Fraud isn’t standing still.
Today’s criminals have more advanced technology at their disposal than ever before, and they’re using it in ways that are subtle, sophisticated and effective.
“Fraudster tactics to compromise funds start well before the transaction occurs,” Dustin White, vice president of risk products and solutions at Visa DPS told PYMNTS.
Texts, emails and other forms of digital engagement are now the front lines of fraud, as criminals deploy artificial intelligence-powered tools to collect information that unlocks new avenues of attack, he said.
Is there a new avenue of detection and defense? For Visa DPS, one area of focus is identity intelligence.
Get used to the term because identity intelligence can help companies increase their knowledge of fraud before it happens.
For example, social engineering has become “one of the most dangerous” techniques because it underpins so many other scams, White said. Romance scams, schemes preying on parents with fake emergency calls and deep psychological manipulation all give criminals entry points into accounts.
Synthetic identities, stitched together from fragments of real and fake information, amplify the damage, causing losses “by orders of magnitude compared to traditional transactional fraud,” White said. Account takeovers are also increasingly difficult to stop once criminals already hold all the keys to a customer’s profile.
The challenge is that fraudsters excel at pooling their resources, he said.
“Fraudsters democratize intelligence better than anybody,” White said. “And financial institutions often don’t.”
Each text or phishing email a consumer receives isn’t random noise; it’s a piece of a much larger puzzle. That puzzle gets solved in underground networks that quickly share tools and data. For banks, credit unions and issuers, the response can no longer be to wait until money is on the move.
Waiting Until the Money Moves Is No Strategy
Financial institutions have long relied on catching fraud at the point of the transaction. However, that strategy has limits.
“Transactional fraud mitigation tools are absolutely a core foundational layer of security,” White said. “So, they’re not going away. But … trying to stop all of that at the transactional level is sort of a big ask.”
The real shift is to intercept the fraudster’s campaign before the money ever moves, he said.
“If you’re waiting until the monetization layer, you’re really not engaging with fraudsters in the battlefield that they’re in day to day,” White said.
Fraudsters are no longer content just to steal credentials. They want to compromise data that unlocks an array of attack vectors, he said.
Even when fraud detection tools flag a suspect payment, banks are forced to confront another obstacle: trust.
“A fraudster has had a couple hours, a couple days, maybe a couple weeks to build a rapport and relationship and trust with the consumer,” White said. “And now, when you step in at the transactional phase, you are trying to undo all of that trust in a single moment. It’s very hard to do.”
Forging Identity Intelligence
The goal is to use data signals—from application, to login, to early account use—to form a clearer risk picture long before transactions take place, he said.
A unified fraud intelligence layer, designed to connect disparate data points into a single, actionable view, is important.
“The goal is to really surface the risks before they manifest,” White said.
That means linking information from the moment someone applies for an account—such as how they applied, from what device, through what URL—with bureau checks, Visa’s internal threat intelligence and behavioral signals collected across time. The result is a unified fraud intelligence layer designed to connect disparate data points into a single, actionable view.
Mobile and login touch points are especially valuable because they provide rich behavioral data, White said.
“You can learn a lot by understanding how someone holds their phone and types,” he said.
If a consumer historically logs in with one hand at a slow cadence, and suddenly a session appears using two hands at rapid speed, that’s a signal. If a consumer who never wires money suddenly initiates a transfer while on an active phone call, that too is a red flag.
“You can start picking up on things about that mobile device telemetry before any type of transaction happens,” he said.
Connecting these dots is critical. White gave the example of email address changes. Sometimes, they’re benign, such as a household consolidating shopping receipts. But sometimes, they’re malicious, such as when a fraudster changes the address to suppress alerts.
As he said, “if a fraudster compromises an account, swaps an email so that I’m no longer getting alerts … we can stitch that activity together, say, OK, email was changed from email A to email B, how risky is email B based on past history that we’ve seen across the network?”
The strategy is what White called “upstream” on the fraud timeline. Rather than detecting fraud only when it “manifests transactionally,” the shift is to “holistic risk management across any interaction that you have with your customer, member or cardholder,” he said.
Moving Forward: A Backbone for the Next Era
Building stronger systems today to stay ahead of evolving threats is important, White said. The attacks are only going to grow and become more sophisticated. The solution lies in stronger authentication, better customer education, and AI-powered analysis of behavioral biometrics and device telemetry.
But financial institutions can’t do it alone. Fraud detection must be an organizational endeavor, and “not just something that the back-office team or the fraud card team works on,” White said. Attacks often begin in one division, like loyalty, auto lending or personal loans, and ripple through others. Sharing data across internal teams, and across institutions themselves, is essential.
From login to transaction, every signal matters. As White told PYMNTS, “identity intelligence will be the backbone of next-gen fraud prevention.”
Fraudsters are moving fast. Visa DPS is building for what’s next.
Source: https://www.pymnts.com/