Tightening the identity fraud noose on hackers: one watchdog’s views

Pandemic-linkedIdentity fraud is now a common pain point for businesses regionally. How can we keep the cybercrooks in check?

Amidst the months of the COVID-19 pandemic, experts have seen an uptick in data breaches, phishing and malware attacks designed to steal consumers’ personal data.

Industry giant Microsoft has noted several themed-attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat. Stolen identities are then sold on the dark web and used to create fake accounts. With most fraud-detection professionals working off-site and having zero or limited access to their on-site systems, some organizations have been unable to thoroughly identify and manage fraud cases.

With more businesses being encouraged to ramp up their digitalization efforts, especially with the rise in e-payments, the world at large is bracing for a significant spike in identity fraud in the months ahead. Based on recent insights gathered in recent months, identity fraud had emerged as a common pain point for more than 30 banks, as well as financial services and e-commerce companies in Australia and Southeast Asia.

DigiconAsia set out to find answers and solutions to help readers address some of these pain points, and came across an expert who could shed some valuable insights. Mohan Jayaraman, Regional MD, Decision Analytics and Business Information Services at global information services firm Experian, definitely has some important information to share in our Q&A.

DigiconAsia: Long before the pandemic, email spam had already been the bane of the internet that has defied eradication by the biggest players in the industry. Since much of identity fraud is linked to spam, what are the best practices for enterprises to stay safe?

Mohan Jayaraman (MJ): There are two ways to look at the ongoing phishing threats stemming from spam emails—one of the most popular methods used to steal customer credentials for subsequent identity fraud attempts. On the one hand, users need to keep in mind the importance of constant vigilance and digital hygiene practices, such as making sure they use complex passwords that are frequently updated. On the other hand, businesses should make it impossible for stolen data to be exploited for financial gains. While this is an ideal situation, our observations indicate that there is still some way to go for businesses and consumers.

The challenge that businesses are facing is that traditional verification methods, such as passwords or one-time pins, are rigid and brittle. Adding more steps to the verification process, on the other hand, does not help with the customer experience.

At Experian, we partner with banks and financial institutions, telcos, utilities companies, healthcare organizations and retailers to help them recognize and verify every single customer during each interaction. We have observed that the smartest businesses protect themselves against fraud by employing advanced authentication solutions underpinned by a layered, multifactored approach using device digital footprints.

When combined with AI and machine learning, this ensures better fraud detection for businesses whilst helping companies to provide an enjoyable customer experience. More customers are aware of how their data is being used, as shown in our 2020 Global Identity and Fraud Report, where 87% of APAC consumers cited the protection of their data from theft or misuse against identity theft or fraud as a very important part of the customer experience.

DigiconAsia: There is a dark side to identity-verification, so where does Experian draw the line if confronted with the possibility of a highly lucrative sales but to dubious organizations or agendas?

MJ: Experian’s clients include banks and financial institutions, telcos, utilities companies, healthcare organizations and retailers. As a brand, we consider ourselves a steward of the information we collect, maintain and utilize. Our responsibility is to ensure the security of the information in our care and to maintain the privacy of consumers through appropriate and responsible use.

We provide services based on information about millions of individuals and businesses, and the use of this information is guided by our Global Information Values, which form the foundation for our belief that information use must benefit both businesses and individuals while meeting consumers’ privacy expectations.

We recognize that fraud is an ever-evolving threat and there is no silver bullet for fraud detection and prevention. Leveraging our position as a leading information services company, we continue to look at new ways to bring together the capabilities from many parts of our business to help verify and keep crucial data safe for both businesses and consumers.

DigiconAsia: What sets Experian’s efforts for tackling pandemic-related challenges (such as staying ahead of fraudsters and identity theft prevention) apart from all other similar solutions in the business?

MJ: With credit bureaus in 19 countries globally, we are able to gain insights from around one billion consumers and millions of businesses. We can understand changing consumer behavior, the state of consumers’ financial health, and imminent digital threats. We are well placed to help financial institutions respond to consumers’ immediate needs and build capabilities to adapt to challenging times ahead.

The breadth and depth of Experian’s core offerings across Information Services and Decisioning and Analytics (D&A) play a key role in enabling financial institutions adapt to the evolving situation. Through strategic partnerships with banks across Asia Pacific, we offer cutting-edge tools and capabilities to enable banks to cope with a surge in customer demand, monitor and predict changes, and calibrate credit risk.

Experian’s ongoing commitment to protecting the financial health of individuals in this region has also paved the way for rapid relief efforts aimed at the consumers. Leveraging various strategic partnerships with key stakeholders in the government, financial, and telecommunications sectors, we have quickly rolled out a wide range of complimentary resources for consumers to monitor and protect their financial wellbeing.

DigiconAsia: How do businesses toe the line while monetizing data, especially when personally identifiable data is actually worth more? What is Experian’s ethical stance when pursuing “innovation for good”?

MJ: It is all about striking a balance between protecting customer privacy and using data to create innovative products and services. Data has been termed as the “new oil” and can be used the right way, to pave the way for innovation—for example, regression models in machine learning enable us to process large amounts of data from the past to further predict the future. We set strict standards on the data that we use, ensuring that put them through appropriate tests to ensure personally-identifiable information on consumers is protected while retaining abstracted variables that could still give our models the right predictive edge.

With stricter data privacy and compliance laws in recent years, it is not so much about “toeing” the line, but about ensuring full compliance with data regulations. There are serious legal and ethical ramifications of monetizing personally-identifiable data without respecting data regulations, not to mention reputational risks at stake.

As part of our innovation efforts we are also partnering with leading institutions to help find solutions around some of the ethical questions related to the use of ML & AI. We are working to further areas like fairness and explainability in AI algorithms.

As mentioned above, we consider ourselves a steward of the information we collect, maintain and utilize. With data at the core of our business, there is a due sense of responsibility and this involves ensuring security of the information in our care and maintaining the privacy of consumers through appropriate and responsible use.

DigiconAsia thanks Mohan for his insights on how identity fraud is being addressed at ideological, research, operational and policy levels in conjunction with governments and major stakeholders.