GRC & Fraud Software Journal Logo

Newsletter

  • TOP STORIES
  • GOVERNANCE, RISK & COMPLIANCE
  • FRAUD MANAGEMENT
    • Fraud Prevention
    • Fraud Forensics
  • INDUSTRY NEWS
  • CONTACT US

Tag Archives: account takeover

Zumigo hits milestone, protecting 100 million mobile account holders

zumigo logoBy Zumigo Staff

Zumigo Corporation, a designer of mobile device identity verification, has protected more than 100 million consumers from bank account takeover fraud using its Assure Identity solution.

That’s 70 percent of American households.

This is a major milestone, absolutely important to those who want strong protection from hackers or digital thieves who specialize in pretending to be the mobile banking victims they steal from.

The company has been securing the financial transactions of major American banks for the past four years by adding an extra layer of identity protection and verification of customer mobile phone numbers. The end result: Protection for their customers and their accounts.

Zumigo’s Assure Identity solution attacks the latest anti-account hijacking techniques: SIM hijacking or SIM swap fraud. Zumigo verifies for banks in real-time whether it is safe to communicate with a customer’s mobile phone during a transaction. It performs identification and user verification of the caller and notifies the bank if there has been a SIM card or network change to the customer’s mobile phone account. The changes may indicate that someone else is trying to access the customer’s account over the cell phone.

Zumigo’s system, by noting the SIM or network changes to the user’s mobile phone account, raises red flags so the bank can halt the transaction.

“There has been a lot of focus on account takeover fraud over the past year,” said Zumigo CEO and Founder Chirag Bakshi. “Zumigo has been working for the past few years with the major U.S. banks to protect the most important asset they have – their consumer clients – from fraud and identity theft. To date, Zumigo has protected bank accounts for more than 70 percent of U.S. households, when they need to be verified for safely changing their credentials.”

With the rise of online and mobile bank account access, Zumigo has detected more than 2 million occurrences of possible SIM hijacking or SIM swap events perpetrated by fraudsters. Zumigo’s Assure Identity Cloud Platform has flagged these events as possible fraudulent occurrences when banks checked with Zumigo before communicating with their users’ mobile devices.

Zumigo’s patented technology detects changes in SIM and mobile network indicators such as device, owner and account. Discrepancies in mobile phone and account information are quickly flagged as possible fraud, saving its customers significant expenses from fraudulent takeover of accounts, account creation with stolen or synthetic IDs, and wire or other payment fraud.

Zumigo’s global and identity SaaS platform is a cloud-based service that integrates with banks’ and merchants’ processing systems to verify users’ identity to prevent fraud.

Those interested in learning more about this innovative solution are invited to contact Jong Lee at (571) 276-6150 or jong@zumigo.com.

Seven ways to spot fraudulent phone numbers in bank transactions

GRC & Fraud Software Journal

Adam Elliott, founder and CEO of IDInsight

Adam Elliott, founder and CEO of IDInsight

ID Insight’s recent research uncovered seven key indicators of account takeover fraud tied to phone numbers, which led the company to develop a predictive model to help institutions verify the legitimacy of phone number changes when confirming transactions.

In the company’s research of tens of thousands of customer phone number changes in the financial services space, it detected interesting patterns that distinguished legitimate phone number changes from changes to create fraudulent phone numbers.

ID Insight took the lessons learned from this research to develop a predictive model that combines individual risk indicators that help fraud investigators prioritize their queue and work the phone number changes that are most suspicious.

Criminals have recognized that when large money transfers are requested or other out-of-pattern account activity takes place, financial institutions are much more likely to place an outbound call or text to their customer to confirm the legitimacy of the requested account action.

By verifying the legitimacy of phone number changes, financial institutions are able to reduce the risks and constraints that may be holding them back from more fully utilizing the mobile channel.

The analysis uncovered the following key indicators in phone numbers that signal an elevated risk of fraud:

Geographic distance

The greater the distance between the new phone number and the old phone number, the larger the risk. Likewise, there is an elevated risk for cases where the new area code is located a large distance from the customer’s current mailing address.

Carrier type

Changing from a landline to wireless, or wireless to landline often indicates a higher risk of fraud than going from a wireless number to another wireless number. Certain types of carriers, such as prepaid phone numbers and voice-over-IP (VOIP) lines, are much riskier than landlines or postpaid mobile phones.

Urban versus rural

A change in phone number from a rural location to one that is tied to an urban center indicates a higher risk than a rural-to-rural or urban-to-urban change.

Area Code/Exchange

A basic validation check of the area code and exchange confirms that the phone number has been issued to a U.S. customer.

Ported

Local number portability allows customers to retain their phone numbers when changing service providers. New phone numbers that have been recently ported require a higher level of scrutiny.

Business phone numbers

A change from a residential phone number to business. For example, a new phone number that is tied to a check-cashing outlet is highly indicative of fraud.

Phone number verification

When the consumer name can be associated with the phone number through an independent verification source, the risk of fraud is greatly reduced.

 

Phone Change Fraud a Growing Problem

ID Insight, whose industry-leading anti-fraud solutions include address and identity verification tools for banks and credit unions, developed a new phone screen solution in response to the growing problem of fraudsters manipulating phone numbers as part of account takeover schemes.

Using an abundance of hacked personal data available on the black market, criminals pose as legitimate account holders and change the customer’s contact information, ensuring fraud alerts and other bank communications are sent unwittingly to the perpetrator and paving the way for complete control over their accounts before the victim knows it is happening.

“The mobile phone is a critical channel for bank customers and financial institutions that rely on mobile banking, on-line account opening and mobile wallet applications for convenience,” said Adam Elliott, founder and president of ID Insight.

“Having controls in place to ensure the phone number in the customer profile actually belongs to the legitimate customer is critical for reducing fraud risk, which is why we added phone number screening to our portfolio of anti-fraud solutions.”

For more information on IDInsight’s new solution, go here.

 

 

Banks, retailers miss EMV security deadline

By John L. Guerra

GRC & Fraud Software Journal

A CreditCard.com survey shows that most banks missed the Oct. 1 deadline to implement the new Europay, Mastercard & Visa (EMV) security standard, which uses a chip and magnetic strip to prevent the theft of customer account information.

Behavioral analytics providers such as NuData Security and Guardian Analytics – as well as network and cybersecurity and fraud prevention software providers ThreatMetrix and Kount – have used the deadline to urge the adoption of their solutions by financial institutions and e-retailers like WalMart, Target, Amazon and other merchants.

USAToday reports that “only 40 percent of card holders have gotten new chip cards.”

NuData Security and Guardian Analytics describe ways behavioral analytics can protect cardholders from mobile payment fraud in our July 2015 article.

Read Kount software’s “EMV Can’t Solve CNP Fraud.”

Recent Posts

  • How SOC2 Compliance easily achieves HIPAA & HITRUST August 22, 2020
  • Digital fraud, cyber crime increases globally during coronavirus May 15, 2020
  • Zumigo hits milestone, protecting 100 million mobile account holders October 27, 2019
  • NLYTE survey: Most companies seek real-time view of software, technology assets May 18, 2019
  • Lockpath launches templates to Keylight Team Edition, premier GRC platform April 24, 2019
  • Strange Craft: The True Story of an Air Force Intelligence Officer’s Life with UFOs January 12, 2019
  • MetricStream report predicts 2019 GRC trends December 31, 2018
  • GAN Integrity adds new risk management module August 18, 2018
  • FCPA Blog: Panasonic case provides a teachable moment August 2, 2018

How to submit story ideas, news tips and analysis

Contact us at editorial@fraudjournals.com. We also welcome news about software releases, conferences, events and new business partnerships. Please provide contact information and when appropriate, a photograph and two-sentence author bio.  
GRC & Fraud Software Journal, © 2021 All materials in this website are copyright protected.