Fraud’s Fright Night: 3 Terrifying Monsters Stalking Your Stack
NeuroID, a part of Experian
Next-Gen Behavior & Device: Detect Fraud Anywhere User Interaction Occurs
First-gen fraud bots would feel at home in an old school zombie movie: they’re a bit lumbering; they're most dangerous when they attack in hordes; and overall they're not a monster you want to run into, but they're still straightforward to defeat if you have the right defense.
But those simple first-gen bots have evolved to fourth-gen, AI-enabled terrors. These are no longer the slow-shuffling zombies, but the more modern-movie zombies who are super-fast, insatiable, and hard to outrun (let alone stop).?
And fraud bots aren’t the only digital monster evolving at a terrifying pace. NeuroID teams have a front-row view of how cybercriminal tactics continue to change, and how these changes have impacted fraud teams' defense strategies.?
The pace and pummel of modern fraud attacks are scary. But they don't have to be. In the spirit of Halloween, we’re going to unmask the three monsters that we hear spook fraud and risk teams the most. And hopefully show you that with the right strategy, fraud bogeymen (and bogeybots) aren't nearly as terrifying.
Monster 1: Dormant Fraud
Dormant fraud is the ghoul creeping in the dark corners of your customer base, waiting to cause chaos. That chaos might come in the form of receiving or transferring stolen funds, misrepresenting a financial position, or building toward a bust-out. Dormant fraud attacks are especially insidious because fraudsters can enter through your onboarding path of least resistance (say, applying for a $50 line of credit). But once they’re in, many dormant accounts can transition to higher risk activities (such as a $5,000 money transfer) to cause damage far past what they'd be able to do if they attacked at onboarding. And because they’ve made it past those initial fraud checks and haven’t done anything suspicious, you don't see it coming.?
32% of businesses were hit by Account Takeover Fraud (ATO) in 2023(1), making it one of the most common fraud tactics of the year. While ATO threats at onboarding are scary enough, dormant ATO fraud haunts the house while your focus is on the front door. It requires a different kind of vigilance, one that looks for fraud across your entire customer ecosystem.
Behavioral analytics can be your night-vision goggles in this haunted house, detecting risky behavior past account opening based on the subtle behavioral tells that standard tools miss. By analyzing behavior across all points of customer interaction, behavioral analytics flags accounts that seem benign, but are actually lying in wait.
That's what happened with a payment processor customer we were working with. After adding behavioral analytics, they wanted to backtest their customer base for signs of fraud missed by other tools. Upon analyzing their customer base’s behavioral data, we discovered more than 100k accounts that had not completed a transaction since onboarding. The payment processor hadn’t considered these accounts suspicious and didn’t see any risk in letting them remain. How did NeuroID bust these dormant ghouls? Read our case study to find out.
Monster 2: GenAI Bots
So: we’ve established that first-gen bots are George Romero-style zombies and GenAI bots are the fast-zombies. The scariest part is that every fraud stack is plagued by a mix of both. Fraud bot attack styles don’t go away as the next evolution emerges. Fraudsters deploy different bots in different ways for different purposes.(2)?
Step into any fraud stack, and you’ll find a series of tools, step-ups, and checks, designed to stop the ever-advancing fraud techniques battering at your door in the dead of night. But this standard lineup of best-practice tools gives genAI and machine learning-built bots the ultimate testing ground. They learn to avoid every creaking floorboard and adapt their attacks to beat the fraud stack template. They can overcome CAPTCHA, device checks, and pretty much every other kind of identity and PII verification.
Behavioral analytics used to be the first-best line of defense for bots, who never could replicate human behavior to the granular signals that behavior tracks. But now, next-gen bots are trained to act nearly identical to legitimate users. Our conglomerate of customer attack data shows that hybrid bot-human attack strategies are becoming more powerful and that genAI is supercharging bot development, which in turn enables fraud attacks at an unprecedented speed and scale.?(2,3)
领英推荐
Today’s fraud bot attacks are made up of not just more sophisticated bots but higher bot-volume than ever before. In June 2024, bots led 2x the number of attacks than they did in January 2024. Speed, scale, and sophistication—these next-gen bots are a triple threat. And they’re far more prevalent than expected. For almost 50% of our customers who encountered bots during the analysis, more than 95% of the bots were next-generation.?
Are you sure you’re seeing all your bot attacks, and staying ahead of these insatiable waves of not-quite-human-but-close bot hordes? Our next-gen bot report will help you not just run from these zombie-bots, but make sure all your windows are boarded up against any style of attack.
Monster 3: Unseen Fraud
This last monster comes from the depths: a slippery, slimy fraud shapeshifter who sneaks through the gaps in your fraud stack. It's what we've heard customers label "unseen fraud"; the fraud they know is happening but they just can't quite get a hold of. As the Fraud Manager for Aspiration Bank Josh Eurom put it: “You can quantify some things very easily: if bad domains are coming through you can identify and stop it. But if you see things look odd, yet you can’t set up controls, that’s where behavioral analytics come in to capture the unseen fraud.”
Behavioral analytics adds a layer of visibility that bolsters all other tools' decision-making. Behavior isn't built on PII, so it can't be fooled by PII: it's a whole new lens into customers, good and bad. Trying to fight all the complex types of fraud can lead to overzealous fraud prevention tools that push false positive rates and friction sky-high, and results in excessive lost time and revenue spent on manual investigation . . . investigations that often lead to a harmless, trustworthy customer, who has likely since moved on from your business to instead patronize a more trusting competitor. Meanwhile, as your resources are tied up, true fraud transactions take longer to identify.
With the added lens of behavior supporting real-time decision-making, you can look closer at every applicant without adding friction and create more accurate, deterministic rules for nuanced decisions that catch more unseen fraud.
Slaying the Monsters with Behavioral Analytics
Behavioral analytics unmasks fraudsters lurking in the shadows of your onboarding and beyond. Check out more of our research on bots, fraudster tactics, and trend data for insights into creating fraud detection that's full of treats, not tricks.
Sources