Professionals in the payments space are acutely aware that despite its many advantages, technology has accelerated fraud. Amy Walraven, founder and president of Turnkey Risk Solutions, has been combatting fraud in the financial services industry for more than 25 years, and previously worked in forensic analytics and risk management for large banks.
“Fraud has always existed, but it used to be much smaller and more specialized. Over the past decade, it has become more mainstream,” she said. “As it continues to evolve, I’m concerned with how advanced technology is being used to aid in committing fraud.”
Artificial intelligence (AI) is one example of a trend in the fraud ecosystem. According to Walraven, fraudsters can use AI to acquire biometric identification to create “deep fakes” by simulating voices. Similarly, enlarging photos that users upload to social media can allow fraudsters to acquire fingerprint patterns or scan a target’s eyes to trick biometric controls.
Technology also has opened additional lines of communication among fraudsters. “It has allowed less sophisticated fraudsters to enter the space, and we often see them recruited through channels like social media hashtags,” she said.
In addition to technology, Walraven said the regulatory environment influences the kinds of fraudulent activity being committed. “When businesses were required to upgrade their point-of-sale systems to accept EMV chip cards in 2015, it helped improve transaction security. Unfortunately, many of those scammers simply shifted from committing fraud during point-of-sale transactions to other fraud tactics,” she said.
First-party fraud, for example, is a term which Walraven originally helped to coin as a professional in risk management. It occurs when a customer is the one defrauding an institution, such as taking out a loan or credit line without intent to pay the funds back. This is part of a broader issue facing the industry, authorized party fraud, which can take many forms. The FraudClassifierSM model, released in June 2020, defines it as involving a payment initiated by an authorized party, which is an individual or entity with the right to initiate the payment. It includes instances like the example above, where an authorized party acts fraudulently. An authorized party can also be manipulated by a fraudster to initiate a payment or initiate a payment that is later modified by a fraudster.
Synthetic identity fraud is another example of authorized party fraud studied by Walraven and her team, and happens when fraudsters use of a combination of personally identifiable information (Off-site) to fabricate a person or entity to commit a dishonest act for personal or financial gain. It is considered the fastest-growing type of financial crime in the United States1.
Walraven has developed scoring models and clustering algorithms to better understand patterns in fraudulent activity and detect large-scale organized efforts. It is a good example of leveraging technology on the opposite end of the spectrum: to identify and combat fraud.
While fraud mitigation is something indoctrinated into financial institutions, Walraven said professionals across all industries can benefit from becoming more vigilant.
“You may not work in fraud, but you should have an understanding of how fraud can impact your job function,” she said. “It can help inform how different analysts do their jobs and make it easier to spot fraud in the case of social engineering, when fraudsters are attempting to obtain your employee information.”
According to Walraven, it is also imperative that businesses accurately define fraud to protect themselves against it. A common misconception, she said, is that many consider synthetic identity fraud to be identity theft. “Identity theft is when a perpetrator impersonates the victim, whereas synthetic identity fraud happens when a fictitious identity is created,” she explained.
This is one reason Walraven joined the Federal Reserve-led focus group of fraud experts that recently developed the industry-recommended definition of synthetic identity fraud previously noted. This work supplemented the FraudClassifier model to help organizations consistently define and classify fraud involving payments and understand how the fraud is occurring.
“Collaboration helps keep the industry informed on these issues and allows us to have a consistent and universal way to define threats in order to account for the scope and scale of each problem,” she said. “Once institutions have a better understanding of threats, they can better prepare for identifying and mitigating those risks.”
For organizations that want to stay ahead of fraud, Walraven has an important piece of advice. “One of the most important lessons I have learned is that it’s not enough to know who is committing the fraud – you should also understand exactly how they are committing it,” she said.
Amy Walraven has over 25 years of expertise identifying, assessing, targeting, and resolving fraud, credit, and risk issues. She has developed and successfully implemented comprehensive business practices, scoring models, and clustering algorithms to detect first party fraud schemes including credit bust outs, synthetic identities, and syndicated fraud activity throughout the customer lifecycle. In addition, she is a recognized subject-matter expert in the industry and advises several government agencies and industry groups on managing the evolving fraud threats that industries are facing.