Knowing Your Fraudster Starts With Knowing Your Customer

September 15, 2023

This year, we launched the “Fraud Fighters Manual for Fintech, Crypto, and Neobanks,” exploring first-hand insights from leading experts in the fraud industry about how their organizations are actively handling the biggest fraud problems facing them.

We had such an overwhelming outpouring of positive feedback and questions from our readers about how to be included in future publications that we decided to produce this series called “Fraud Fighters Manual: Community Insights.” For this series, we interviewed our audience of readers to get their feedback and opinions about the topics shared in The Manual.

This first piece builds off “Chapter 1: Know Your Fraudster,” which helps teams identify fraudsters by exploring the three main types of fraud and the seven archetypes of fraudsters. It also covers surprising fraud instances Robert Reynolds’ (of Pinwheel) has come across and lists the fraud processes he believes fraudsters are most likely to exploit.

Watch this short video for the top takeaways from the chapter...

Whether they’re legitimate, active users or not, most fraudsters are customers. Or at the very least, they interact with your platform or service in some way.

So knowing your customers is one of the best ways to know your fraudsters—and control their access to your product. This starts at onboarding; the more you know about each potential customer, the more information you have to potentially identify bad actors—and consequently stop them more effectively.

New call-to-action

Breaking the Boundaries of Fraudster Archetypes

Fraudsters aren’t machines. They’re people, and they sometimes behave unpredictably and irrationally, making it rather difficult to anticipate their behavior.

As Robert Reynolds discussed in Chapter 1 of the Fraud Fighters Manual, while there are clear archetypes that fraudsters typically fit into, there is a lot of variation within those archetypes, and some fraudsters fit into multiple archetypes—or transcend them altogether.

No matter what archetype(s) they fall into, fraudsters don’t discriminate—they simply look for opportunities. While certain archetypes may threaten some businesses more, the fact is, most organizations deal with a wide range of different archetypes at different times. And, as Emmanuel Abolo from Riskmap Consulting Limited notes, these “fraudsters range from amateurs to professionals.”

Below, we explore unique real-life experiences where fraudsters’ characteristics and behavior broke the archetypal molds. Then we share insights from real Risk & Compliance professionals about how they would identify this behavior and leverage data to prevent fraud.

Understanding the Angle of Attack

When we try to understand the type of fraudster that conducts something like Account Takeover (ATO) fraud, for instance, it’s not a straightforward answer. As we discussed in Chapter 2 of The Manual, fake and hacked identities are a big problem for organizations from a fraud standpoint. How can you know an individual or entity when they don’t give you the right information? Or if they bypass your verification process altogether by taking over another user’s account?

The fact is, various archetypes could commit ATO fraud (which is the focus of the 4th chapter in The Manual), with The Con Artist and The Impersonator being the most likely culprits. But The Disguise Artist or Organized Criminals could also commit ATO fraud. The commonality is simply the way they attack the product or service they are looking to exploit.

Archetypically, The Con Artist and The Impersonator—despite being the most likely for ATO fraud—aren’t very similar. The Con Artist and The Impersonator have very different profiles, but both are prime candidates for committing ATO fraud. If an organization is looking to stop ATO fraud, and only examines The Impersonator archetypes, they may be letting a lot of fraud persist unchecked.

On top of all this, different fraudsters target different types of organizations and products in a myriad of ways. It’s important to set up an initial strategy that looks at all potential archetypes that could commit that type of fraud, and then perform analysis on the cases you’re seeing to really understand which archetypes are the most common—and significant—threats.

Remember, the most likely culprits in one industry may not be the same for a company in another industry, and companies within the same industry may have products that attract very different fraudsters.

As discussed in The Manual, KYC solutions are simple checks that make it extremely hard for The Con Artist, The Disguise Artist, and The Impersonator to access a platform or service in the first place. Since these archetypes would typically be exploiting a system posing as a customer, KYC procedures present a barrier—or at least add friction—for fraudsters to pass.

Fraudsters Are Masters of Deception

Some fraudster characteristics transcend archetypes—like deception.

All fraudsters are using deceit in some form to achieve their objectives. For many fraudsters, this deception starts from their first interaction with your product or service.

Users will do this during the onboarding process itself, making it very challenging to identify them properly. Fraud is a delicate dance, and many fraudsters will do anything and everything to avoid appearing like a fraudster.

Baptiste Forestier from Hero notes that “when you first onboard users and ask additional information, they start by being overly nice and cooperative. This is intended to create trust in order to avoid being monitored too closely. However, as soon as they understand we are seriously suspicious and start blocking their account and/or funds, they completely change their behavior and begin to be super aggressive, menacing, and may even threaten to call the police and sue us if we don’t answer their demands.”

Although it’s really difficult to predict, it’s important to watch for this behavior and identify when a new customer is feigning honesty to develop trust they can later exploit.

It May Not Be Murder, But It’s Certainly Premeditated

Most fraudsters pre-plan their attacks. In fact, the only archetypes that might not plan their attack are The Thief and The Opportunist, and even they can sometimes plan out their assault. The Opportunist, for example, doesn’t always act impulsively—they may find a weakness and then develop a strategy over time to exploit this weakness.

Fraudsters that have planned out their attack move with intention. Typically, fraud detection systems can be used to identify behavior that could signal when suspicious behavior is on the horizon. Pratik Zanke from PayMate suggests using “a dedicated detecting mechanism to detect unusual activities and registration.” 

True data monitoring that not only analyzes transactions—but all user behavior—is an ideal tool for rooting out bad actors. By understanding how your users typically act, you can readily identify anomalies in patterns and easier identify—and potentially stop—fraud and other financial crime.

As Zanke says, “enhanced transaction monitoring and due diligence with an automated system to change risk categorization” is an ideal means of shifting your risk strategy to account for different fraudster archetypes. 

Built-in risk categorization capabilities empower teams to make faster, better decisions. These are invaluable tools for identifying planned fraud, allowing teams to isolate suspicious activity and take preventative action.

How to Address Different Fraudster Archetypes

To best prevent fraud, organizations need to be prepared to combat all the different fraud archetypes and the various tactics they use. To do this effectively, teams must understand their customers and the fraudsters that aim to exploit them.

This starts at onboarding. The more organizations know about the users they onboard, the more information they have at their disposal to make decisions on whether to accept or reject a customer, as well as make decisions down the line about cutting them off. Beyond this, teams need to validate users when they log in to ensure the true customer is the one accessing the platform.

Because of this (and according to our respondents), two of the best ways to manage and mitigate fraud risks is to:

  1. Use identity verification during onboarding
  2. Use customer authentication and liveness detection when signing users in

This empowers teams to ensure they know their customers, and—by extension—fraudsters.

Friction Is Your Friend

The challenge most organizations face is that any additional KYC check adds friction to the user experience.

Most product teams—and executives—don’t want to add friction. In fact, most of their efforts are centered around finding ways of reducing friction to build a better user experience and encourage product adoption. Typically, the more friction a user encounters during the onboarding process, the less likely they are to complete it.

But risk teams have very different goals; they’re trying to ensure customers are properly verified and monitored. Unfortunately, this almost always requires adding (at least some) friction to the customer experience. To make everyone happy, risk teams are often stuck trying to balance where, when, and how much friction to apply to meet regulatory compliance requirements and reduce false positives—without bogging down the user experience.

And organizations, in general, struggle with this constant trade-off between adding and reducing friction. This balancing act often leads to tension between fraud prevention teams and other departments—product development teams, C-suite executives, and more, but it doesn’t have to be a point of contention.

The thing is, friction isn’t always a bad thing. In fact, it’s actually a great way of mitigating fraud and hindering fraudsters from even attempting it. And this can help even when you don’t know what fraudster archetypes you’re dealing with, as friction itself acts as a hindrance and deterrence to most fraudsters. Instead of trying to bypass your prevention efforts, they’ll just look for an organization with weaker prevention systems and less friction.

As a rule of thumb, knowing your fraudster is one of the best ways to better understand where it’s most effective to apply friction. Teams can apply the right detection and prevention systems where they are most effective to optimize their fraud prevention efforts without adding unnecessary friction from a user experience perspective.

Baptiste Forestier notes that “the key is to understand your ICP [Ideal Customer Profile]. Depending on their age and nationality, they won’t mind certain checks (like liveness detection for 18 - 25), but could be severely bothered by others (like asking for financial information).” Depending on your core demographic, introducing liveness checks could have a very small impact on retention or could seriously hinder acquisition.

A contributor who wanted to remain anonymous noted that, “Friction is typically more impactful during onboarding, as it’s a common acquisition challenge. The more friction users undergo during onboarding, the fewer complete the process.” This is especially impactful on organizations that are looking to grow rapidly. It’s often best to limit friction at initial onboarding, and instead implement KYC checks during login, registration, and other stages of the early customer journey.

Forestier believes teams aiming to keep friction low would stand to benefit greatly from using passive systems that verify identities and authenticate customers without adding friction to the experience. The entire process is conducted in the background, and customers can be validated using other signals, such as device types, IP addresses, and behavioral information.

Based on what we’ve been hearing out in the field, the best strategy is to use high-friction methods for high-risk customers and cases, such as selfie and document uploads. Leverage low-friction methods widely, and high-friction methods sparingly. Analyze and reevaluate regularly, altering your methods based on how you see customers—and fraudsters—behaving.

Download Transaction Monitoring Product Guide

Leverage Data Monitoring to Truly Know Your Customers (and Fraudsters)

One of the best ways to know your fraudster is to know your customers.

Fortunately, there are a series of KYC processes that allow teams to verify customer identities and ensure the entity they are dealing with is who they claim to be. In an effort to offer best-in-class service, organizations are constantly looking to reduce friction while still performing adequate KYC onboarding and customer authentication checks to adequately prevent fraud and money laundering.

It’s an ongoing process, and teams will need to regularly update their strategies and systems to better detect suspicious activity and prevent fraudsters from being successful.

The best solutions empower teams to ingest all the data they need into a single system, making it easier for investigators to analyze all the information they need to make a decision on a case. Unit21 offers robust integrations with third-party data providers, and allows teams to channel it into a unified workspace, making it easy for fraud investigators to make precise decisions on cases in shorter time frames.

Our transaction monitoring solution offers true data monitoring that goes beyond just looking at transactions, so teams can analyze other user behavior like logins, account changes, and more. And with seamless data integration, teams can pull in risk scores and other custom data, empowering investigators to visualize all pertinent information in a single space and make faster, more effective decisions on cases. Schedule a demo to see Unit21’s Risk & Compliance infrastructure in action.

Want to learn more? Check out our Community Insights from Chapter 2—How to Detect and Prevent Stolen and Synthetic IDs. In it, we explore how deep fake and AI technologies are impacting fraud related to compromised, fake, and synthetic identities.

Subscribe to our Blog!

Please fill out the form below:

Related Articles

Getting started is easy

See first-hand how Unit21
can help bolster your risk & compliance operations
GET a demo