The Invisible Sharks Swimming in Your Applicant Pool

Application spikes can be friends or foes; revenue-drivers or ambient-fraudsters. At a crowd-level view, seeing a sudden increase in applications is a vital indicator of whether you’re attracting the right customers—or if you’re chum in the water for fraudsters.

At NeuroID, we are uniquely positioned to visualize crowd changes across the evolving fraud landscape. In a 5-month in-depth study, we tracked the unique attack patterns of application-level fraudsters. These are attacks specifically aimed at the stage of digital onboarding where your customers, and future revenue, is most vulnerable. Here are three lessons we learned from watching 17 different attack attempts, and what they mean for your fraud strategy. 

Lesson 1: The Importance of Crowd Visualization 

Usually, an increase in user applications is a good thing. But when paired with high-risk indicators (that is, displays of lack of familiarity with data, or non-human data entry patterns), there’s cause for concern. 

By monitoring crowd-level trends, NeuroID’s behavioral analytics detected that brief bursts of fraud often preceded more deliberate attacks. What would typically go under the radar as a spike in applications, would later turn out to be fraudsters testing defenses. Effective tracking and responses hinge on crowd-level monitoring that reveals patterns in spikes and the related behavior.

Lesson 2: When You Label the Fraud Attack, You Lessen the Fraud Damage

Fraud ring attacks involve patient probing for weak spots. High-velocity attacks rely on speed and brute force. Throughout the study, we saw instances of both. 

In the case of high-velocity attacks, the objective can seem counterintuitive: they’re not trying to get every fraud attempt through, but rather to overwhelm the defenses so just enough squeak by. From there, dormant fraudsters can patiently wait months to strike. According to one report from FiVerity: “Fraudsters can take as long as 18 months to build up their credit and then strike—the average synthetic identity fraudster profile successfully steals between $81,000 and $98,000.” 

How you can successfully fight back varies by attack style. Monitoring crowd level behavior enables you to label the fraud attack type and adjust your operational response, which is key to creating an optimized defense fortification without adding to an overly complex fraud stack bloat. 

Lesson 3: Real-time Responses Stop Rapid-Fire Attacks 

During our study, one specific attack on a fintech credit card issuer highlighted the power of real-time behavioral analytics in action. NeuroID’s ID OrchestratorTM detected unusual spikes of risky activity on the issuer’s website, identifying 500+ risky user flags. As a result, the issuer implemented more rigorous verification processes, with many of the risky applicants dropping out. Without real-time behavioral analytics, these attacks would likely have been missed, potentially resulting in substantial damage (such as we mentioned in lesson 2, with embedded fraudsters biding their time).

Want to learn more? Download our report for the full research and long-term view of the fraud landscape.