Fraud detection: whose responsibility is it anyway?

A friend of mine recently became a victim of identity theft. The first he knew about it was when he received a letter from an online clothing company, stating that his application for credit had been turned down. From that point on, he was besieged by emails and printed mail from various companies confirming the refusal of his applications for credit. So far, this was worrying but just about manageable – apart from the negative impact on his credit rating, of course, which he has been warned will nosedive.  But he was most concerned by what happened next: a ‘Welcome to your new account’ letter from the one company that gladly accepted the fraudster’s false ID - a well-known mobile phone network provider which, quite frankly, should have known better.  The fraudster was able to - with the help of some basic personal information he had gleaned online and a couple of hastily forged utility bills – open a mobile phone account in my friend’s name, quickly and easily.   

90% of adults in the UK own a mobile phone, according to research from global technology company Pitney Bowes.  There are 91.5 million UK mobile subscriptions.  So prolific is UK mobile usage that the number of mobile phone numbers allocated in the UK has almost run out according to a report, predominately a result of our huge appetite for data. The larger our digital footprints and the more data we share via our physical devices, the more we are arming fraudsters with personal information to use illegally. And the more activity we carry out on our mobile devices – online shopping, mobile payments, online banking – the greater the financial impact on the victim of fraud.  

Major increase in financial crime 

We are seeing an exponential growth in financial crime. In the first half of 2016, a financial scam was carried out every 15 seconds – a 53% increase for the same time period the previous year. According to Financial Fraud Action, over a million cases of card, cheque phone or online fraud were recorded in the six months from January 2016 – and that’s just the reported cases. Still more cases go unreported.    

Fraud is endemic.  But whose responsibility is it to prevent fraud – the consumer’s, or the organisation’s? My friend’s experience demonstrates that not all businesses are as on top of fraud prevention as we would like to think. PwC’s research  reveals that one in five businesses have not carried out a single fraud assessment in the last two years, and one in ten economic crimes are uncovered by chance.   

As consumers, we trust our banks, our retailers and our service providers implicitly. Whilst we can and should take steps to secure and protect our information ourselves, these organisations have a responsibility and an obligation to us as consumers. We expect them to have robust data protection processes and systems in place to protect us from fraud: few of us ask about these measures when we make a purchase or sign a new mobile contract. We expect them to know their customers, and to make relevant, detailed checks.  But is our trust misplaced, when we are let down by businesses for whom it should be second nature to safeguard our details? Certainly huge, headline-grabbing data breaches from major corporations would lead us to think so.   

Looking ‘behind the scenes’ with Graph 

Organisations must bring together all the different data points they have on their customers – buyer history, communication channel preferences, contact details – from across disparate physical and digital touchpoints into a single, cohesive view so they can extract key insights and uncover relationships. Graph databases help accomplish this single view, adding a further level of insight to data at the same time: they store information as relationships, and can reveal connections within the data, highlighting patterns, unearthing trends and flagging irregular transactions. They can find, link and visualise complex relationships across parties, accounts and transactions, drawing insights and generating a clear picture and a ‘single customer view’, protecting in turn their own customers and their organisations.   

The EU GDPR 

This ‘single customer view’ also provides a strong foundation to prepare for industry compliance. In May 2018, the EU General Data Protection Regulation (GDPR) comes into force. It replaces the 1995 EU Data Protection Directive. Its need becomes very clear when you compare the digital landscape of today to that of 1995: 

  • Today’s Internet user base is 50 times the size it was in 1995
  • Facebook alone is 15 times larger than the entire Internet was in 1995
  • 90% of the data in the world has been created in the past two years alone

Under the new Regulation, organisations must take ownership and demonstrate the systems and processes they have in place to protect customers from fraud.  The new rules place greater liability on businesses or individuals to protect information. Non-compliant organisations without measures in place to protect their customers face substantial fines.   

One of the key aims of the EU GDPR is to protect all EU citizens from privacy and data breaches, and enhance their choices over how their information is used and accessed in an increasingly data-driven landscape. It empowers consumers, as organisations must be ready to answer their questions such as  “What data are you holding on me?  Where are you storing it? How are you using that data?”

There are of course steps that we, as consumers, can take to protect ourselves from becoming a victim of fraud, taking ownership of our own sensitive data: we can create more complex passwords for accounts and websites; we can set up alerts to changes in our credit rating from firms like Experian; we can remove everything but bank cards and cash from our wallets; and we can take care not to include personal printed information in our rubbish or recycling.   

Businesses, however, have the opportunity to include far more powerful tools in their fraud prevention armoury.  Now is the time for more organisations – including our mobile phone operators - to integrate this watertight, predictive, intelligent software into their fraud prevention toolkit. Only then will they begin to repay the trust we have placed in them throughout this digital age.    

Andy Berry, Vice President EMEA, Pitney Bowes Software 

Image Credit: Seewhatmitchsee  / iStockphoto