The Facets of Fraud
A layered approach to fraud prevention
Recognizing Fraud
The various guises of fraud lead many organizations
to believe they are not victims of deception or to
vastly underestimate the extent of the issue.
Fraud can be defined as any wrongful or criminal deception intended
to result in personal or financial gain. The different faces of fraud make
it hard to measure, often leading organizations to firmly believe they
are not victims of deception or vastly underestimating the extent of
the issue. What they do acknowledge is a problem with credit losses
or high collection activity without realizing some borrowers have no
intention of honouring the account or loan.
Whether a fraudster takes out one large line of credit under a false name or maintains several
small, legitimate accounts to build enough trust to apply for a high-limit credit card, the common
denominator is intent.
Where Does It Begin?
The Fraud Players
The story of fraud starts with an identity. A distinction can
then be made between fraudsters who:
Fraud is a difficult behaviour to define and even more
difficult to predict. The perpetrators are constantly
changing their methods, making patterns hard to
establish. Although methods may vary, three common
fraud personas are:
Use their own identity (first party fraud).
Create a fictitious identity (first party fraud).
Use another person’s identity (third party fraud).
In the case of first party fraud, the perpetrators open
accounts using false information or they misrepresent their
real identity by lying on credit application forms. A common
example of first party fraud is a bust-out, where multiple
accounts are opened and charges are put against them with
the intention of abandoning the account, or “busting out”.
Third party fraud may also be referred to as true name
fraud, where a real identity is being leveraged by the
perpetrator. Third party fraud often starts with identity theft
where someone impersonates another individual by using
information such as their name, social insurance number
(SIN) or credit card number, without their permission.
While individual consumers have become increasingly
aware of the threat of identity theft, businesses also need
to be vigilant in their identity verification measures to
protect themselves and their customers against fraud,
whether first party or third party.
Points of Attack
Once an identity has been chosen, fraudsters have
an array of methods they can use to manipulate your
business. Fraudsters will be looking for the easiest and
most profitable point of attack within your institution.
The points of attack and the fraud methods used against
a financial institution will vary based on the products
and services the institution offers. For example, credit
card fraud will represent very different challenges than
cheque fraud. This is further complicated by electronic
versus non-electronic transaction services. Different
considerations need to be taken into account when
protecting an eTransfer versus a line of credit, for example.
The Quick Striker: The most inclined to “hit and
run” whereby they are looking to quickly maximize
their financial gain, then disappear and move onto
the next institution or scheme.
The Opportunist: Actively probing to look for an
easy entry point, or in the case of third party fraud,
looking to capitalize on a lack of awareness or
defense on individual consumers.
The Sleeper: Patiently build loyalty with institutions
by maintaining several legitimate accounts before
opening the “moneymaker”.
Outside of isolated crimes of opportunity, organizations
should be equally (if not more) wary of organized fraud
rings that incorporate different fraud players into a long
term strategy that makes a steady, substantial income
out of fraud. When these rings are nation-wide, they are
incredibly destructive and difficult to pinpoint. Once they
begin to branch out internationally to fund foreign crime,
not only is the reputation of the victim organization at
stake, but finding and prosecuting the criminals becomes
a longer, more daunting process.
Understanding how the identities, methods and types
interact is a key in catching fraud before it impacts your
business. Learning these correlations will help your
organization narrow down your search for fraud offenders
and minimize, if not prevent, your losses. While being able
to detect fraud as it is occurring is helpful in reducing
losses, the ultimate goal should be to prevent it from
affecting you.
Layered Approach to
Fraud Management
The best strategy involves multiple layers of defense.
Equifax Layered Approach
Fraud Risk Assessment
In the fight against fraud, there is no “cookie cutter”,
one-size-fits all approach. Just as you might use several
tools to repair a leaking faucet, several solutions may
need to work together for specific fraud detection and
mitigation situations.
Implementing the right program starts with performing a
fraud risk assessment of your organization.
Identify possible fraud risk: gather information to
assess the possible fraud risks that could apply to
the organization.
Equifax recommends a layered approach to implementing
a fraud prevention program in your organization which
addresses the following areas:
A ssess significant, inherent fraud risk and
its likelihood: fraud risk based on historical
information, known fraud schemes, and interviews
with staff, including business process owners.
Respond to likely/significant inherent and
residual risks: the response should address the
identified risks and perform a cost-benefit analysis
of fraud risks over which the organization wants to
implement controls or specific detection procedures.
Prevention
Detection
Investigation
Containment & Recovery
Analysis & Recommendations
With the right mix of processes, policies, analytics, and
technology, you not only minimize losses, but you also
improve compliance and staff productivity.
PREVENTION
ANALYSIS &
RECOMMENDATIONS
Identity verification
& authentication
Know your customer
(KYC) policy
Staff training
programs
Fraud risk exposure should be assessed regularly by
the organization to identify specific potential schemes
and events that the business needs to mitigate.
Assessments should be performed on a systematic
and recurring basis, involve appropriate personnel,
consider relevant fraud schemes and scenarios,
and mapping those fraud schemes and
scenarios to mitigating controls.
DETECTION
Client data validation
Root cause analysis
Trend analysis /
peer comparison
Action plan for identified
points of compromise
CONTAINMENT
& RECOVERY
Action to stop losses
& contact customers
Recovery activities
Data breach response
services
Device verification
Analytics for profiling
& behavioural modelling
INVESTIGATION
Comprehensive case
management
Validation of suspicious
transactions
Identify points of
compromise
Identity and
Fraud Solutions
Equifax empowers businesses and consumers with
information they can trust. A global leader in information
solutions, we leverage one of the largest sources of
consumer and commercial data, along with advanced
analytics and proprietary technology, to create customized
insights that enrich both the performance of businesses
and the lives of consumers.
The Equifax identity and fraud solution portfolio provides your organization with an integrated suite of
real-time, industry-leading defenses against fraud. The portfolio consists of identity screening, verification
and authentication tools, and enterprise fraud management solutions that work in real time to minimize
losses from various types of fraud. Equifax augments our solutions with unique data assets, predictive
analytics and fraud consulting services.
Identity Management Solutions
eIDcompare
eIDcompare is a real time, identity proofing solution.
eIDcompare helps to determine whether an identity is
valid and if the individual claiming the identity is who they
say they are. eIDcompare cross checks applicant data
against Equifax data sources to validate the identity and
to determine whether that identity has been reported as
misused or associated with potential fraudulent activity.
eIDverifier
This knowledge-based authentication process uses
‘shared secret’ information that should only be known by
the customer and Equifax, to present a variety of multiple
choice questions. Only the identity owner should be able
to correctly answer a sufficient number of the security
questions to be deemed legitimate.
Business Confirm
Business Confirm is a business identification service used
to validate the existence of a corporation and its status,
the entity type, registration/incorporation date and to
identify the company directors.
Deceased ID
Equifax’s Deceased ID solution is a database of deceased
Canadians that can be used as a diagnostic tool to
expedite the validation or cleansing of your client database
to verify continued existence.
Fraud Prevention Solutions
QuickMatch
QuickMatch is a unique tool that verifies key identification
data against the data contained in Equifax’s consumer
credit database to determine if a credit card is being
presented by its rightful owner.
Safescan
Safescan is an interactive warning system that detects
potential fraud by spotting irregularities, as well as confirmed
misuse in names, addresses, SINs, and telephone numbers.
If irregular or misused information is detected, Safescan
generates a warning advising you to take a closer look at
the information on the application.
Citadel
Citadel™ is a web-based, Equifax-hosted enterprise
fraud management solution that helps to identify high-risk
or potentially fraudulent activities before they negatively
impact your business.
The solution matches input data to Equifax’s consortium
fraud and historical client data to help detect fraud
patterns based on user-controlled business rules. A
suite of linkage analysis tools help to uncover indirect
connections between seemingly unrelated data, which may
constitute an organized fraud ring.
Professional Services & Analytics
Data Breach Response Services
Our professional services are employed once an
organization experiences a data breach; the service
provides notification to affected customers, call centre
services, credit monitoring and / or credit file alerts.
Custom Analytics
Due to our deep expertise in predictive modeling and
comprehensive fraud data sources, Equifax is able to
offer custom analytical services to address your specific
business challenges.
Fraud Consulting Services
Our in-house fraud consultants have a unique customer
centric approach to understanding strategies, pain
points and business objectives. They have deep industry
knowledge with the support of dedicated customer
relationship teams and subject matter experts that come
together with our customers to consult, develop and
deploy successful fraud solutions.
Combine the power
D
S I ON
I NG P
MAN
EMNET
SERVICES
M
AG E
RA U
EF
services and state-of-the
art enabling technologies
to deliver an integrated
fraud solution.
RP
RIS
LY
ANA
TOM
S
U
•C
SCORE VALIDATIONS
LATFORMS • WORKFLOW
DM
ANAG
TEL
•
analytics, consulting
TE
SE
MOD
ELING •
GE
CON
SULT
ING
CO
• 3 RD
PARTY
BROA
D-
VAL
U
E-
NO
TECH
BA
EC I
N
S
ES
•D
A
CIAL • FRAUD • MORTG
resources with superior
IG H T
IT
RUL
•
RES
SCO
NS •
ES
OM
ME R
DA
T
NS
RED
UT I O
•C
SC
OR
ECA
RD
GIN
CLIENT
NEEDS
LI
of Equifax’s vast data
&I
& UNIQUE DA
TA
SED
BA
ER C
CONSUM
RIC
GENE
CUSTOM &
A S P SO L
EN
DE
D A N A LY TICA
ATE
TS
GH
SI
ETS
ASS
AD
THAT INTEGR
T IC
S•
LU
LO
SO
NS
TIO
A
GY
Equifax Capabilities
EN
T•
EN
Talk to Equifax today and see how our data can positively impact
every phase of your account lifecycles. www.equifax.ca
Contact Us Today
Call 1-855-233-9226 to speak to
an Equifax Advisor or visit us at
www.equifax.ca/reducefraud
Certain conditions apply to all offers. Equifax and EFX are registered trademarks of Equifax Canada Co. Inform Enrich Empower is a trademark of Equifax Inc.,
used here under license. ©2014 Equifax Canada Co. All rights reserved