Identity fraud is a growing problem in the United States. Losses due to identity fraud were up 79% year over year in 2021 to a total of $52 billion, while the number of victims rose 50% to 42 million adults. Identity fraudsters leverage a wide variety of techniques, ranging from identity theft to the creation of synthetic identities compiled from various scraps of actual identity data.
With fraudsters constantly innovating ways to circumvent popular security measures such as multifactor authentication (MFA), biometrics and other forms of verification, cybersecurity providers are scrambling to catch up. Relying on this post-submit data can potentially let fraudsters through to steal funds or valuable information, damaging companies’ reputations in the process. Pre-submit data — such as how users swipe, type and behave during data entry — is also a valuable tool for stopping bad actors. This month, PYMNTS Intelligence explores how companies can use pre- and post-submit data in tandem to halt identity fraud and other forms of cybercrime.
Post-Submit Data for Fraud Prevention
Post-submit data primarily consists of personally identifiable information (PII) that verifies the user’s identity, such as biometrics, passwords, PINs or other data points. These methods have variable efficacy, with passwords being a particularly weak security method. Upwards of 65% of consumers recycle passwords among several accounts, so a data breach at any account could potentially compromise them all. Biometrics and MFA are less vulnerable to compromise, but fraudsters have been known to intercept verification codes or use printed pictures to fool facial recognition scans.
Post-submit data is also prone to be exposed via data breaches. A recent study found that 83% of data leaked in data breaches within the financial industry was personal data, for example, including login credentials, Social Security numbers and email addresses, all of which can be exploited by bad actors.
Relying on post-submit data is also decidedly inconvenient for customers. An estimated 65% of consumers abandon websites when asked to create a username and password, and 92% of users said they would rather leave a website entirely than try to recover or reset forgotten login credentials.
Post-submit data on its own thus poses significant risks of security incidents and customer abandonment. Only when combined with pre-submit data through behavioral analytics can post-submit data adequately protect customers against fraud with minimal friction.
Leveraging Behavioral Analytics to Harness Pre-Submit Data
A more effective way to authenticate customers is to look at how they enter their data, rather than the data itself. These “swipes and types” are known as pre-submit data and can contain valuable tells as to whether a user is legitimate.
Genuine customers typically enter their names quickly and without error, for example, while fraudsters might introduce misspellings while typing unfamiliar names or might copy and paste them from other forms — both warning signs of fraud. More than 65% of users enter post-submit data abnormally, meaning that an unusually smooth entry pattern could also be a sign of fraud. Analyzing pre-submit data in this way can reduce fraud rates by 35%, studies have found.
However, pre-submit data only reaches its maximum efficacy when combined with post-submit data. A clever fraudster could dupe each type of data independently, but making it past both methods would require much greater effort. Deploying both pre-submit and post-submit authentication checks is a classic example of MFA, which can result in a 71% reduction in total fraud volume and a 12% decrease in lost revenue. The mere presence of a multilayered security stack can be enough to convince bad actors that an organization is not worth their time and prompt them to move on to softer targets.
Fraudsters are constantly innovating ways to circumvent common security solutions, with passwords, biometrics and SMS codes all demonstrating security vulnerabilities in recent years. Combining this post-submit data with the pre-submit patterns of entry could be the key to staying ahead of bad actors and keeping both organizations and customers safe from fraud.