The surge in data breaches has left millions of consumer records and personally identifiable information compromised, giving fraudsters all they need to open fraudulent accounts aimed at scamming banking institutions out of big dollars.
Greg Shelton, director of first-party collections within the financial services division of LexisNexis Risk Solutions, calls this emerging first-party fraud scam "sleeper fraud," and it's becoming a critical problem, he explains during this interview with Information Security Media Group.
That's because it is a silent killer, hence the scam's name. A criminal uses a consumer's PII to open a new account with the intent of using the credit limit allowed on that account and then defaulting on the payment or loan. Neither the consumer nor the bank knows that information has been used to open a fraudulent account, Shelton explains.
To the bank, the account appears legitimate, even though the consumer knows nothing about the account.
"Most sleeper fraud is committed on accounts of good standing, accounts that have been open for a year or two," Shelton says. "Then, all of a sudden, it is used in the commission of a fraud."
And it's quickly becoming a global problem.
"There have been approximately 4,500 major data breaches in the last five years, and that has essentially affected almost 845 million consumer records, so all of us have the potential of being victims of sleeper fraud," he says.
In the U.S. alone, first-party fraud, of which sleeper fraud is a part, is expected to cost banks and credit unions $28 billion in 2016, Shelton says. It's a guesstimate, since most banking institutions today are not detecting sleeper fraud nor sufficiently recording its fraud losses.
"Most banks have an issue with identifying this type of fraud," he says. "Sleeper fraud has been around for five years or so, but it has evolved because of the reasons I just mentioned - a function of compromised PII."
The challenge for banks is correlating changes on an account with the likelihood that fraudulent activity is involved, Shelton says. This is where data analytics plays a role, he says.
To understand and mitigate losses linked to sleeper fraud, banks first need to leverage analytics, to help them set a baseline, and they need to remove suspicious accounts from the collection workflow so that they can be properly analyzed, Shelton explains.
"Probably the most important part is in using analytics so they get to know what the unknowns are," Shelton says. "Sleeper fraud is, by definition, unknown to the bank. Analytics and data providers can give a stronger sense of what is known about that account; they can look at it through a different lens."
During this interview (link below photo above), Shelton also discusses:>/p>
- The role customer education plays in sleeper fraud mitigation;
- Why first-party fraud is getting more attention from data aggregators and cyberthreat researchers; and
- Why banks still struggle and will continue to struggle to adequately define and identify sleeper fraud.
Shelton has more than 35 years of experience within the credit and collections industry. He is considered an industry pioneer and a seasoned leader, spearheading more than 30 acquisitions in the receivables management sector. At LexisNexis Risk Solutions, Shelton is responsible for strategy and product development that helps financial institutions detect, assess and prevent risks, like fraud. A frequent business speaker at industry conferences and contributor to notable printed media sources, Shelton was named Who's Who in Finance in 2000 and is a Certified Pragmatic Marketer.