Fraud is big business nowadays, and 2019 has been no exception. According to IDology’s Seventh Annual Fraud Report, overall levels of fraud remain similar to previous years, with online fraud reported to the FBI’s Internet Crime Complaint Center alone totaling over US $2.7 billion last year. However, there are some interesting year-over-year trends in this year’s report, which surveyed over 200 respondents across 164 companies. Here are some of the more important ones:

• While companies report similar fraud levels versus last year, including fewer companies reporting fraud increases, 58% of firms report higher online fraud losses. Moreover, the average transactional value of fraud is increasingly shifting from high-ticket items to the under-$500 range, as fraudsters try harder to stay under the radar.
• One particularly growing area of fraud nowadays is synthetic identify fraud, where criminals combine real information such as stolen Social Security numbers with false identities to open new accounts and make fraudulent charges.
• The biggest challenge companies see in fraud deterrence – by a large margin of 64% – is balancing fraud prevention against customer friction.
• 80% of companies feel that address verification is either “extremely” or “very” important to the identity verification process. However, survey respondents had a decidedly mixed view of whether their companies took a strategic, comprehensive approach to identity verification and fraud prevention, with an average ranking just below the midpoint between strongly agreeing and disagreeing.

Looking to the future, trends respondents see ahead include verification via mobile device attributes, artificial intelligence and machine learning, address verification and geolocation, and increased compliance and regulatory requirements. In particular, more than half of firms surveyed feel that the impact of the California Consumer Privacy Act (CCPA) going into effect in 2020 may or will be more burdensome compared with the managing Europe’s current GDPR data privacy regulations.

The importance of identity verification

Perhaps you might have noticed a common denominator across most of these trends: many of them revolve around the need verify the identity of leads and customers.

There has always been a trade-off between identity verification versus providing a frictionless customer experience. Moreover, particularly in the case of synthetic identity fraud, this isn’t only an issue for new customers – fraudsters are increasingly investing time in building trust with fake accounts before closing in for the kill. This means that identity verification is becoming even more important nowadays, beyond traditional suspicious transaction behaviors such as high-ticket purchases and foreign destinations.

This is particularly an issue for market segments such as the financial industry, where “know your customer” (KYC) rules require positive verification for transactions such as opening new accounts. But increasingly, customer verification – particularly frictionless approaches such as automated address validation – are becoming part of the landscape for a much broader range of retailers nowadays. And of course, even where fraud is not an issue, accurate contact information is critical to ensuring that your marketing, delivery and customer service operations function smoothly.

Making sure your contacts are real

One important way to prevent fraudulent activity is to verify new contact data, using tools such as Service Objects’ DOTS Address Validation. This service, which can integrate directly within your CRM or marketing automation platform via an API interface, uses the latest USPS and proprietary data to verify, correct and append addresses. It provides real-time verification of accurate, genuine contact data at the point of entry, and versions for Canadian and international addresses are also available.

For more information about automated solutions to prevent fraud, including validation of leads, orders, email addresses, IP addresses and BIN numbers, visit the solutions page for fraud prevention on our website. Or for a free personalized consultation, contact our technical team anytime – and start taking steps towards becoming fraud-free in 2020 and beyond.

The bomb threat hoax from Thursday, December 13, 2018 was easily detectable as fraud.

There were several smoking guns that could have quickly identified the bomb threats as bogus. The leading indicator of fraud was the IP block from which the emails were sent. Emails associated with this bomb threat hoax were sent from the 194.58.x.x address range. This address range is well known in Internet security circles as malicious. IP reputation databases show this range was identified as fraudulent as early as March of 2015. Internet traffic originating from this range was commonly known to place fraudulent orders on e-commerce sites. This IP range was also seen often in fake reviews, instances of click fraud, and hacking attempts.

Further investigation of the 194.58.x.x address block shows with near perfect certainty the range was a manually banned, well-known public proxy. Said another way, this IP range was known to be among the worst of the worst, and clearly its originating messages should have been ignored.

Internet security professionals need to use IP reputation services to determine if an IP address is a proxy or VPN. Lookup tables with this information have existed for years. IP reputation services use machine learning and probability theory to infer a trust score on IP addresses. IP addresses with poor trust scores are behaving badly in an automated manner. Online merchants and video streaming services already utilize advanced mathematical and modern data science to identify malicious Internet addresses, and e-mail providers should too.

In the Internet of Things (IoT), with 11 billion smart devices connected, we can’t allow hospitals, schools, and emergency services to be distracted because of a dozen rogue devices like this. In life reputation matters, but on Thursday we let a few well-known bogus devices in Russia cause panic and fear.

We can do better — the data already exists.