Companies unprepared to deal with mobile attacks, synthetic identity fraud, CCPA compliance
There is a growing impact of large-scale data breaches and fraud on consumer trust and the critical need for businesses to balance the digital consumer experience with strong identity verification processes, IDology reveals.
The survey of more than 250 business and finance executives and security professionals also found that senior executives believe their companies are still not prepared to combat synthetic identity fraud and mobile attacks.
Additionally, the California Consumer Privacy Act (CCPA) is expected to have significant implications in 2020 and many businesses may not be ready to comply.
Five key findings
1. The true impact of data breaches: A decline in consumer trust – 49% of businesses report a decline in customer trust over the past year. Additionally, 46% indicate that increased regulations are a top impact of large-scale data breaches.
2. Fraud vectors are shifting away from point-of-sale (POS) – 58% of businesses report fraud is increasing in their online channels.
3. New fraud threats, synthetic and AI fraud on the rise – 40% of businesses across industries experienced an increase in synthetic identity fraud (SIF) over the last twelve months and 92% percent expressed concern over SIF.
The study found 33% believe that the fraudulent use of artificial intelligence and machine learning will be the most severe form of fraud in the next three years.
4. Compliance is an increasing burden – 28% of businesses believe CCPA compliance will be more burdensome than GDPR while 30% believe it will be equally as burdensome. CCPA contains additional rules with respect to identity verification that go far beyond what is required for GDPR.
5. How to thrive in the changing environment – 96% of businesses see identity verification as a competitive differentiator. Also, 80% believe accurate address verification is very or extremely important to the identity verification process.
Closing the trust gap
With close to half of companies surveyed experiencing a loss in consumer trust, businesses have added pressure in the fight against fraud to create extra checkpoints for digitally verifying customer identities.
But too many fraud prevention measures result in friction for consumers and loss of revenue. This can result in costly cart abandonment and decrease the likelihood that consumers will use features that drive repeat business, such as keeping a credit card on file.
Efficient, strategic identity verification measures can boost consumer trust while minimizing friction.
Companies are still unprepared to combat rising synthetic identity fraud
The study revealed that 40% of businesses across all industries surveyed experienced an increase in synthetic identity fraud (SIF) over the last twelve months. Yet, executives report that SIF and mobile device attacks are the types of fraud they are least prepared to detect and prevent, especially since SIF is difficult to uncover with legacy systems.
Ninety-two percent of executives surveyed expressed concern over SIF, with the number who reported being extremely or very worried about SIF surging by 54% year-over-year. When asked about fraud concerns over the next three years, 48% of executives predicted SIF will be the most severe form of fraud.
Transaction sizes plunge, mobile fraud continues to be a problem
Fraudsters are adapting and looking for smaller scores. The study found that fraud transactions under $500 have increased 50% as criminals evolve their strategies and look to fly under the radar of legacy fraud detection approaches.
At the same time, mobile attacks continue to be a top form of fraud among businesses surveyed with the prevalence of mobile text SMS interception surging by 40% compared to last year.
Mobile continues to be a priority for businesses and with digital trust down, more than half of executives cited identity verification via mobile device attributes as the biggest future trend in identity verification.
What’s ahead: Compliance with the CCPA
CCPA is considered to be the most comprehensive data privacy law in U.S. history and gives California consumers the right to know which information companies are collecting about them and how they are using it.
When the law goes into effect January 1, 2020, businesses expect a flurry of consumer information requests that will require them to verify their identities.
More than a third of companies surveyed reported they are currently non-compliant and still in the assessment phase, and at least 15% believe they will not be compliant by the deadline. In addition, 28% believe CCPA compliance will be more burdensome than GDPR.