Banks and credit unions will face an uphill battle fighting account-application fraud in the next few years, according to a new report from Aite Group LLC.
Boston-based Aite projects that financial institutions will spend $781 million in 2022 on services for thwarting credit card application fraud, up 40% from $557 million in 2017. Over the same period, bank and credit-union spending to fight application fraud related to new demand-deposit accounts will grow 37% to $599 million from $436 million.
Criminals use consumers’ personal information obtained through data breaches, phishing attacks, malware, and social engineering in their attempts to open fraudulent financial accounts, says the report by Aite senior analyst Shirley W. Inscoe. Since 2013, more than 13 billion data records have been lost or stolen, according to the report.
“Fraudsters are nurturing synthetic or manufactured identities for many months or years, establishing credit-bureau reports, obtaining mobile phones, and taking other steps to make such identities extremely difficult to detect,” the report says.
Aite’s report is based on 30 completed online surveys sent to financial institutions of varying sizes earlier this year, supplemented by executive interviews. Asked what their top three application-fraud “pain points” are, 76% of respondents cited so-called first-party fraud in which fraud is committed by the account holder. Next were data breaches, cited by 56% of respondents; social engineering in call centers, 52%; scams and elder abuse, 40%, and phishing, 24%.
One reason behind more application fraud is the coming of EMV chip credit and debit cards to the point of sale, which have greatly reduced the counterfeit fraud that plagued U.S. magnetic-stripe payment cards for years. “Many FI executives attribute part of the rise of application fraud to the rollout of EMV—$4 billion in displaced fraud losses from counterfeit magnetic-stripe cards had to be replaced, and application fraud was identified by fraudsters as one method to accomplish that,” the report says.
Among other things, the report recommends that financial institutions broaden their authentication sources for account applicants. “While many FIs are still relying on third-party databases or credit-bureau queries to verify identity information, this cannot be relied upon alone,” Inscoe wrote. “Third-party databases’ information is often known to fraudsters who use the data, and synthetic identities are often nurtured with a credit-bureau file being created.”