Originally appeared in PYMNTS.com
In the annals of fraud — payments fraud and identity theft and all manner of bad doings — 2017 may be a year we’d all like to forget.
There was Equifax, of course, and the 145 million individuals compromised in that headline-making data breach. And there were no shortage of brazen attempts by fraudsters to latch on to data floating around, with an eye toward making off with goods and — perhaps of more consequence — identities.
We’ve spilled digital ink in this space before, detailing the rise of synthetic identity fraud. And, in a year-end conversation between PYMNTS’ Karen Webster and David Barnhardt, EVP of Product at full-service payment and ID verification solutions provider GIACT, the news may be grim headed into the new year.
Barnhardt said his firm has witnessed a noticeable uptick in inquiries and discussions about identity theft as 2018 looms. Looking year over year, he said, it seems like there is “double-digit growth in identity fraud.” And a few new wrinkles are emerging, he added, as companies inquiring about GIACT’s services are seeing disputes from end customers tied to charge-offs and collections.
The average loss on synthetic identity theft is $15,000.
As a result, GIACT is urging its clients to “revalidate before you send and help overturn the bad info that is on [the consumers’] record.” Chalk it up to synthetic identities, where, absent GIACT’s caution, merchants “were going to send a real legitimate person with an 800 FICO to collections … before you send them away to the gallows,” Barnhardt said, “re-run their identities. Make sure the information you were provided is consistent.”
Synthetic identities, tailored for fraud, have emerged against a backdrop where eCommerce has grown to hundreds of billions of dollars in annual sales. Roughly a year after card-not-present fraud began to spike, said the executive, “I think it is the evolution of the crime,” as fraudsters have learned, and are still learning, how to thwart current merchant defenses.
There are always two sides to the enrollment process, he said: “There’s what the customer gives you on the enrollment application … and there’s the truth.” And so, the retail industry must enhance their modeling to include trusted data from a third-party source. He likened synthetic identities to “a new strain of a virus where you have to come up with a new antidote.”
The average loss on synthetic identity theft is $15,000. Looking ahead into 2018, “I think we will see customer-reported fraud from an identity perspective go up,” Barnhardt predicted. The merchant must take pains to suss out the deadbeat from the fraudster. It is the latter who can hit a merchant time and again.
Thus, the EVP said, vigilance is a matter of “applying the appropriate level of detail about the transaction.” He cited as one line of defense GIACT’s EPIC Platform® (enrollment, payment, identity and compliance), which protects the customer and provides a good experience, safeguarding the company and the people with whom they’re doing business.
Among other features, EPIC Platform allows a customer to see a cell phone number and how long they have been associated with that account, to see who is signing up for the service. The prompt will make sure someone is who they say they are, and this will save tens of thousands of dollars.
Gift card fraud? During the holidays, especially, yes. There are many scenarios across which fraudsters can use gift cards to steal, he said. Some companies have very easy return policies, and the bad guys can arrive with merchandise in hand and say, “I do not have a receipt and do not want it,” Barnhardt said — and, without a receipt, they can get a gift card. Increasingly, though, savvy merchants should be asking for concrete forms of identification, such as drivers’ licenses, scanning both front and back, with an eye on proving that someone legitimate is behind the transaction (and the license).
“It goes back to making the crook feel uncomfortable,” said the executive, who noted that anyone who can’t give a retailer the most basic information cannot be served. Criminals drive around doing this all day. For merchants who see two presentments in a day, said Barnhardt, “that’s a red flag” that can be discovered with little impact to their existing technology stack. They can dial into “who is out there from a career criminal perspective,” how they are making money via theft and possibly stop crime in its tracks.