Rippleshot Blog

Synthetic fraud is estimated to cost lenders more than $6 billion annually — and by all accounts, this problem is going to get worse before it gets better.

But why is synthetic fraud ballooning – and why are financial institutions finding it increasingly harder to crack down on? A rise in data breaches in recent years has only complicated this problem even more.

To help keep FIs educated with the latest data available in the market — and share expert’s take on how this problem has been transforming — we’ve released a new white paper titled Inside Synthetic Fraud.

As if financial institutions didn’t have enough fraud problems to worry about, there appears to be another growing trend in the hacker ecosystem that’s caught the attention of the FBI: ATM cash outs.

Like most fraud trends, ATM cash outs aren’t a new phenomenon, but they have been getting national attention this month after it was reported that cybercriminals are likely in the works to commit a global fraud scheme that’s commonly referred to as an ATM cash-out. These financial attacks allow for fraudsters to withdraw millions of dollars in hours, according to a report by Krebs on Security.

This scheme involves malware that allows the hackers to gain access to banks’ customer card data, along with network access, in order to execute the theft of funds from ATMs on a massive scale. These “cybercrime gangs” as they referred to are believed to use phishing tactics to break into a bank or payment card processor system. This involves removing fraud controls from banks that would stop limits on the number of customer ATM transactions/limits allowed daily.

The true weight from the massive Equifax data breach that’s believed to have impacted roughly 148 million Americans is going to be felt for years to come. One year later, there seems to plenty of questions as to how the company dealt with the aftermath, and what it is doing to prevent a breach of such magnitude from occurring again.

The Equifax breach has dominated headlines in the fraud ecosystem not just because of the total number of exposed records, but also because of the scope of what those records entailed. The nature of the sensitive details — including SSNs, credit card details and tax IDs — are what placed the incident on the list of worst corporate data breaches in the U.S.

So what’s happened in the year following Equifax’s discovery of the breach? Besides a lot of public criticism, and new leadership, there’s been a series of congressional hearings and investigations that have left the credit reporting agency in the hot seat since the incident was first reported.

Gas station skimmers have been a heated topic across the fraud management ecosystem for years. Since the EMV chip card compliance deadline isn’t until October 2020  — roughly five years after the liability shift was implemented for merchants — this gap has left gas stations in the fraud spotlight.

Just last week, heading into the July 4th holiday, the U.S. Secret Service once again released warnings reminding consumers about the dangers of credit card fraud that can stem from gas station skimmers. In recent years, skimmers have been a rapidly-growing problem due to tech advancements that’s allowed them to be designed slimmer than a credit card — and cheaper to produce. With fraudsters’ ability to insert them seamlessly into machines with less obtrusive methods, this has led to an uptick in concerns from issuers in how to proactively confront this expensive problem.

New security threats in the financial ecosystem are far from a new phenomenon, which is why financial institutions are constantly having to enhance their breach detection technology investments. New threats emerge on a regular basis, and fraudsters continue to capitalize on vulnerable payment data as their techniques get faster and more sophisticated.

A new report from PYMNTS.com highlights the latest security challenges financial institutions face as the ecosystem becomes increasingly connected. This report provides an in-depth look into how banks and financial companies can combat the rise in account takeovers, along with rising concerns over cyber attacks and data breaches.

When Forbes published an article titled: "The battle against synthetic identity fraud is just beginning," it was clear this problem was becoming a widespread issue for financial institutions.

The past few years the chatter about credit card fraud has been all about the major data breaches at retail stores. The Equifax breach happened and the conversations began to evolve. It was reported that 145 million social security numbers, along with 209,000 credit card details were breached. Not to mention the millions of other sensitive personal details that were leaked. The chatter about synthetic identity fraud quickly gained traction.

Here at Rippleshot, this has been a topic we've been busy tracking. Recently, Our Co-Founder Canh Tran was at Trellance's Immersion 18 conference where he was interviewed for BIG Fintech's latest podcast. Tran dove into the latest Synthetic Fraud trends, and explained why this problem isn't going away anytime soon.

Fiserv, a global provider of financial services technology solutions, announced its partnership with Rippleshot to offer Card Risk Office℠ Fraud Warning, an early breach detection solution that allows financial institutions to identify potential fraud events 30-60 days prior to network alerts.

Across the payments ecosystem, fraud continues to be the increasingly complex and expensive problem that all financial institutions are attempting to tackle. To understand how payment fraud is evolving, FIs must identify the origin of the problem itself. 

A new report by Javelin dove into leading card fraud trends, the greatest threats to financial institutions and what strategies can help curb the rise of payment fraud. The report highlighted some core issues in the payment ecosystem and how these problems have transformed over the past year.

There’s never quite a dull moment in the world of credit card fraud, which was the case this week in the mainstream news cycle. With topics like “chip card scheme,” “fake fraud alerts” and “card shimming scam” in the headlines, it’s easy to see why banks are rushing to implement better, faster fraud detection solutions.

That was just a sliver of what made the headlines in the world of payment card fraud news this week. We’ve taken a deeper dive into the reports that surfaced, and have explored why these problems keep showing back up in the mainstream news cycle.

Synthetic fraud isn’t a new phenomenon, but with an increase of incidents across the fraud ecosystem — from credit card fraud to identity theft — this problem isn’t going away anytime soon.

In fact, it’s estimated that Synthetic ID fraud accounts for 85% of all identity fraud in the U.S., and continues to rise annually. A report from TransUnion reported that between 2016’s Q4 and 2017’s Q4, suspected synthetic fraud balances rose 5.2%. Collectively, this has become a $290 million problem.

It’s no surprise that debit card fraud is on the rise, but what’s noteworthy is the rate at which this figure is increasing.

New data from FICO indicates the number of debit cards compromised in 2017 increased 10 percent from 2016. This figure refers to debit cards used at U.S. ATMs and merchant card readers. Compromises of ATMs and merchant devices rose 8 percent in the same time period.

When a data breach occurs, the full impact of the incident usually takes a few months to realize the potential impact. This has certainly been the case for the Equifax breach that was first discovered last summer. This week, the credit reporting agency announced that another 2.4 millions Americans were discovered to have been impacted by last year’s breach.

This is the second time the company has announced more affected consumers, bringing the estimated total impacted to roughly 147.9 million Americans. This is the largest data breach of personal information to date.

Since the fallout of the Equifax breach, the chatter in the financial services industry has been all about identity fraud. The same sentiment was echoed in a recent study by Javelin.

According to that study, for the first year ever, data breaches compromised more Social Security Numbers than credit card numbers. SSNs accounted for 35 percent, while credit card numbers rang in at 30 percent in breaches. The reason for this shift was attributed to the Equifax breach.

As predicted, with fraudsters’ techniques getting smarter, they are adapting quickly to different types of fraud. The big concern in the financial world around identity theft is the ability to commit synthetic identity fraud.

The roller coaster price fluctuations of bitcoin has kept the cryptocurrency prevalent in the headlines for months. This week, bitcoin made it to the list of credit card fraud concerns, with — as you can probably guess — stolen identities being the root of the problem.

A LA Times article explored the chief concerns around cryptocurrency scams and why banks are getting increasingly skeptical about bitcoin transactions. To start, major banks have reportedly said they will decline transactions that involve customers using credit cards to buy bitcoin. The concern here is that borrows will avoid paying for those bitcoins, particularly if they buy high and bitcoin's price plunges. But the credit risk fears from financial institutions goes far beyond simple purchases of the cryptocurrency itself.

The holiday shopping season is underway, which means an uptick in consumer spending. What this also means is an increase in card fraud. Whenever shoppers are spending more, fraudsters are quick to follow — which includes taking part in the holiday shopping season themselves. 

Banks and credit unions are less likely to stop authorization on purchases in order to avoid creating extra friction at checkout, and fraudsters have caught onto this habit. More than ever, consumers need to be savvier and know what red flags to look for this holiday season as they partake in the holiday shopping season. Likewise, card issuers need to be equipped with the knowledge (and tools) necessary to combat holiday card fraud.