It’s time to make sure your controls are ready for a coordinated attack

After a decline in credit fraud during the pandemic, we are seeing fraudsters targeting consumer lending products once again in 2022. Fraud rings methodically look for vulnerabilities or gaps in controls and exploit them to monetize their operations. In our analysis, many industry standard tools are not catching current fraudulent behavior.

Existing tools can work well for baseline fraud where overall losses are relatively low (typically 1-2% of applications). Because of that, it’s possible to get lulled into thinking that adequate controls are in place for fraud. Exception volumes are low and are easily managed by the manual reviews by the Fraud Operations team. However when a targeted attack happens, these fraud spikes can lead to massive losses in a short period of time. The Operations team will be overwhelmed and unprepared to handle the volumes. 

Many of our partners have experienced coordinated attacks in the first half or 2022. Just one of these spikes can drain your yearly fraud loss budget.

This chart shows a typical pattern of fraud spikes that we are seeing this year. The smaller spikes leading up to the bigger spikes are indicative of the tests that fraud rings are running to expose vulnerabilities. If a weakness is found, it is exploited leading to a spike in fraud losses.

An Orthogonal Approach

At Guardinex, we are constantly evolving our fraud detection capabilities using a machine learning approach that is orthogonal to existing solutions. We use proprietary intelligence derived from behavioral data and dark web intelligence that enables us to identify risks associated with PII that are missed by competing fraud products. Our patented approach combines non-credit behavioral data with breached assets to predict various types of malicious intent including both Third Party and First Party Fraud. As you evaluate models, make sure they perform equally well on historical data for fraud attacks.

The chart above is a typical example of the results we are getting when running the Guardinex model on the baseline credit applications when there is not an organized attack. We typically see an AUC of 0.90 or higher for baseline third party fraud. In this example the baseline Fraud rate (% of Applications) is 2%. The theoretical max gain curve detects 100% of the fraud at 2% alert rate.

The chart above is an example of how Guardinex Models perform during a fraud attack. Our AUC improves to 0.95 or better. In this example the Fraud rate during the attack increases to 15% and the theoretical max detection would occur at 15% alert rate. Note the scale of the Cumulative Gain chart is different from the previous (baseline) chart 

As you consider investing in controls for the coming months, make sure you take into account fraud spikes from organized syndicates. In the face of an organized fraud attack when other tools see substantial degradation, our already strong tools get even better and are more resilient.

No one knows what strategy the next set of attacks will target so we recommend a broad portfolio of tools. As the fraudsters continue to evolve, make sure you are prepared to identify the next threat. The best time to prepare for them is before they happen. You can benefit by using tools that aggregate across the industry with a proven capability to detect these types of spikes.

If you would like to learn more about the trends we are seeing in 2022 and how Guardinex tools can help you lower your losses, please fill out the form below to set up time to meet with our team.