The Facets of Fraud
Recognizing Fraud
The various guises of fraud lead many organizations
to believe they are not victims of deception or to
vastly underestimate the extent of the issue.
Whether a fraudster takes out one large line of credit under a false name or maintains several
small, legitimate accounts to build enough trust to apply for a high-limit credit card, the common
denominator is intent.
Where Does It Begin?
The story of fraud starts with an identity. A distinction can then be made between fraudsters who:
Use their own identity (first party fraud). Create a fictitious identity (first party fraud). Use another person’s identity (third party fraud). In the case of first party fraud, the perpetrators open accounts using false information or they misrepresent their real identity by lying on credit application forms. A common example of first party fraud is a bust-out, where multiple accounts are opened and charges are put against them with the intention of abandoning the account, or “busting out”. Third party fraud may also be referred to as true name fraud, where a real identity is being leveraged by the perpetrator. Third party fraud often starts with identity theft where someone impersonates another individual by using information such as their name, social insurance number (SIN) or credit card number, without their permission. While individual consumers have become increasingly aware of the threat of identity theft, businesses also need to be vigilant in their identity verification measures to protect themselves and their customers against fraud, whether first party or third party.
Points of Attack
Once an identity has been chosen, fraudsters have an array of methods they can use to manipulate your business. Fraudsters will be looking for the easiest and most profitable point of attack within your institution. The points of attack and the fraud methods used against a financial institution will vary based on the products and services the institution offers. For example, credit card fraud will represent very different challenges than cheque fraud. This is further complicated by electronic versus non-electronic transaction services. Different considerations need to be taken into account when protecting an eTransfer versus a line of credit, for example.
The Fraud Players
Fraud is a difficult behaviour to define and even more difficult to predict. The perpetrators are constantly changing their methods, making patterns hard to establish. Although methods may vary, three common fraud personas are:
The Quick Striker: The most inclined to “hit and run” whereby they are looking to quickly maximize their financial gain, then disappear and move onto the next institution or scheme.
The Opportunist: Actively probing to look for an easy entry point, or in the case of third party fraud, looking to capitalize on a lack of awareness or defense on individual consumers.
The Sleeper: Patiently build loyalty with institutions by maintaining several legitimate accounts before opening the “moneymaker”.
Outside of isolated crimes of opportunity, organizations should be equally (if not more) wary of organized fraud rings that incorporate different fraud players into a long term strategy that makes a steady, substantial income out of fraud. When these rings are nation-wide, they are incredibly destructive and difficult to pinpoint. Once they begin to branch out internationally to fund foreign crime, not only is the reputation of the victim organization at stake, but finding and prosecuting the criminals becomes a longer, more daunting process.
Layered Approach to
Fraud Management
Client data validation Device verification Analytics for profiling & behavioural modelling
DETECTION ANALYSIS &
RECOMMENDATIONS
Root cause analysis Trend analysis / peer comparison Action plan for identified points of compromise
Identity verification & authentication Know your customer (KYC) policy Staff training programs PREVENTION CONTAINMENT & RECOVERY
Action to stop losses & contact customers Recovery activities Data breach response services INVESTIGATION Comprehensive case management Validation of suspicious transactions Identify points of compromise
Equifax Layered Approach
In the fight against fraud, there is no “cookie cutter”, one-size-fits all approach. Just as you might use several tools to repair a leaking faucet, several solutions may need to work together for specific fraud detection and mitigation situations.
Equifax recommends a layered approach to implementing a fraud prevention program in your organization which addresses the following areas:
Prevention Detection Investigation
Containment & Recovery Analysis & Recommendations
With the right mix of processes, policies, analytics, and technology, you not only minimize losses, but you also improve compliance and staff productivity.
Fraud Risk Assessment
Implementing the right program starts with performing a fraud risk assessment of your organization.
Identify possible fraud risk: gather information to assess the possible fraud risks that could apply to the organization.
Assess significant, inherent fraud risk and its likelihood: fraud risk based on historical information, known fraud schemes, and interviews with staff, including business process owners. Respond to likely/significant inherent and
residual risks: the response should address the identified risks and perform a cost-benefit analysis of fraud risks over which the organization wants to implement controls or specific detection procedures. Fraud risk exposure should be assessed regularly by the organization to identify specific potential schemes and events that the business needs to mitigate.
Assessments should be performed on a systematic and recurring basis, involve appropriate personnel,
consider relevant fraud schemes and scenarios, and mapping those fraud schemes and
Identity and
Fraud Solutions
Identity Management Solutions
eIDcompare
eIDcompare is a real time, identity proofing solution. eIDcompare helps to determine whether an identity is valid and if the individual claiming the identity is who they say they are. eIDcompare cross checks applicant data against Equifax data sources to validate the identity and to determine whether that identity has been reported as misused or associated with potential fraudulent activity. eIDverifier
This knowledge-based authentication process uses ‘shared secret’ information that should only be known by the customer and Equifax, to present a variety of multiple choice questions. Only the identity owner should be able to correctly answer a sufficient number of the security questions to be deemed legitimate.
Business Confirm
Business Confirm is a business identification service used to validate the existence of a corporation and its status, the entity type, registration/incorporation date and to identify the company directors.
Deceased ID
Equifax’s Deceased ID solution is a database of deceased Canadians that can be used as a diagnostic tool to expedite the validation or cleansing of your client database to verify continued existence.
Fraud Prevention Solutions
QuickMatch
QuickMatch is a unique tool that verifies key identification data against the data contained in Equifax’s consumer credit database to determine if a credit card is being presented by its rightful owner.
Safescan
Safescan is an interactive warning system that detects potential fraud by spotting irregularities, as well as confirmed misuse in names, addresses, SINs, and telephone numbers.
If irregular or misused information is detected, Safescan generates a warning advising you to take a closer look at the information on the application.
Citadel
Citadel™ is a web-based, Equifax-hosted enterprise fraud management solution that helps to identify high-risk or potentially fraudulent activities before they negatively impact your business.
The solution matches input data to Equifax’s consortium fraud and historical client data to help detect fraud patterns based on user-controlled business rules. A suite of linkage analysis tools help to uncover indirect connections between seemingly unrelated data, which may constitute an organized fraud ring.
Professional Services & Analytics
Data Breach Response Services
Our professional services are employed once an organization experiences a data breach; the service provides notification to affected customers, call centre services, credit monitoring and / or credit file alerts. Custom Analytics
Due to our deep expertise in predictive modeling and comprehensive fraud data sources, Equifax is able to offer custom analytical services to address your specific business challenges.
Fraud Consulting Services
Our in-house fraud consultants have a unique customer centric approach to understanding strategies, pain points and business objectives. They have deep industry knowledge with the support of dedicated customer relationship teams and subject matter experts that come together with our customers to consult, develop and deploy successful fraud solutions.
BROA
D-BASED & UNIQUE DATA ASSE
TS CONS UM ER C RED IT • C
OMMERCIAL • FRAUD • MORTGAGE • TELC O • 3 RD PA RTY
TE
CH
NO
LO
GY
SO
LUT
IONS
THAT INTEGRATE
DAT
A &
IN
SIG
HT
S
VA
LU
E-
AD
DED
ANALYTICAL I
NS
IGH
TS
CU STO M & GE NER IC S CORES • SCO RECARD MODELING • SCORE VALIDATIONS • CUSTOM ANALY TICS • CONS ULTIN G SE RVICE S AS P S OLUT IO NS • R ULES BA SED EN GINES • D ECISIO
NING PLATFORMS • WORKFLOW MANAGEM
ENT • ENTE RPRIS E FR AUD MAN AGEM NET
CLIENT
NEEDS
Certain conditions apply to all offers. Equifax and EFX are registered trademarks of Equifax Canada Co. Inform Enrich Empower is a trademark of Equifax Inc., used here under license. ©2014 Equifax Canada Co. All rights reserved
Call 1-855-233-9226 to speak to an Equifax Advisor or visit us at www.equifax.ca/reducefraud