In today’s digital-first world, fraud prevention can feel hopeless. Just when you think you’ve got your fraud prevention operations under control, another new and dangerous fraud risk emerges. News stories about malware, ransomware, bots, and account takeover fraud all compete for the headlines along with phishing attacks, data breaches, and a wide array of other cybercrimes.
Most of today’s most common cybercrimes share one thing in common; they all leverage data stolen from a data breach. The total cost of data breaches is difficult to estimate but according to the IBM Security Data Breach Report of 2022, India's average data breach cost is at a record high of Rs 17.6 crore for the fiscal year of 2022.
Despite the best efforts of law enforcement, cybercrime is rampant, affecting nearly every aspect of digital life. Machine learning and artificial intelligence are radically altering the fraud landscape in new and unpredictable ways. From e-commerce and healthcare to banking and financial services, every industry in India and around the world has been impacted to some degree.
Proactively developing effective fraud detection and fraud prevention strategies for the most common types of fraud is possible. By focusing on the following 8 types of fraud, companies can develop cost-effective strategies to flag suspicious activity in real-time while also protecting user experience and preventing reputational damage.
Let’s explore the 8 major types of fraud in India and discuss how enabling advanced digital identity solutions such as cryptographic authentication can prevent online fraud and the resulting reputational damage without breaking the bank.
Identity theft, aka true name fraud, is one of the most damaging types of fraud. Identity theft takes place when a fraudster uses a consumer’s stolen personal data to achieve illicit financial gain, typically through fraudulent transactions. After stealing a victim’s identity, the fraudster will open up new accounts in various financial institutions that can be used for money laundering, apply for new credit cards, and take out loans from various financial institutions with no intention of paying them back.
Identity theft is a broad fraud risk category that includes other types of fraud including TIN Fraud, Disability Fraud, and Synthetic Fraud. In total, over 27 million Indian adults experienced identity theft according to the most recent reports.
How can Prove help? When creating an account using stolen personal information, the fraudster will typically enter the victim’s real personal information (name, birthday, Aadhaar, PAN number, etc.) but then replace the victim’s real phone number with their own “burner” phone number, typically a personal prepaid number. Prove Auth™ can prevent identity theft by determining that the fraudster is neither the rightful owner of that phone nor in possession of the victim's phone (physical device) during the transaction. In other words, Prove Auth™ uses phone-centric technology to flag this fraudulent transaction as suspicious.
Unlike identity theft, the first-party fraud scam doesn’t involve stealing another person’s personal information but rather using one’s own identity to commit fraud. A common form of first-party fraud, known as chargeback fraud, occurs when an individual makes an expensive purchase and then falsely disputes the purchase as fraudulent with their credit card company or financial institution.
Chargeback protection was designed to protect consumers from unauthorized purchases but is now used by fraudsters to bilk money from merchants.
In the case of e-commerce, they may claim the product arrived broken. In other scenarios, they may claim their credit card was stolen and they never authorized the purchase.
This type of fraud costs e-commerce companies and financial institutions billions every year. In fact, some fraud experts claim that first-party fraud is more prevalent than third-party fraud vectors like identity theft. First-party fraud is a notoriously difficult scam to flag which is why it is often misclassified by fraud teams.
Of course, first-party fraud isn’t the only type of fraud that leverages e-commerce. Throughout India, fraudsters dressed up as legitimate couriers often trick customers paying via cash-on-delivery by fooling them into sharing one-time passwords.
How can Prove help? Prove Auth™ makes it much harder for individuals to falsely dispute charges with financial institutions as it can produce detailed evidence that indicates when a user’s verified phone number is associated with the transaction. This provides a critical layer of security on high-risk transactions like major purchases.
Fraudsters generate algorithms to sign up for online accounts in bulk, often using non-fixed VOIPs in the process. This is called a bot attack and they take place every day. In fact, over 1.6 million cyber attacks were blocked by insurance companies in India every day in January.
A fraudster uses bot attacks to create thousands of phony accounts, often using real data from victims, for a variety of malicious purposes including phishing for credit card numbers and executing data breaches at healthcare websites.
How can Prove help? Bot Attacks are prevented by establishing proof of possession of each phone number used by an end consumer. Additionally, establishing phone ownership confirms the identity of a consumer is linked to a specific phone number.
The physical theft of phones is not as scalable as the other types of fraud because it requires a criminal to steal a mobile phone from an unsuspecting victim which is risky, time-consuming, and attracts attention from law enforcement.
However, this type of crime does happen. After the phone is stolen, the criminal can use the phone to perpetrate a wide variety of fraudulent activities including intercepting OTPs, using existing accounts to conduct money laundering, and executing account takeovers, steal passwords. Remember, if your phone is stolen, contact your mobile carrier right away.
How can Prove help? Trust Score+® can detect when the carrier suspends the phone line and performs a legitimate SIM Swap. Phones with recent SIM swaps earn a lower Trust Score® and can be flagged as suspicious activity. This can prevent financial institutions from issuing one-time passwords, putting a stop to unauthorized account takeover fraud.
In this fraud scenario, a fraudster impersonates the victim and ‘ports’ or switches the victim’s phone number from one mobile carrier to another. Sometimes this requires social engineering or bribing employees at cell phone stores. After gaining control of the victim’s phone number, the fraudster can complete 2FA controls and gain access to a victim’s banking, wallets, trading accounts, and other important accounts to transfer the funds into tonal financial institutions.
How can Prove help? Trust Score+® will detect when a victim's phone number is taken over through a SIM swap via a Port-out attack. This attack is more common in taking over existing accounts versus at account creation. This capability is included in the base Trust Score®.
SIM swap fraud takes place when a fraudster impersonates the victim and requests a device swap from the same mobile carrier. The victim’s phone will be deactivated and the fraudster’s device will begin accepting phone calls and SMS from that number. This is called a SIM swap. After gaining control of the victim’s phone number, the fraudster can complete 2FA controls and gain access to a victim’s banking, wallets, trading accounts, and other important accounts to transfer the funds into their accounts.
How can Prove help? Trust Score+® will detect when a victim's phone number is taken over, through a SIM swap via a device swap attack at the existing carrier. This attack is more common in taking over existing accounts versus at account creation.
Synthetic identity fraud is a newer iteration of identity theft. In this fraud threat, a fraudster will create a synthetic or false identity by combining both real data from a victim with fictitious personal information.
How can Prove help? Prove Auth™ enables passwordless authentication with device intelligence for mobile apps and omnichannel experiences and protects from fraud and account takeovers — all while enhancing the consumer experience.
Most fraudsters are prolific. They don’t just target one victim, they target hundreds or even thousands of victims. When they target a victim, they often take over multiple accounts– focusing especially on financial institutions (including wallets, banking, investment accounts, etc.) Unfortunately, they often evade law enforcement with ease.
How can Prove help? Trust Score+® is a prevention solution that can detect bad actors and suspect phones that have been used in financial crimes as we launch the Prove fraud network. In addition, we are analyzing the correlation between phone number tenure and recycling behavior to catch known fraudsters and abusers.
The fight against fraud can be challenging, but it is not impossible. By understanding the various types of fraud that exist and using cryptographic authentication-based digital identity solutions like the ones offered by Prove, businesses can protect themselves and prevent fraud from occurring in the first place.
Over the past few years, fraud has proven to be the Achilles' heel of digital transformation. Although India’s rapid shift to a digital-first approach to business has resulted in innumerable benefits ranging from economic growth to consumer convenience, it has also resulted in a surge in fraud. To prevent fraud and protect consumers, a growing number of companies throughout India are leveraging Prove’s comprehensive suite of digital identity solutions to prevent the most common and dangerous fraud vectors today.
Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.
Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.
Tap the button below to read our latest white-paper on the subject as industry leaders.
Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.
Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.
Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.
Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.
Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.
Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.