使用新的数字身份验证工具防止帐户被接管

The evolution of identity — from in-person to digitalinteractions — along with the exponential growth oftechnology has created enormous opportunities andefficiencies, while also attracting new kinds of unauthorizedfraud and identity theft, which are both vast in scope. Indeed,identity theft and fraudulent transactions increasingly engulf 75% of U.S. adults haveexperienced at least one 27%have said they’veexperienced it more A wide variety of businesses and institutions — from universities and hospitals to financial,banking, retail, and credit services — have sought and implemented a variety of toolsto combat digital identity fraud. Yet, this type of fraud can be so common that bothinstitutions and customers expect it to happen to them periodically. The question is: How Thomson Reuters® Risk & Fraud Solutionshas partnered withFeedzai, an innovative riskmanagement platform powered by big data and machine learning, to add to its customers’arsenal of tools in fighting digital fraud through risk monitoring. Feedzai’s comprehensivesuite of AI-based solutions help financial institutions, online retailers, and payment We begin this white paper by reviewing the history and methods of account takeovers.We then provide guidance for organizations on how to utilize fraud prevention tools bestto maximize their investment. Establishing stronger digital trust — the total environment Part 1: Account takeovers: Familiarand newer means of digital fraud Identity fraud predates the digital age. Document forgery and social engineering havebeen used for centuries to gain control of other people’s money and credentials. Morerecently, as consumer credit has become close to universal, many credit card holdershave experienced fraudulent charges on their cards. This is one familiar form of accounttakeover (ATO), although it is now detected more quickly than it once was and is typically In fact, account takeover fraud presents a different set of screening challenges than otherkinds of digital identity fraud, such as new fraudulent account attempts. UnauthorizedATO fraud uses legitimate credentials already established by the institution and the end-user, which are then leveraged by fraudsters. Typically, a perpetrator gains just enoughinformation about a target’s existing accounts — such as banking, email, or other digitalidentities — to begin editing profile data and essentially take over the operation of the Extensive and highly damaging identity theft can also progress through a series of steps toa full takeover of a targeted individual’s other credentials, giving fraudsters access to thetarget’s money, credit, loyalty cards, vital documents, institutional and healthcare access,and reputation. It’s no wonder, then, that respondents to the USN&WR survey were more Once an individual’s identity is compromised, there is nothing easy about getting it back.USN&WR survey respondents who had been the victims of account takeover reported thatit took them weeks or months to regain control of their accounts. Yet less than half said The scope of the problem Identity fraud overall remains a widespread problem despite both private and public sectorattempts to stop it. While not all cases are reported to the federal agencies, such as theFederal Trade Commission (FTC), the agency’s data drawn from those crimes that arereported paints a daunting picture. In 2023, the agency received close to 2.6 million In fact, 2023 was the first year in which fraud accounted for$10 billion in losses in theU.S., according to the FTC, and on the global level, fraud losses in 2023 areprojectedto be more than $485 billion. Unfortunately, most cases of fraud go unreported, Not surprisingly, governments have been responding to this vast threat with increasingregulation, even in some cases shifting the liability of the fraud from the customer tothe financial institution. At the same time, the speed and volume of modern financial A changing environment for the ATO problem Social engineering and phishing scams get a great deal of attention and have increased inrecent years as they’ve become more sophisticated. This means that now, personal datathat’s stolen and used to facilitate identity fraud stems increasingly from organization-level Cyberhackers target the collected data of retailers, service providers, agencies, andemployers. In fact, 2023 wasa record year for organizational data breaches— more than3,200 incidents were reported that affected more than 300 million identities, according toa January report from the Identity Theft Resource Center. Healthcare and financial servicesorganizations were the two top sources of stolen data — not surprisingly, since these Once this sensitive information is obtained, fraud actors can proceed to ATO either bymanual input at a target’s login portal or by credential stuffing — a process in which User IDand Password pairs are rapidly tried against many login portals until access is gained. Even When institutions are