Report: Learning to Defend Digital Identities and Security
By Roy Urrico
Finopotamus aims to highlight white papers, surveys, analyses and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
A new report, Protecting What Matters Most: Key Learnings & Tips to Protect Your Digital Safety & Security, from Boston-based intelligent identity security company Sontiq, with input from the Identity Theft Resource Center (ITRC), suggests all stakeholders have a role in reducing the effectiveness of threat actors who leverage identities to commit fraud.
“Protecting yourself, your friends, family, and your workplace from identity crimes and compromises has become increasingly difficult,” said Eva Velasquez, president/CEO at the ITRC in the report’s introduction. “Fraudsters continue to exploit the health crisis, creating a ‘scamdemic.’ Identity thieves defraud our government systems to the tune of billions of dollars using the compromised identity credentials of unknowing victims. And, after several years of a downward trend, data breaches are on track to eclipse the astronomical numbers we witnessed in 2017.”
The Future of Identity Risk
Finopotamus took a deeper dive into a section of the report that predicts fraud trends for 2022, based on observations by recognized identity security researcher Al Pascual, senior vice president, data breach solutions at Sontiq.
Pascual explained several of the tendencies not only directly affect consumers, but could ultimately impact credit unions and other financial institutions:
New Account Fraud Will Explode. Cybercriminals open new accounts using stolen identities to obtain loans, move illicit funds, and more. New fraudsters who have honed their skills on government benefits fraud (e.g., state unemployment and the Paycheck Protection Program) are in a good position to transfer their skills to other targets, like financial institutions, credit card issuers, and lenders.
Pascual explained it does not take a lot of imagination to recognize the tremendous amount of benefits fraud committed over the last year. “For a lot of credit unions, there was not as much concern about it necessarily because it was not their loss, it was the government's loss. But like every other new fraud scheme, as it perpetuates and becomes more common, the criminals who are good at it begin to train other criminals.” As a result, Pascual emphasized “a lot of fraudsters who were focused on other areas got involved in benefits fraud just because the money was flowing so freely.”
From a trend standpoint, Pascual noted benefits fraud looks a lot like account opening fraud at a credit union or bank. He explained in the last year a lot of fraudsters became trained on the same kind of methodology needed to be successful when opening new (banking) accounts. He added, “That's going to roll downhill and end up on credit unions’ collective doorsteps. If you are not already struggling with new account fraud, you will be; and if you are already struggling, it's going to get worse.”
Mule colts. Niche bank accounts for kids will become increasingly common, making them targets for fraudsters looking for unwitting partners. Fraudsters then solicit newbie bank account holders to help move stolen funds under false pretenses — turning them into money mules — for a small piece of the action. Children then take the heat for illicit transfers.
Pascual observed, “Increasingly we're doing things digitally and you want to keep teaching kids to be smart with money and give them the means to use it.” Young people do not even receive their allowances in cash anymore because most of the things they buy are not at a physical store. “You want to equip them with their own bank accounts.”
While there is a tendency to think of identity theft as an “adult” problem, in reality stolen identities can affect anyone. More than 1 million children in the U.S. were ID theft victims in 2017, resulting in losses of $2.67 billion, according to the 2018 Child Identity Fraud Study by Javelin Strategy & Research. Javelin found that two-thirds of the victims were under the age of 8. But it is not just young children, but teenagers and young adults as well solicited by third parties. Fraudsters find their targets on gaming platforms and, in college, in card cracking schemes, which involve online solicitation through social media where victims allow access to a savings or checking account in exchange for some “quick” money on the back end.
“You have a whole new set of account holders that are just an untapped resource from a fraudster's perspective. So, it is really an inevitability,” Pascual said.
Fraudsters gaining employment through impersonation scams. Another trend flying under the radar is where criminals pose as legitimate job applicants, especially as employers retain remote roles. Criminals can glean information from professional networking and recruiting sites, like LinkedIn, or even take them over to assume an identity. And armed with a convincing résumé — plus all the compromised data they need to pass a background check — these applicants could become newly hired “employees,” who steal company secrets, compromise financial accounts, and possibly deliver ransomware.
Warned Pascual, “There is some real risk for all organizations, including credit unions, in remote hiring. Just imagine a new remote hire, first day gets his or her laptop. And then the first thing they do is plug in a USB stick or download malicious software on purpose. That introduces a whole new kind of risk to the credit union.” The Sontiq SVP pointed out some credit unions are much more acutely oriented to dealing with fraud and scam risk than others.
Steps To Mitigate Future Fraud
Over the last five years, privacy and security have often been trade-offs for speed and convenience. The new normal for the next five years will be more convenient, more remote, and more digital, with more PII (personally identifiable information) available online across every demographic, Sontiq indicated in the report. “The uptick in cyber threats has been a global wake-up call to consumers, businesses, and governments. And lawmakers and regulators are getting involved.”
The identity security company also shed more light on the vulnerabilities of individuals and businesses. “The lack of large IT teams and comprehensive IT security programs make SMBs (small and midsize businesses) an attractive target for cyber thieves.”
Sontiq recommends using ID fraud mitigation tactics such as monitoring for possible exposures in breaches, as well as unauthorized ID use in new bank accounts or credit products; raising the fraud/scam radar for unsolicited offers for things like large travel or electronics purchases; and educating children about scams involving banking accounts.
For financial institutions, Sontiq offers the Sontiq Intelligent Identity Security Toolkit for understanding and protecting against scams, fraud, and data breaches geared toward protecting digital safety and security; and educational resources such as a rundown of the total impact of ID fraud, effective dialogue on digital risks, and ways for individuals and businesses to protect themselves from cyber fraud.