When Fraud Occurs During Authentication
Remote authentication fraud occurs when a person who is not the legitimate owner of an identity or financial account either fraudulently creates a new account or takes over an existing digital account for the sole purpose of committing an illegal activity using stolen payment credentials or unauthorized payment information.
Authentication of the customer and payment method should take place at each step in the remote payment process – account creation, enrollment and transaction – to identify, prevent and mitigate fraud attacks. Authentication fraud can occur when fraudsters take advantage of legitimate owners who conduct a digital financial activity, such as through a mobile phone app, mobile browser or PC internet browser, to:
- Open a bank account or credit card through mobile or online banking
- Enroll a bank account or credit card with a third-party payment provider/digital wallet
- Pay for a purchase
- Transfer funds
In all cases, the fraudulent customer is not present physically at the financial institution or merchant point of sale.
Remote Authentication Fraud Mitigation
The Federal Reserve is working in collaboration with payments professionals to research key remote authentication fraud challenges and mitigation efforts. These efforts provide opportunities to build awareness and educate industry stakeholders who are dealing with increasing payments fraud, particularly fraud during identity authentication.
The Fed is publishing three research briefs on the remote authentication landscape in the United States, based on a combination of publicly available industry research and interviews with payments and fraud experts. The research briefs describe risks and challenges, opportunities and mitigation tools to build awareness and further educate the industry about reducing this type of fraud.
The first of the research briefs outlines the types of authentication fraud and authentication methods used to prevent fraud. The second brief describes how stakeholders apply authentication in several remote payment use cases during the enrollment and the transaction process. The third brief in the series discusses approaches and tools used in the payments industry to mitigate remote authentication fraud, and includes recommendations on next steps to build awareness and engage industry stakeholders.
Select and view the research briefs below to learn more.
Brief #1: Remote Authentication Landscape and Authentication Methods
Brief #2: Fraud Types and Authentication for Remote Payment Use Cases
To stay up to date on the Federal Reserve’s fraud initiatives, submit or update your FedPayments Improvement Community profile and select “Payment Identity Management” and “Fraud Detection and Information Sharing” as a topic of interest.