Detecting Account Opening Fraud

The third episode of Digital Tells: A BioCatch Podcast tackles the global epidemic of identity theft, and the resulting fraudulent accounts that ruin personal credit ratings, perpetuate mule activity and money laundering, and drain institutions of $Billions annually. Tom O’Malley joins us again to discuss why most account opening fraud occurs online. Raj Dasgupta from BioCatch, discusses the peculiar online behaviors exhibited by cybercriminals, versus those of genuine account applicants; The Digital Tells that help Behavioral Biometrics distinguish between criminal and genuine activity. Ayelet Biger-Levin discusses BioCatch’s newly-announced Age Analysis Capability. And Howard Edelstein shares a story of account opening fraud detection that has become BioCatch lore. 

Tom O’Malley, a retired U.S. Department of Justice financial crimes prosecutor, founded a website, FrozenPII.org, which helps consumers protect their identity. Check it out!

Transcript

Have you ever been the victim of identity theft? Ever applied for a loan or a credit card, only to find out someone else has masqueraded as you and negatively effected your credit standing? Identity theft and new account fraud is a global problem. If you live in the United States, chances are you’ve been a victim – and if not ~ it’s likely someone close to you has been.

I was chatting with Tom O’Malley, the former federal financial crimes prosecutor you met in Episode 2, and we were discussing identity theft. The U.S. federal trade commission reported recently that $3.3B was lost in 2020 due to identity theft – that’s nearly double the $1.8B lost in 2019. 

And where are those stolen identities put to work? well, online of course – in the form of new accounts – credit card accounts, lines of credit, deposit accounts, you name it. Here’s Tom O’Malley

Tom O'Malley

Most often they're being opened remotely because it presents a little risk to the person who's opening an account. I mean, if you show a physically token something besides whatever documents you present, which are going to be fake driver's license, et cetera, you put yourself as a criminal at risk because there surveillance cameras. Nowadays, there's the ability to match surveillance footage with driver's license, facial recognition, driver's license. So typically criminals are not going to do this physically in a branch bank. They're going to do it remotely and they can do it remotely from anywhere in the world and depending on a bank's processes and fraud methods to detect fraud, it can be done from anywhere in the world, even though they're supposed to be a customer in the United States, opening up a bank account.

This is interesting, unlike the scams and account take over stories that we discussed in earlier episodes – crimes that disproportionately target older folks – Identity Fraud victims are more likely to be young… like under 40. In fact, in 2019 of the 1.6 million identity fraud reports in the U.S. – 44% were from people between the ages of 20 and 29. According to Equifax Canada, nearly half of all suspected fraud applications are for those between 18 and 24. 

Ok – so – somebody gets ahold your personal information, enough to open a credit card account in your name. Maybe they obtained your personal info on the dark web – maybe it was originally stolen in some big corporate data breach. And then that info, your data, is applied to an online form to open an account. Oh, by the way – it might not be a credit account – it could be just a bank account, so instead of obtaining false credit in your name – is used for shuffling money between accounts – for scams – or mule activities – both issues we’ll be taking a closer look at in later episodes. 

For this episode of digital tells, we’re taking a close look at the act of opening fraudulent accounts. Which, for those of us who have been victims, happens silently in the background… Before that heart-in-your-throat moment when you realize your credit rating has been ruined… or perhaps even worse, you’re contacted by law enforcement about scams or mule activities perpetrated in your name.

Also – very important note here – your credit rating – or mine for that matter – isn’t the only fall-out of identity theft. Financial institutions, credit issuers, they’re the ones usually taking the hard financial losses. A study released earlier this year by Javelin Strategy & Research, reported that combined fraud losses climbed to $56 billion in 2020 globally. Of that, traditional identity fraud losses totaled $13 billion. 

Well, back to that initial account opening, in episode 2 we got a glimpse into the sophistication and scale of cybercrime syndicates…. Scale meaning LOTS of accounts and lots of victims. It’s sendom just one account, rather it’s usually hundreds or even thousands of accounts opened in each campaign. 

And therein lays an opportunity for institutions to differentiate between legitimate and fraudulent applications. The Digital Tells of fraudulent applications – if you will.

Act 2

My colleague Raj Dasgupta and I were recently talking about what typically happens during the act of applying for fraudulent accounts. Raj is the Director of Fraud strategy at BioCatch, and has two decades of experience in the trenches – dealing with identity fraud issues at organizations like TransUnion, HSBC, and Symantec, among others.  

OK, so before I go to Raj – for just a moment – think about what you do when you open an online account… maybe your taking advantage of a great credit card deal with lots of hotel rewards points. Then put yourself in the seat of one of these highly specialized cybercriminals we discussed in episode 2 – how would you go about your job of applying for multiple fraudulent accounts – hour after hour – all day long?

OK – here’s Raj -  

Raj Dasgupta

Yeah, sure, I think copy pasting in online interaction can be on two different scenarios. One is account opening where you are copy pasting stolen information or made up information onto a form which is used for a new account opening. And it can be copy pasting the name, address or certain parts of the PII, quite likely from an application like an Excel sheet where you have all the stolen data. And within that copy pasting behavior. One is it's unusual for somebody applying for a new account to be copy pasting their own data. And the other is there can be copy paste and then erasing the pasted data, putting it in another form. As I was saying, it could be that the first name, last name are together in the Excel sheet. It's copied over to the first name field and then you cut the last name and place it in the last name for you. Very, very unusual scenarios or online behavior. 

Peter Beardmore

Let's transition to somebody actually reading this information. Right. So it's like long term memory versus short term memory. Can you can you talk about that a little bit?

Raj Dasgupta

So again, imagine in the context of account opening, you're typing in your name and address, Social Security number. You've been doing it for many, many years. It comes very fluently. You can type all the nine digits in at a steady cadence without stopping or without having to delete any digit and retype it in because you're essentially pulling it out of your long term memory and typing in the fraudster has stolen that information from somewhere else. That information does not belong to them. And they're either copy pasting the Social Security number or the name or address or typing it in. But because they're not familiar with that data, they'll make mistakes and they'll correct those mistakes. And then there type it again. 

Peter Beardmore

So that behavior – cutting and pasting – the pace and pauses exhibited when entering personal information – those are just some of the Digital Tells that are the underlying indicators for behavioral biometrics to distinguish between genuine and fraudulent online account opening.

In episode 2 we met Ayelet Biger-Levin, VP of Market Strategy at BioCatch. Later in the conversation we featured in episode 2, she went a little deeper into some of these indicators, and how BioCatch technology can make those distinctions.

Ayelet Biger-Levin

Some classic examples of the way that with this type of technology, we can distinguish between cyber criminal activity and genuine activity is by looking, by profiling the population and detecting differences between activities that correlate with fraud or correlate with genuine activity. So, for example, one thing that we observe when we track account opening activities is that there is a big difference between a cyber criminal and a legitimate actor and their familiarity with the process. A cyber criminal will be very, very familiar with the account opening process because they open many, many accounts every day. So they'll be very familiar with what are the mandatory fields. When you have a dropdown, they don't stop to select fields. They just go really quickly. They don't read the Ts and Cs, they won't select a credit card design. They'll just go very, very quickly and fill out the form, whereas the legitimate user will read the terms and conditions, will select their favorite credit card design