IDology, a GBG company, released its Seventh Annual Fraud Report, revealing the growing impact of large-scale data breaches and fraud on consumer trust and the critical need for businesses to balance the digital consumer experience with strong identity verification processes.
The report also found that senior executives believe their companies are still not prepared to combat synthetic identity fraud and mobile attacks. Additionally, the California Consumer Privacy Act (CCPA) is expected to have significant implications in 2020, and many businesses may not be ready to comply.
“Fraud is now clearly a trust issue as well as a security issue. Our annual report found that a consumer trust gap with businesses has emerged that is directly impacting customer retention and engagement. Combined with a continually shifting fraud landscape and increased government-mandated compliance, business executives have their hands full,” said John Dancu, CEO of IDology. “The good news is that companies can address this and improve customer retention by taking a strategic approach to identity verification that is effective in combatting all types of fraud, fosters a frictionless customer experience and helps drive compliance and revenue.”
Five Key IDology Fraud Report Findings:
- The true impact of data breaches: A decline in consumer trust – 49% of businesses report a decline in customer trust over the past year. Additionally, 46% indicate that increased regulations are a top impact of large-scale data breaches.
- Fraud vectors are shifting away from point-of-sale (POS) – 58% of businesses report fraud is increasing in their online channels.
- New fraud threats, synthetic and AI fraud on the rise – 40% of businesses across industries experienced an increase in synthetic identity fraud (SIF) over the last 12 months and 92% expressed concern over SIF. The study found 33% believe that the fraudulent use of artificial intelligence and machine learning will be the most severe form of fraud in the next three years.
- Compliance is an increasing burden – 28% of businesses believe CCPA compliance will be more burdensome than GDPR, while 30% think it will be equally burdensome. CCPA contains additional rules concerning identity verification that go far beyond what is required for GDPR.
- How to thrive in the changing environment – 96% of businesses see identity verification as a competitive differentiator. Also, 80% believe accurate address verification is essential to the identity verification process.
A Deeper Look at the Findings
Closing the Trust Gap
With close to half of companies surveyed experiencing a loss in consumer trust, businesses have added pressure in the fight against fraud to create extra checkpoints for digitally verifying customer identities. But too many fraud prevention measures result in friction for consumers and loss of revenue. This can result in costly cart abandonment and decrease the likelihood that consumers will use features that drive repeat business, such as keeping a credit card on file. Efficient, strategic identity verification measures can boost consumer trust while minimising friction.
Companies Are Still Unprepared to Combat Rising Synthetic Identity Fraud
The study revealed that 40% of businesses across all industries surveyed experienced an increase in synthetic identity fraud (SIF) over the last 12 months. Yet, executives report that SIF and mobile device attacks are the types of fraud they are least prepared to detect and prevent, especially since SIF is difficult to uncover with legacy systems. Ninety-two per cent of executives surveyed expressed concern over SIF, with the number who reported being extremely or very worried about SIF surging by 54% year-over-year. When asked about fraud concerns over the next three years, 48% of executives predicted SIF would be the most severe form of fraud.
Other Significant Trends: Transaction Sizes Plunge, Mobile Fraud Continues to Be a Problem
Fraudsters are adapting and looking for smaller scores. The IDology study found that fraudulent transactions under $500 have increased by 50% as criminals evolve their strategies and seem to fly under the radar of legacy fraud detection approaches. At the same time, mobile attacks continue to be a top form of fraud among businesses surveyed with the prevalence of mobile text SMS interception surging by 40% compared to last year. Mobile continues to be a priority for businesses, and with digital trust down, more than half of executives cited identity verification via mobile device attributes as the biggest future trend in identity verification.
What’s Ahead: Compliance with the California Consumer Privacy Act (CCPA)
CCPA is considered to be the most comprehensive data privacy law in U.S. history and gives California consumers the right to know which information companies are collecting about them and how they are using it. When the law goes into effect on January 1, 2020, businesses expect a flurry of consumer information requests that will require them to verify their identities. More than a third of companies surveyed reported they are currently non-compliant and still in the assessment phase, and at least 15% believe they will not be compliant by the deadline. Besides, 28% believe CCPA compliance will be more burdensome than GDPR.