According to a comprehensive new report (“2018 Fraud Mitigation Study”) from LexisNexis Risk Solutions, the pace of cross-industry fraud is accelerating and becoming more costly. The study surveyed more than 800 fraud mitigation professionals across five different industries (financial services, insurance, healthcare, retail, communications) as well as the government to get a detailed view of the scope and size of cross-industry fraud. One key takeaway from the report is that the identity theft problem is being exacerbated by rampant cross-industry fraud.
This is now the fourth year that LexisNexis Risk Solutions has issued the report, but the first year in which the pace of cross-industry fraud appears to be accelerating. “Our research shows that the incidence of cross-industry fraud has increased since we have been tracking it through the LexisNexis Fraud Mitigation Study. From 2015 to 2017, 84 percent of respondents indicated that they have found that at least one of their cases relates to multiple industries. In this year’s survey, we saw that number increase to 89 percent,” says Vikram Dhawan, Senior Director of Product Management for Identity and Fraud at LexisNexis Risk Solutions.
According to LexisNexis Risk Solutions, the two industries at highest risk of cross-industry fraud are financial services and insurance, while the one industry at the lowest end of the risk scale is the communications industry.
The identity theft problem
As the report suggests, it is becoming easier for fraud to cross over from one industry into another. In one classic scenario outlined in the report, fraudsters falsify tax returns, while also simultaneously falsifying other documents, such as auto insurance claims and healthcare claims.
The risk of that scenario has always existed, of course, but what has changed recently is the spike in the severity of the identity theft problem and the ability of identity thieves to file fake documents with social security numbers obtained from someone else. In other words, it is becoming increasingly common that scammers and hackers obtain the identity of a person via a cyber attack, and then use that personal information and data in order to benefit financially.
In fact, according to the LexisNexis Risk Solutions report, the one fraud scheme that is top of mind for fraud mitigation professionals is identity theft. Nearly one-half (47%) of respondents cited identify theft as their primary concern, up nearly 6 percent in just one year. Other concerns that are top of mind include falsified claims (cited by 42% of respondents) and data hacks or breaches (37%). Often, the victim of identity theft does not even know that their identity has been stolen until it is too late.
In many ways, it is possible to see the identity theft problem and the data breach problem as part and parcel of the same broader issue: hackers are regularly launching cyber attacks against financial services, insurance and healthcare companies, and then using any data breach as a quick and easy way to steal identities. Given the escalating number of data breaches recently, it’s easy to see how that has only compounded the identity theft problem. Over 40% of organizations have now seen an increase in fraud due to data breaches, and the figure is even higher for organizations within the financial services sector (45%) and the healthcare sector (44%).
Once identity theft occurs and personal information has been stolen as the result of a data breach, it can be used to submit false applications, submit fraudulent claims, and file for fraudulent refunds. Information can also be obtained from credit bureaus via credit reports, and then that information used to open fraudulent bank accounts or file falsified credit card applications. All funds that result from these identity theft activities, of course, are directed to the hacker or cyber criminal, and not to the person who had his or her identity stolen.
According to Dhawan, “We see identity theft as one of the biggest enablers of cross-industry fraud. As the world has become more digitally dependent and interconnected, criminals now can tap into rich data stores of personally identifiable information through a few keystrokes. Identity theft has essentially become a low cost method for fraudsters to commit fraud against multiple industries in a short amount of time (if not simultaneously). As such, most organizations are concerned with online fraud versus in-person fraud because of the ease of access and speed that online fraud offers.”
Steps to protect against identity theft and cross-industry fraud
The good news is that organizations are already taking steps to prevent these scenarios. For example, according to the LexisNexis survey, 62 percent of organizations have taken steps in the past year to protect customer data, and nearly one-half are now using data analytics as part of ID verification processes. Spending priorities are also shifting to reflect this reality, with 24 percent of organizations increasing their spending on IT systems, 20 percent boosting their spending on cyber training, and 19 percent adding new employees and staff in order to combat the problem.
Despite these efforts, it’s clear that the hackers are winning. This is reflected in the changing strategic priorities of fraud mitigation professionals. They are now spending more time and energy locating and obstructing suspicious transactions, especially when it comes to fraudulent claims and refunds, which remains the most at-risk form of customer interaction.
Financial impact of cross-industry fraud
What’s perhaps most troubling is that cross-industry fraud and identity theft are no longer just annoying problems that slow down organizations and force them to construct elaborate new defense mechanisms. As the LexisNexis report makes clear, there is a very real financial impact on the bottom lines of organizations. For example, a staggering 80 percent of respondents said that cross-industry fraud had a moderate-to-high impact on the bottom line, and more than 50 percent said the impact was extreme to high.
In other words, a deluge of fraudulent claims, refund requests and applications is starting to have a very real impact on the earnings that companies are reporting. For example, a healthcare organization dealing with fraudulent medical care claims resulting from medical identity theft may be inadvertently paying for services or procedures that never actually took place.
Is it too much to assume that these organizations, crippled by data breaches and rampant identity theft, might start passing on some of these costs to consumers? Given that the financial services sector is the most at-risk of cross-industry fraud, it’s not out of the question that higher bank fees and soaring transaction fees might be the ultimate result of beefed-up recovery plans and anti-fraud mechanisms. Within the healthcare sector, it might mean higher insurance premiums and more expensive healthcare procedures.
Given the size and extent of the problem, are there really any realistic solutions? One solution proposed by the LexisNexis report is simply more cross-industry collaboration. If fraud mitigation professionals from a variety of different industries can work together, for example, they might be able to clamp down on the most egregious forms of abuse. Working in partnership with regulatory bodies such as the U.S. Federal Trade Commission, they can reduce the ability of hackers to commit fraud.
“Cross-industry fraud cases are statistically speaking much more expensive for organizations than fraud that happens due to one isolated event,” said Vikram Dhawan, Senior Director of Product Management for Identity and Fraud at LexisNexis Risk Solutions. “The vast expense from these complex cases in turn raises the cost of services for every consumer. Our study shows that the volume and cost of cross-industry fraud is increasing, so it’s in the best interest of organizations to work together to share information and available data in the interest of prevention. By doing so, fraud can’t be used as a competitive advantage because sooner or later it impacts everybody.”
At the very least, they can pool resources to identity fraudulent account numbers, track down known hackers and share updates about new types of identity theft, much as law enforcement agencies pool their resources to locate and track down criminals. The could also send out cross-industry fraud alerts. Another solution is to beef up spending on data analytics as part of fraud mitigation programs. Sophisticated data analytics programs might be able to spot suspicious transactions much more quickly, thereby averting fraud in the first place.
Clearly, organizations need to become much more proactive when it comes to protecting customer data. That’s especially true in the era of Big Data, when data flows freely across not just organizations, but also entire industries. The problem of cross-industry fraud shows no signs of stopping, and the costs are simply becoming too high to bear.