The Equifax breach that continues to make headlines is a game-changer for the financial services space. The biggest fear, of course, remains the unknown cost impact for banks and credit unions.
Inevetiably, in a breach affecting roughly half the U.S. population, the scope of this incident will be long-lasting. The end results won’t be known for some time since the real threat ahead lies in fraudsters’ ability to create false identities (AKA: synthetic fraud).
To help combat the fallout from this breach, we've gathered four tips that banks and credit unions should keep in mind as they devise their strategies for keeping up with the spread of fraud (and fraudulent accounts).
Equifax Breach Response Tip No. 1: Be Proactive about Fraud Detection
Two ways to keep up with this fast-growing trend? Demand more from your data processor, and work with companies that leverage machine learning technology to analyze, predict and detect fraud patterns faster. Instead of relying on weekly, or monthly reports, fraud alerts should be delivered in hours (not days) with daily data from credit card transactions within your network. These tools shouldn’t require complicated platforms, take 90 days to implement, or cause delays within your core system.
This latest breach in the marketplace, which will surely not be the last of its kind, also underscores the importance of having stronger verification methods to authenticate a customer’s identity. This means demanding the best security practices (and better data) from your data processors.
Equifax Breach Response Tip No. 2: Evaluate Your Reissuance Process
Not only does this breach present ongoing fraud challenges for banks and credit unions, it begs the question as to how financial institutions should manage their reissuance process for impacted cards. Of course, the natural reaction of an issuer post-breach is to reissue cards. The problem? In the case of the Equifax breach, that will only address a sliver of the problem. Now is the time to evaluate your company's best practices as to how and when you reissue compromised cards.
The problem with this particular breach lies in what fraudsters will likely do with the data. Reissuing cards in a post-EMV world is expensive ($8-11 per card) and is only putting a bandaid on the real problem. Because this breach has the potential to impact cardholder’s entire identities, banks and credit unions need solutions that can detect fraud, the spread of fraud, and fraud patterns better, faster and more efficiently.
The better solution? Learning how to reissue cards strategically and smarter with machine-learning based platforms that predicts and stops fraud from the use of compromised card details.
Equifax Breach Response Tip No. 3: Invest in Faster, Better Fraud Detection
One trend among fraudsters today is targeting high balance accounts and withdrawing large sums of money in a short time span. The biggest problem? Banks typically have less than 48 hours after an ATM compromise begins before money is out the door. When a card is compromised, banks and credit unions need the option to cancel cards and reset PINs immediately — opposed to the two week-period associated with alert analysis.
The reason speed matters most when detecting and preventing the spread of fraud is because by the time networks alert banks which cards are comprised, 80 percent of fraud has already occurred. Industry experts project the effects of the Equifax will be felt for years to come; this is attributed to the fact that synthetic fraud rings will need to be tracked, traced and stopped.
Synthetic fraud allows hackers to set up accounts in a person’s name that appear to be authentic, but are in fact fictitious. The creation of these new synthetic IDs is based on combining truthful and false information to build a credit file and then open new accounts, which is perpetrated at scale by opening hundreds of new accounts.
Hackers’ methods today center on being fast and staying one step ahead of issuers. As quickly as banks and credit unions are building their fraud-fighting teams to implement machine learning, automation and cloud-based technologies, fraudsters are doing the same — only faster and better. They’re also using bots to make fraudulent purchases, create false identities and hack payment systems.
After the Equifax data breach, we’re likely to see any increase of compromised cards and personal credentials (SSN, addresses, birthdates, etc.) be rapidly sold across the dark web. Anytime hackers can monetize card fraud, they will and. The faster they act, the harder it is for banks to keep up with. If you're not moving fast to detect this behavior, you're already behind.
Equifax Breach Response Tip No. 4: Leverage the Power of Machine Learning
By infusing machine learning technology into the fraud detection process, bank and credit union fraud teams can be better equipped to get ahead of the problem before it spreads. Eliminating costly, manual processes that are also far less accurate (not to mention far slower) presents endless benefits for financial organizations.
Having the ability to sift through organized data that’s collected using powerful software, instead of relying on a team of data scientists to interpret what accounts have been breached (and which will actually go fraudulent), is the only way to devise sustainable business practices and be fully prepared to fight fraud.
Did you know? Only 1-5 percent of compromised cards ever actually go fraudulent. What that means is that many banks and credit unions are spending thousands a month unnecessarily reissuing cards that likely weren’t going to go fraudulent.
In response to any breach, an effective response for banks and credit union boils down to how fast they are able to detect breaches, what technology they are using to predict fraud patterns and how quickly they are able to respond when an card or account gets compromised. The rate of which fraud spreads moves faster than manual reviews can keep up with. Investing in the right automated platforms is critical in a world where Equifax-size breaches could eventually become the norm.
