Last week, the Justice Department indicted a 24 year old Vietnamese man with 15 counts of wire fraud, identity fraud, access device fraud and conspiracy charges, for his part in stealing and helping to sell ‘fullz’ packages of IDs online for over 500,000 people. These ‘fullz’ packages include a person’s name, date of birth, social security number, bank account number and bank routing number, and payment card data.
Reading further, a few other pieces of this story become clear, and should be concerning for individuals and the banks that service them:
- Mr. Hieu Minh Ngo was not working alone. The DoJ has not named his co-conspirators, and its likely they won’t be nabbed unless they try to enter the country (as Mr. Ngo did)
- Criminal rings are becoming much more sophisticated in their ability to steal, organize and then sell valuable identities – in other words, across the fraud lifecycle
- It’s become a game of ‘whack-a-mole’ – pin down one criminal, and others will pop up to take his place.
Our adversaries clearly have the first-mover advantage. They are going to know who they’re attacking, when they’re doing it, and what is the latest technique they’re using to gain access to customer credentials, one way or another. Relying on end-users to behave ‘cleanly’ is akin to asking 5 year olds to do calculus – they just can’t keep up with every trick they’re supposed to be smart enough to avoid falling for, and everyone gets frustrated in the process.
Increasingly, the question is not ‘who’ is going to be compromised, but ‘when’. When financial institutions shift their mindset, and assume that any customer can be compromised at any time, then their methods of protecting themselves, and their customers, shifts as well.
Increasingly, banks are looking towards the next generation of anomaly detection to protect their customers. They are harnessing the power of Big Data and behavioral analytics to automatically protect their customers against the widest array of threats, in real-time, before the money goes out the door. They are leveraging adaptive learning and predictive modeling to understand individual user habits, and deviations from those habits that can signal account fraud is in progress.
Perhaps equally importantly, they are doing all of this while maintaining the user experience, ensuring that security does not come at the cost of customer satisfaction. They are leveraging anomaly detection combined with highly sophisticated user authentication to deliver ‘risk-based’ authentication, beyond what previous generations of authentication could provide. They, and their customers, are tired of playing catch up to the latest threats. They’re arming themselves to see these threats as they emerge, and stop them before they do material damage.
So while the criminals will continue to have first-mover advantage, banks today have more and better tools at their disposal that enable highly customizable, predictive modeling, to stop the bad guys in their tracks.
For more information on protecting your customers from transaction fraud, visit www.easysol.net.