Technology continuously evolves to help make day-to-day life easier. In the payment and financial services sector, further innovations are conducted to offer faster and more convenient transactions. However, as services become more advanced, so do fraudsters. It is the responsibility of organizations and service providers to prevent or fight these frauds. Ensuring strong cyber security will help ensure that the trust of customers will not be jeopardized. 

Types of Authentication Fraud

You may have heard of malware, data breaches, and social engineering. All of these may happen to companies. That is why you may have put into place cyber security.

Despite this, vulnerabilities to other fraud attacks may still be present. Awareness and preparation are keys to better protection.

Generally, there are two types of authentication. These are the New Account Fraud (NAF) and Account Takeover(ATO).

New Account Fraud (NAF)

As the name suggests, NAF happens when fraudsters open new individual accounts. In some cases, they may also use automated scripts to open hundreds of accounts to attack multiple institutions at the same time. It refers to transactions targeting multiple payment accounts through either mobile or digital channels.

While some may use a stolen identity for fraud, many also use a synthetic identity. That is when fraudsters fabricate a person or an entity. It can be accomplished in three ways. First, they create a completely fictitious identity. Second, they manipulate an identity by modifying real personally identifiable information (PII). This includes email address, name, and date of birth. Third, they combine real and fabricated PII to create the identity.

Once they established an identity, they will start building credit by applying for a bank account or credit card. Due to a supposed existence of an identity, they will be able to bypass the identity and verification process.s They will then use the credit card or bank account for fraudulent payments. 

Account Takeover (ATO)

The second type of authentication fraud is ATO. It occurs when fraudsters use existing credentials, usernames, passwords, or PII to access a legitimate financial service or institution. 

There are many ways ATO attacks can happen. In some cases, the fraudsters harvest personal data to prepare for fraudulent transactions. They use these for targeted phishing campaigns. Some use automated attacks or combinations of different credentials to gain unauthorized access to their target accounts. 

Cyber security has become an important aspect of protecting financial institutions, service providers, and clients. However, some may have weak measures like static passwords or relying too much on PII. Using multifactor authentication, including device recognition and other behavioral tools can help block malicious activities.

Fraud is a problem that many financial institutions and organizations. While having cyber security may help, some attacks can bypass these like New Account Fraud (NAF) and Account Takeover (ATO).

What makes it harder for companies is that the start of the attack may start at the customer’s digital journey. That is where multifactor authentication can help. Requiring authentication at every step may be the best solution to fight fraudulent transactions.

The Customer Journey

It starts with the creation, verification, and authentication of a new credit card account or Demand Deposit Account (DDA). These can be used to enroll financial accounts with online merchants, open digital or mobile wallets, purchase goods or services, or transfer funds. 

Because of this, the fraudsters can attack at different points. Thus, the need for multifactor authentication.

Here are some points that fraudsters may target:

Account Opening and Onboarding – This refers to the opening of a demand deposit bank account remotely, including an associated debit or credit card. In this process, the customer accesses a website or downloads the mobile application of the financial institution to apply for a new account.

Payment Authentication – Another possible vulnerable point is the person-to-person (P2P) payment authentication that is done during the enrollment or when completing a transaction. It allows digital fund transfer between the accounts of individuals. Financial details of the recipient need not be revealed as the transaction is done using a mobile app, online banking, or an online digital solution.

Contactless Mobile and Digital Wallets – These store payment tokens that are associated with a debit or credit card and related PII data. These offer convenient payment channels. 

Payment Service Providers or Propriety Merchant Wallet – These are similar to mobile and digital wallets. However, they cover enrollment and payment remotely using third-party mobile applications, online wallets, or merchant sites accepting third-party wallets.

To prevent fraud, the institution has to require multifactor authentication. Ask for certain identifying information before approving the opening of the account. These should include name, address, date of birth, ID number, documentary evidence of residence and nationality, fraud protection information like a mobile phone number. 

Validation of identity is also a must. It can be through vendor identity verification, credit bureau, or point solutions like device verification, document verification, email address, mobile number, and biometric capture. You can support device biometrics, facial recognition, iris scan, or passcode in authenticating purchases. To add another security feature, you can ask clients to add information during enrollment that will enable them to receive an OTP for every access or transaction. 

Nok Nok Products joins thousands of companies in Money 20/20 in Amsterdam. Conducted on September 21 to 23, 2021, the event aims to tackle financial technology, its role in various industries, and what to expect moving forward like passwordless authentication.

The Return of Real-Life Interactions 

The past year has been a challenging time for most, if not all, industries all over the world. With the need for social distancing measures, safety has been the main priority.

Because of this, live events were put on hold. Conferences, talks, exhibits, and other similar activities were postponed. 

But as we welcome the vaccine development and rollout, the world is slowly welcoming the return of real-life interactions. While the need for ensuring safety is still a must, organizations and companies can once again come together to tackle important industry developments.

Money 20/20 in Europe

The financial technology community is among those adapting to the new normal through innovation. Money 20/20 is proof of that. 

The three-day event aims to showcase how the industry will move forward and adopt changes to face risks and prepare for the arrival of new technologies. From passwordless authentication to various payment solutions, participants can learn what is new and what to expect in cyber security and the financial market.

More than being the biggest financial technology event, one can expect to see global leaders, tech giants, startups, and new industry challenges. Find renowned speakers, innovators, and C-level executives. Money 20/20 helps business entities expand their network while learning from one another.

Learn from the experience of others. Find out more about various products. Gain knowledge on how to facilitate data and ensure security. See how you can remain relevant as the competitive landscape changes. All of these opportunities are to be seen in one grand event.

Nok Nok Products And Passwordless Authentication

So, where does Nok Nok Products come in?

Nok Nok Products is among the thousands of companies joining the biggest event about the financial landscape and ecosystem in Europe. Through this, the company gets to showcase its part in the innovative industry.

Nok Nok Products is among the innovators in the field of cyber security. With its services, such as passwordless authentication, the company has helped various business entities and financial companies have better security not only for themselves but also for their clients.

 To know more about Nok Nok Products or Money 20/20 Europe, visit www.noknok.com.

Fraudsters constantly find ways to overcome security measures taken by companies. Among the most targeted are financial institutions. 

Detecting fraud can be hard, especially if you are not aware of them. The best protection is to strengthen security through authentication. Aside from traditional verification processes, adding passwordless authentication can help.

New Account Fraud (NAF)

One type of fraud that you should be aware of is New Account Fraud (NAF). It targets different payment accounts using mobile and/or digital channels. These include debit or credit cards, demand deposit accounts (DDAs), online merchants, and card not present (CDP) accounts.  

Fraudulent activities have increased through the years. In 2018, new accounts with credit card fraud were up 4%. New fraudulent mobile accounts increased by 28%. New fraudulent bank accounts had a 12% rise.

Use of Identity

There are two ways of using identity for NAF attacks. First, the fraudsters steal legitimate identities. Second, they create synthetic identities.

What is the difference?

Legitimate identities include data sourced from data breaches, phishing, and/or hacking. These will be used to open accounts. Thus, using the name of the victim. The fraudsters will pretend to be the person whose identity they have stolen. They often do this to bypass authentication, intercept communications from financial institutions, or conduct deposits and withdrawals to establish a pattern that will convince the financial institution that they are the owners of the account.

After gaining the trust of the financial institution, they will conduct other activities. They may apply for loans, request credit limit increases, make purchases, withdraw funds, transfer money, or generate fraudulent checks. All of these will be done without the knowledge of the legitimate account holder.

Meanwhile, synthetic identity is a made-up identity. Fraudsters can fabricate an identity using completely fictitious information. They can opt to manipulate an identity using modified real personally identifiable information (PII). Another way is identity compilation, wherein fraudsters combine real and fabricated PII. 

The synthetic identity will be used to build credit. They will apply for a bank account or credit card. This way, they can bypass the identification and verification process. They will create a username and password for online transactions. Then, they can start committing payment fraud. 

While fraudsters use technology to conduct NAF attacks, financial institutions can also use it to their advantage. Improve cyber security to prevent being a victim of fraud. What you can do is by including multiple layers of security. Doing this makes it more difficult for fraudsters to bypass. Include different technologies, such as passwordless authentication, biometrics authentication, and even OTP.