Charlie Munger, one of this generation’s great business sages, recently passed away and the world will be less wise as a result. Beyond his role as a brilliant investor, vice chairman of Berkshire Hathaway, and right-hand man to Warren Buffett, Munger was a modern philosopher of sorts, one who used prescient stories and anecdotes to simplify how we think and operate in an increasingly complex world.
Known for his wit and candor, Munger left a body of work in the form of speeches and talks he gave to investors, friends, and students over the last 40 years. In one of these better-known speeches, one presented to the Harvard-Westlake School’s graduating class of 1986, he suggested a simple formula for achieving success in life. But in his unique way, Munger framed it as an anti-success blueprint and titled his speech, “How to Guarantee a Miserable Life” (the full text is here, and it’s well worth your time). His purpose was to illustrate that there are different ways of achieving a goal or solving a problem. One way is to approach it from the pessimist’s point of view. In other words, recognize and accept the possibility of negative outcomes, and then create a plan to avoid them.
Is your business ready to apply advanced identity verification to prevent fraud in 2024? Learn how Prove can help you establish rigorous fraud-prevention measures.
There’s an algebraic approach to problem-solving called inversion. It’s thinking through a problem backward and focusing on the conclusion, the outcome. What does it look like, and what are the variant parts that had to be arranged to make it look like this? As Munger figured out, framing a concept through inversion makes it hit home with far greater gravitas. It’s an approach that Einstein used to confirm his various hypotheses and one that software developers have employed for generations. The brilliant and iconoclastic architect of modern air warfare, John Boyd, used inversion to arrive at his OODA Loop strategy.
We know that our audience of fraud experts and customer experience leaders live in a world of great complexity so in this spirit, we have done our own inversion and “anti-thinking,” and present to you a blueprint for attracting and falling victim to more fraud in 2024. In other words, think about how to prevent identity fraud and then follow these rules and we guarantee that your fraud teams will be busy unraveling massive fraud-related issues, that your company will suffer major financial losses, and your brand image will tank in the eyes of consumers.
“Invert, always invert: Turn a situation or problem upside down. Look at it backward. What happens if all our plans go wrong? Where don’t we want to go, and how do you get there? Instead of looking for success, make a list of how to fail instead. Tell me where I’m going to die, that is, so I don’t go there.” - Charlie Munger
Step 1: Ignore historical data that will provide insights into fraud trends
Maybe your best course of action is to just, you know, chill. Whatever happens, happens, right? Fraud is inevitable so no need to prepare for it.
Some companies will rely on digital identity verification methods that persistently calculate and orchestrate billions of real-time updates to identity attributes such as phone numbers and emails to make decisions, with incredible accuracy, about which customers and behaviors are fraudulent. Those companies are basing their decisions on the latest data from the most authoritative sources like educational records, credit header information, utility records, and other sources. While they’re achieving as much as an 85% frictionless pass rate, which ensures a speedy onboarding experience for their customers, who needs the hassle, right?
The best advice we can offer is to simply ignore the work being done by solutions like Prove. Once you apply the Prove Identity Network® digital identity verification solution, you’re going to start turning away fraudsters, and why do that? That scurrilous group adds so much fun and color to your cohort of users and will keep your fraud team busy fighting a fraud war they’ll never win.
Think of it this way; solutions like the Prove Identity Network® perform an insane amount of work in the background to fortify an organization’s authentication efforts, all of which will thwart your plans to get more fraud. Prove’s data correlates and makes sense of 15 years’ worth of actual customer transactions and 20+ billion annual authentication events. The companies that are using it are getting up to a 20% relative increase in pass rates (actual, accurate pass rates) vs. risk-based authentication. But you and I both know that’s all going to end up rooting out fraudsters, and that flies in the face of your brilliant goal of more fraud.
Step 2: Make passwords your only line of defense
Want to invite more fraud while also frustrating the heck out of your customers? Make it easy to access your digital services by requiring only a simple password. Users will despise it, especially if your password requirements are simple, say, like 3-5 characters. To make it even easier, just advise customers to use their birthdate or Social Security number as their password.
First off, you’ll infuriate your customers, since we know that customers hate passwords. If you’re truly trying to ruin your business, this is a great angle. Consider these insights from a study that Prove conducted about password and authentication consumer trends:
- The speed and convenience of the customer experience during the sign-up process for new financial services & products, like credit cards, bank accounts, or cryptocurrency accounts, is deemed somewhat or very important by 69% of Americans.
- For 44% of respondents, the ability to open or use an account through their mobile phone or device significantly influences their decision when completing an online account application.
- In the metaverse, 38% of individuals prefer authenticating their identity through phone signals, surpassing other methods such as passwords (30%), SMS text codes (13%), and biometric authentication (9%).
Clearly, requiring a password alone will be enough to annoy your customers. Add to that the fact that weak password requirements will offer hardly any defense against fraud, and you have a perfect recipe for disaster.
What will happen is that customers will have a password that is easy to remember, which will enable them to quickly engage with you; fast access = more transactions (at least that’s what the math tells us). At the same time, scammers will face the embarrassingly easy challenge of cracking a password with the most rudimentary of tools. For those who like to use social engineering, an easy, short password will be like kid’s play to fraudsters with even the most basic of skills.
Now, some of your competitors want to waste time stopping fraud, so they’ll use multi-factor authentication (MFA), one-time passcodes (OTP), knowledge-based authentication (KBA), and other forms of layered validation and authentication. The most sophisticated competitors will actually even skip passwords altogether with a passwordless solution that is actually designed to leverage advanced identity authentication solutions by using deterministic authentication through mobile devices. By utilizing a cryptographic key, like a SIM card embedded in a mobile device, this method eliminates the need for passwords.
Okay, who even wants that? It sounds like it’s making just regular passwords look bad, and it’s toppling the cottage industries built around the mediocrity inherent in useless solutions like OTPs and MFA. If you’re trying to get more fraud, you definitely want to stay away from something like the Prove Auth® digital passwordless authentication solution. It exploits the widespread prevalence of mobile phones since just about every breathing human on the planet has one. This approach authenticates any device, anywhere, with methods such as app push notifications or biometrics.
So like, what, you’re going to streamline the login process, enhance user satisfaction, and eliminate fraud? Good luck, because then you’ll have zero drama and no crises to look forward to in 2024.
Step 3: Eliminate customer education about fraud
Look, we all spent plenty of years in school, so there is no reason to learn anything new. More knowledge and awareness just lead to more innovation, change, and improvement, and that’s not what you’re trying to accomplish.
Pretend that your customers aren’t smart. Feed them endless emails and texts to remind them to buy, buy, buy. DO NOT recommend changing passwords or adding MFA. And most certainly do not try to educate them about things like phishing, smishing, or any other type of ‘ishing.
Here’s a quick and dirty checklist for how to reduce awareness and keep customers as ignorant as possible:
- Demand zero effort from customers. Much like the parking lot attendants who took care of Cameron’s dad’s Ferrari (Cameron was Ferris Bueller’s best friend if you haven’t figured it out by now; and if you’re too young for the reference, it’s high time you learned it), assure your customers not to worry, that everything will be fine. Do nothing to treat the relationship between them and your company as a partnership, and encourage them to have blind faith in your efforts, of which we know, there will be none.
- Keep customers in the dark. Should a breach happen, and if you follow the guidelines in this blog I guarantee it will, do not let your customers know. Once a breach occurs, the best way for it to cascade into more and more waves of fraud is for your customers to do nothing. Do not send them an email, do not provide them with a prescription for how to fortify their accounts, and do not recommend that they update their customer profiles. As a general rule of thumb, act like you’re not even aware that there’s a problem to begin with. What could be easier than that?
- Treat all user behavior as normal. Yeah, you might see identities trying to register as customers with phony information. There might be indicators that you’re giving access to synthetic identities or individuals on sanctions lists. But don’t worry, because you’re going to treat all attempts at access equally. Think of this as the opposite of Know Your Customer (KYC). In fact, irrespective of fraud signals that indicate a potential breach or illicit attempt to access your system, just use the green light approach and let everyone commingle in your happy little environment of customers.
Step 4: Apply no effort to fortifying account opening
Experts and cybersecurity eggheads will tell you that account opening processes are being attacked just like web application firewalls and enterprise applications. Fraudsters are attacking not just specific resources, but an entire set of processes that are core to how the organization operates and grows. Pretty sneaky.
So, if you want more fraud, just sit on your hands and pretend that account opening is like a massive garbage chute at the world’s most toxic factory. Just let everything in and don’t do anything to stop the flow.
There are solutions, like the Prove Pre-Fill® digital identity solution, that make it easy for customers to onboard, but if you want more fraud, you should avoid it. It is a solution that actually manages to care about making the user experience seamless and enjoyable, AND it does a remarkable job of capturing fraud. Who needs it, right?
Prove Pre-Fill® is kind of a try-hard solution if we’re being honest. It balances the needs and demands of consumers, growth leaders, and fraud teams by authenticating digital identities so that the data being used for ID verification is directly applied in the customer onboarding process. In other words, it enables applicants to populate forms by consenting to auto-filling registration fields with their own information that’s already been matched to data from trusted sources. Consumers save precious time and companies get the advantage of a proven method of reducing fraud.
Again, if you’re trying to increase fraud, you should avoid this product.
Step 5: Discount User Concerns About AI
Your users are clearly worried about how AI could produce various channels to defraud them, and they have every reason to be cautious. AI has been adopted broadly by digital retailers to enhance the user experience, but it’s also found fertile ground with fraudsters who are using it to facilitate new, hard-to-identify forms of fraud.
Prove commissioned two surveys which were conducted by market research company Dynata in October 2023. The results are in an enlightening report that demonstrates the specific reasons that consumers are fearful: 2023 Online Shopping and AI-Based Fraud Report. If you want to reduce fraud, you should read it, as it offers some insights into what’s really happening with AI-related fraud. To note:
- 81% of consumers say they are worried about fraud while shopping online this holiday season, and
- 84% of consumers say they're concerned about AI-based fraud attacks this holiday season.
How are fraudsters perpetrating this fraud? They’re using a variety of tried-and-true methods, but with the addition of AI to make these harder to detect. They include:
- Social Engineering: AI is a gift for those employing social engineering tactics such as phishing, vishing, and business email compromise (BEC) scams. By leveraging AI, fraudsters automate processes, generating personalized, convincing messages that prove highly effective in targeting individuals. Consequently, cybercriminals can execute a greater number of attacks in a shorter timeframe, leading to an elevated success rate.
- AI-Augmented Password Cracking: Cybercriminals have adopted AI to enhance their capabilities in cracking passwords. These sophisticated algorithms facilitate quicker and more accurate guessing, rendering hackers more efficient and successful. The implementation of AI enables hackers to decipher passwords with heightened effectiveness, posing a substantial threat to the security of online accounts and systems.
- Deepfakes and Voice Cloning: Artificial intelligence (AI) is REALLY good at manipulating visual and audio content, which makes it an excellent tool for deepfakes and voice cloning. Fraudsters can impersonate individuals, disseminating manipulated content on influential social media platforms.
Will 2024 be your year of more fraud?
Okay, this was fun and totally in jest, but you’d be surprised at how many organizations seemingly treat the topic of fraud with the same level of dismissiveness as we’ve portrayed in this blog. We urge you to avoid being a careless caretaker of your company and customer’s personal data and to avoid destroying your business because of fraud.
As we mentioned earlier, Charlie Munger has endowed us with a plethora of simple but impactful pearls of wisdom, and this attempt to mimic his thinking is hopefully helpful. Keep in mind this comment he made about how people ignore problems. Munger said that the “...reality is too painful to bear so you just distort it until it's bearable. We all do it to some extent. It's a common psychological misjudgment that causes terrible problems."
Perhaps in 2024, our goal should be to wake up to the reality of fraud and make the necessary efforts to protect ourselves, our customers, and our businesses.
Is your business ready to apply advanced identity verification processes to prevent fraud in 2024? Learn how Prove can help you establish rigorous fraud-prevention measures.
Keep reading
Prove Identity has launched a free Developer Portal for engineers to test out the Prove Pre-Fill® solution, which streamlines the customer onboarding process while preventing fraud.
PYMNTS interviewed Prove CMO Brad Rosenfeld for the most recent episode of, “What’s Next in Payments,”
Miller was the featured guest on InfoRisk Today, where she explained some of these rising threats and the corresponding need for better, more rigorous identity verification strategies.