then create an identity score and risk profile that can then be used to determine if this is a genuine customer trying to create an account, perform an activity or transaction. Similarly, we are also able to perform verification checks on mobile number availability status, social media status, and build similar profiles with the information.
I'd suggest speaking with our team to find a suitable verification solution as businesses have different risk appetites, budgets, and also strategies that consider customer journey friction and many other factors.
A verification and onboarding strategy for Q4 and beyond
With the increasing number of sign-ups with promotions from free gifts to micro loans as we go into Q4, organisations may be looking for a verification solution that can quickly and effectively block fraud without blocking genuine customers.
I'd say, go beyond that, think of customer onboarding as part of the holistic customer experience that you're offering. Think of onboarding as part of your workflow too, because then you'd be able to improve not just your customer experience, but your team's operations too. Gartner® Innovation Insight shared ADVANCE.AI as a representative solution provider that helps mitigate fraud and improve user experience.
To find a solution that helps you handle the high holiday season traffic yet ensures quicker, safer onboarding, it's best to book a complimentary consultation session with our team today.