There’s a Huge Fraud Spike Coming. Are you Ready?
Even as the ground thaws from winter, an icy knowledge grows in the heart of everyone across the fraud prevention industry. We know that the coming spring brings not just budding flowers, but also new blooms of fraud.
Springtime fraud spikes are not just a casual observation, but a confirmed and measurable data trend, underpinned by empirical analysis across every industry. According to NeuroID’s analysis of 2023 seasonal patterns and fraud styles, the bombardment begins in March with a +44% increase in fraud attacks. May brings even more intense attacks, with a staggering +50% increase in attack volume.1 This one-two punch hits hard, often just as fraud teams are recalibrating after January’s spikes.
As of this post, we’re just into the first week of March. Chances are you’re already feeling the fraud spike, but it’s likely just the first wave. Here are the milestones to focus on as we enter the spring fraud season, including advice from NeuroID fraud operationalization experts on how to optimize your fraud stack in real-time, to stay proactive in the face of every new challenge.
March Milestone 1: Watch for the Fraud Rings
Spring is perilous because of the increase in both volume and velocity of attacks. In March 2023, the number of attackers per attack hitting our system increased threefold.2 These attacks were also twice as likely to trigger our fraud ring indicator alert system, which is built on indicators of fraudster efficiency. This signifies not just your everyday fraudster, but fraud rings ramping up. These rings, known for their patience and cunning, often study their targets beforehand to exploit any vulnerabilities found in the prevention methods, then attack with brute force.
What You Can Do: Focus on the Long-Game. Fraud ring attacks come in all shapes and sizes. For example, we’ve seen BNPLs be hit by slow, methodical approaches that use the high volume of applicants to avoid detection, infiltrating over a three-month span. Or, there are also the more standard high-velocity chaos attacks. Long-term monitoring and proactive pattern detection is key, which is why behavioral analytics with device intelligence is uniquely positioned to identify fraud ring patterns that would have otherwise been missed. For example, in the case of that BNPL, the implementation of NeuroID forced fraudsters to self-identify earlier, so the right step ups could weed out bad actors. This approach neutralized the PII-based vulnerabilities by providing a top-of-funnel, multi-faceted approach to fraud detection earlier and saved them more than a million dollars in fraud loss.
No one fraud ring attack is the same. They change strategies based on their target, the season, and the technology. Focus on the long-term goal of proactively recognizing and predicting their patterns (probing is one good indicator, for example), so you can stop them before they strike.
March Milestone 2: Watch for Cascading Impacts. NeuroID clients in March experienced attacks that lasted 40% longer. This means that risky applicants were attempting to onboard for 40% more hours than each of our clients’ pre-defined safe baseline. The result is an equivalent increase in manual reviews, identity checks, and overall fraud mitigation costs. That 40% increase in hours under siege cascades into not just more fraud loss, but also significant cascading costs. You’ll likely see this as spring progresses—more high-volume attacks that last longer, as fraudsters take learnings from their testing methodologies and refine their focused attacks.
What You Can Do: Reduce the Noise. In an ideal scenario, you’ve integrated multiple fraud solution layers to create a full-coverage blanket of security against every new technology. In reality, these layers often cause their own inefficiencies by providing an overwhelming amount of data. While well-intentioned to enhance decisions, this data dump often ends up adding too much noise to your fraud detection and identity authentication. Fraud professionals add more tools to try to keep pace, and end up slowing down their response time, or stretching their identity verification and authentication tools beyond their core speciality (and eating into their fraud margin with no clear view into what’s effective and what’s not).
As the cascade of hours rolls into hard- and soft-costs, a top-of-funnel heuristic signal becomes more important than ever. Operationalization and industry-specific best practices on how to use different signals will take the pressure off of your stack, while also improving outcomes.
Behavioral signals, especially when combined with device intelligence, enable specific and deterministic fraud decisioning at the top of your funnel, so you can refine the other tools in your stack for more precise outcomes. When the fraud is hitting fast, with more attackers pummelling your stack for longer amounts of time, precision that can help you make accurate decisions without needing to step-up to multiple reviews is key.
March Milestone 3: Perilous PII
Any business where money moves online is at extra risk if they depend solely on multiple forms of PII-data capturing systems for identity verification and fraud detection. This is especially true with spring’s surge, which is likely helped along by several correlating factors. Spring brings the preparation for tax season, where sensitive personally identifiable information (PII) and financial details are exchanged across various platforms, creating fertile soil for fraud to seed. March and May also include Spring Break, Mother’s Day, and the kick-off of summer vacation in many U.S. states, leading to significant online financial transactions on platforms that consumers may not typically use, such as hotel bookings. And PII is likely exposed even further as travelers take advantage of public Wi-Fi at airports and hotels, often in a less vigilant vacation-mode mindset.
What You Can Do: Think Beyond PII
NeuroID needs no PII to detect fraud, relying instead on the invisible fingerprints left by your data entry behavior, device, and network. Our solution detects these invisible trails to help you stop more fraud, without relying on potentially stolen and unreliable PII. While today’s typical fraud stack includes many different technologies, they often overly rely on the same static, historic, and highly compromised PII data.
NeuroID looks for a lack of familiarity with the user’s provided data, along with device and behavioral profile matching to help ensure the correct user accesses their account. We can distinguish between legitimate users and fraudsters, even when perfectly clean PII is used by the attacker. This approach ensures that only authorized users gain access, make changes, and transact, enhancing security without compromising user experience. Our signals help you decide when to step up or outright reject access in real-time.
March will bring high-fraud, but it’s just the start of the spring surge. Talk to us before the bigger hits keep coming; we can help from the first day of implementation. Even at the peak of fraud season, there are steps you can take to secure your customers with frictionless, passive customer protection from log-in to transaction. Our experts provide operational insights specific to your fraud needs, industry, and use cases, acting as an extension of your team. Now matter the season, we can help you create a custom-tuned, highly precise fraud stack that is flexible to every season’s ebbs and flows.
- All of the increases are compared to our baselines of attack numbers.
- That is, the number of applicants submitted that were deemed risky. Some of those might have been by bots, humans, or a combo of the two.
