LexisNexis Emailage: Reimagining fraud detection by using email intelligence as a core risk identifier
LexisNexis Risk Solutions announced the availability of LexisNexis Emailage, a powerful fraud risk scoring solution fueled by email intelligence to help companies balance a seamless user experience with robust fraud detection and prevention capabilities.
This solution helps solve both of these challenges by allowing organizations to confidently assess risk, approve transactions faster and more effectively outsmart quickly changing fraud tactics within digital transactions.
LexisNexis Emailage reimagines fraud detection by using email intelligence as a core risk identifier. Email is a unique global identifier that unlocks digital engagement and transactions in every industry because it is one of the most commonly used components of an online transaction.
Email is rich with transaction history and difficult to change because it links to an individual’s online accounts.
“Consumers want to connect through an increasing number of channels and they expect a consistent, frictionless experience each time. However, businesses are often pulled between the tensions of deterring fraud and trying to deliver the best user experience,” said Stephen Topliss, vice president of fraud and identity strategy at LexisNexis Risk Solutions.
“We believe it’s possible to do both. LexisNexis Emailage is a proven risk assessment tool utilizing the user’s email address at the core. Businesses receive the benefits of real-time global email risk intelligence for true consumer insights delivered via a continual feedback loop. This yields a rapidly growing force working together to outsmart fraudsters.”
Fueled by global digital insights and shared transaction history, the LexisNexis Risk Solutions global network gives companies risk decision confidence that is always improving.
With billions of digital identifiers in the network, LexisNexis Emailage brings together physical and digital risk signals to create a holistic view of the consumer risk associated with a transaction.
LexisNexis Emailage can be part of a comprehensive fraud and identity program that:
- Identifies and prevents online transaction fraud
- Gauges the risk associated with a consumer’s email address through an email risk score
- Increases top-line revenue by auto-approving more legitimate consumers
- Helps users make confident, efficient manual review decisions
- Works with other solutions from LexisNexis Risk Solutions to supplement overall risk management
In February 2020, LexisNexis Risk Solutions acquired Emailage, a fraud prevention and risk management solutions provider. Now fully integrated into the Business Services group of LexisNexis Risk Solutions, LexisNexis Emailage uses a patented, proprietary analytic approach to reimagine fraud detection.
LexisNexis Risk Solutions announced the availability of the LexisNexis ID Compass Platform for Insurance. A multi-layered identity access management (IAM) solution, the platform combines physical and digital intelligence to help insurance carriers respond to identity risk and reduce friction for consumers seeking insurance quotes and other transactions.
LexisNexis ID Compass Platform is a suite of integrated IAM products that deliver identity verification and authentication, which can help carriers avoid unnecessary risk and elevate the consumer experience by identifying and fast tracking genuine consumers while creating more friction for “bad actors”. This helps carriers to make better decisions in their workflow and defend themselves and their customers from cybercriminals and potential fraud.
ID Compass uses LexisNexis proprietary linking technology and the LexID unique identifier to help resolve, match and manage information for a more accurate view of more than 282 million U.S. consumer identities.
It also considers 1,500 data-specific and aggregated phone identity sources, and intelligence harnessed from billions of monthly transactions to provide various scores and attributes. These combined technology assets are delivered through multiple solutions to protect online data for more than a billion consumers across the globe.
Insurance carriers face the constant threat of security attacks from online consumer interactions, including identity theft, phishing, smishing, malware and bot attacks.
The ID Compass Platform can identify and thwart attacks by analyzing millions of transactions in near real-time across billions of devices. When individuals are verified and identified as trustworthy, their online experience can become more frictionless and seamless.
“As consumers gravitate toward digital interactions, it is critical for insurers to defend their online businesses while keeping data secure and their customers’ information safe. Our ID Compass Platform gives customers a solution to help detect and prevent unscrupulous online behavior without compromising consumer experience,” said Kim Brown, Director, IAM product management, LexisNexis Risk Solutions.
“Our IAM solutions are a more effective way for insurers to manage digital identity risk, reduce cyber fraud and enhance customer experience.”
LexisNexis ID Compass integrated suite of solutions includes:
- LexisNexis Threat Metrix, which analyzes millions of transactions in near real-time across billions of devices for thousands of global digital businesses.
- LexisNexis InstantID, which returns an index summarizing the level of verification, potential risk indicators and additional information to enhance our customers’ due diligence efforts.
- LexisNexis Phone Finder, which combines authoritative phone content with a large repository of identity information to deliver relevant, rank ordered-connections between phones and identities.
- LexisNexis One Time Password, which sends a simple alphanumeric authentication code via email, text or voice to a device in the consumer’s possession.
- LexisNexis InstantID Q&A — a near real-time, interactive knowledge-based authentication technology that verifies a customer is who s/he claims to be. InstantID Q&A generates an interactive, multiple-choice knowledge-based questionnaire using more than thirty (30) years of unique identifiers, such as property, telephone and address history.
A LexisNexis Risk Solutions report tracks global cybercrime activity from January 2020 through June 2020. The period has seen strong transaction volume growth compared to 2019 but an overall decline in global attack volume. This is likely linked to growth in genuine customer activity due to changing consumer habits.
The period has seen strong transaction volume growth compared to 2019 but an overall decline in global attack volume. This is likely linked to growth in genuine customer activity due to changing consumer habits.
The report analyzes data from more than 22.5 billion transactions processed, a 37% growth year over year. Mobile device transactions also continue to rise, with 66% of all transactions coming from mobile devices in the first half of 2020, up from 20% in early 2015.
There’s also an uptick in transactions from new devices and new digital identities. This is attributed to many new-to-digital consumers moving online to procure goods and services that were no longer available in person or harder to access via a physical store, during the pandemic.
Attacks by region
The EMEA region saw lower overall attack rates in comparison to most other global regions from January through June 2020. This is due to a high volume of trusted login transactions across relatively mature mobile apps.
The attack patterns in EMEA were also more benign and had less volatility and fewer spikes in attack rates. However, there are some notable exceptions. Desktop transactions conducted from EMEA had a higher attack rate than the global average and automated bot attack volume grew 45% year over year.
The UK originates the highest volume of human-initiated cyberattacks in EMEA, with Germany and France second and third in the region. The UK is also the second largest contributor to global bot attacks behind the U.S.
One example of a UK banking fraud network saw more than $17 million exposed to fraud across 10 financial services organizations. This network alone consisted of 7,800 devices, 5,200 email addresses and 1,000 telephone numbers.
Decline in attack rate
The overall human-initiated attack rate fell through the first half of 2020, showing a 33% decline year over year. The breakdown by sector shows a 23% decline in financial services and a 55% decline in e-commerce attack rates.
Latin America experienced the highest attack rates of all regions globally and realized consistent growth in attack rates from March to June 2020. The attack patterns in North America and EMEA had less volatility and fewer spikes in attack rates from the six-month period observed.
Attack vector global view
Media is the only industry that recorded an overall year over year growth in human-initiated cyberattacks. There was a 3% increase solely across mobile browser transactions.
Globally, automated bots remain a key attack vector in the Digital Identity Network. Financial services organizations experienced a surge in automated bot attacks and continue to experience more bot attacks than any other industry.
Across the customer journey
New account creations see attacks at a higher rate than any other transaction type in the online customer journey. However, the largest volume of attacks targets online payments. Login transactions have seen the biggest drop in attack rate in comparison to other use cases.
Analysis across new customer touchpoints in the online journey is included in this report for the first time, providing additional context on key points of risk such as money transfers and password resets.
All industries have felt the impact of COVID-19. There are clear peaks and troughs in transaction volumes coinciding with global lockdown periods.
Financial services organizations realized a growth in new-to-digital banking users, a changing geographical footprint from previously well-traveled consumers and a reduction in the number of devices used per customer. There have also been several attacks targeting banks offering COVID-19-related loans.
E-commerce merchants have seen an increase in digital payments and several other key attack typologies that coincide with the lockdown period. These included account takeover attacks using identity spoofing and more first-party chargeback fraud.
Rebekah Moody, director of fraud and identity at LexisNexis Risk Solutions, said: “The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry.”
LexisNexis Risk Solutions announced the results of its annual focus group, comprised of over 20 healthcare IT executives that are members of the College of Healthcare Information Management Executives (CHIME).
The focus group participants accepted more accountability than in previous years to provide the safe and reliable technology tools necessary to deliver high-quality, connected, and cost-effective care.
The survey results also highlighted the importance of a team approach with support across the organization in helping CIOs achieve the vision of connected healthcare.
While the focus group came together before the COVID-19 pandemic struck, the technology priorities for 2020 – from data sharing and security to using data analytics to help vulnerable populations – have become more urgent in light of the pandemic challenges. For example, recent months have illustrated the need for data access to inform decisions about population health, wellness and care capacity.
The surveyed executives identified three main priority areas for 2020.
Members acknowledged challenges amid the surge of digital touchpoints, such as mobile phones, smart devices and remote services.
Goals include a common patient identifier to combine and verify disparate patient records for a true health information exchange.
Members are confronting new cybersecurity risks, confusion over who bears the ultimate responsibility for patient data, and the competing goals of seamless user experience and data safety.
To address that final challenge and strike an appropriate balance, executives are moving to multifactor authentication strategies for optimal user workflow and security.
Integrating Social Determinants of Health (SDOH)
As the pandemic has highlighted, incorporating SDOH data is a vital, immediate requirement for improving the delivery of patient support and value-based care, and ultimately, outcomes.
Executives shared SDOH implementation challenges, including data aggregation and operationalization within IT and EHR systems, especially when not utilizing third-party data to support their efforts. While CIOs previously had not perceived specific accountability for SDOH data, that changed as its value was demonstrated.
“CHIME’s executive health IT members are approaching evolving patient and industry needs with careful consideration, ingenuity and focus,” said Josh Schoeller, CEO of LexisNexis Risk Solutions Health Care.
“Our annual focus group presents valuable insights about how healthcare decision-makers are strategically using technology solutions to overcome hurdles regarding cybersecurity, data governance, and interoperability, all of which have become more urgent during the COVID-19 pandemic.
“It’s a big challenge but with the right data integration and analytics they continue to make great progress even in the face of the COVID-19 pandemic.”
Also encouraging, focus group participants reported solid results when rallying support from stakeholders across the enterprise to participate in tough conversations about information security, privacy, operations, compliance, and clinical and accountable care.
“The customer comes first” started out as the secret to success in business. Now it’s the secret to 21st century cybersecurity and fraud prevention, too.
The phrase always seemed more like an empty platitude, but a growing number of banks and other financial institutions now understand that optimizing convenient consumer experience with risk and safety across all their channels is a strategic differentiator.
Dealing with fraudulent transactions
Financial institutions have been on the lookout for fraudulent transactions in hopes of preventing customers from falling victim to illegal fund withdrawal since the dawn of the digital age. Things like usernames and passwords have become less of a proof of identity and ownership in a world of endless data breaches.
Cybercriminals today easily harvest all manner of personal identity credentials from the dark web as well as through social engineering schemes. They gain access to customer accounts and make transfers or payments with the legitimate customer none the wiser—at least until their next login or they encounter a declined transaction due to insufficient funds.
Automated bots increasingly spur fraudulent transactions by allowing fraud to occur at unprecedented speed and volumes. The goal for fraudsters using bot attacks is to compromise accounts and harvest stolen data, leading to ever-greater risk in new channels and services and for recently digitized and experienced digital channel companies alike.
Efforts to stop these nefarious activities have sometimes led to either a one-size fits all approach or overly aggressive policies and additional identity proofing requirements. Customers get frustrated when they need to jump through hoops to log in or complete a transaction.
The lengthy process seems especially frivolous when cybercriminals continue to find inventive new ways to bypass these same controls. Consumers do not expect a “no-friction” transaction every time. They want the incremental steps to be commensurate with the risk of the transaction (e.g., checking an account balance vs. a large balance withdrawal).
Organizations should look beyond the disruption of fraudulent financial transactions and stop viewing the consumer as a financial event or a financial risk to contain. Instead, organizations should treat the consumer at every customer interaction and not as a single touchpoint or a stand-alone transaction. Only then can organizations effectively protect consumers throughout their experience.
Data insight = Consumer satisfaction and safety
Data insight drives greater consumer satisfaction and safety. To a financial institution, both digital and physical data is often as valuable as a consumers’ financial worth – at least when it comes to visibility into fraud and how to stop it.
Criminals use information within a banking relationship to commit fraud at multiple points during the customer journey. Compromised consumer information exposes the consumer to wider risks outside of specific applications, increasing the risk for the consumer and the organization.
For instance, a fraudster could use compromised customer data to open additional accounts or new lines of credit. Fraudsters with access to online banking information can easily circumvent security questions that require information ostensibly known only to the customer. Then criminals often add their phone number to the account or use account information to re-direct the consumer’s phone calls back to them when users return bogus “security” checks by the financial institution.
The mess left behind in the fraudster’s wake entangles banks who do not employ adequate risk controls. Customers do not like that kind of breach. Neither do regulators.
Banks can benefit from risk signals that can identify this kind of fraud and stop it in its tracks.
When organizations use a combination of data and customer insights (such as pinpointing the last time a device accessed a specific account) measured against transaction risk (whether an account was accessed to change personally identifiable Information or to check a balance), it can tailor each consumer’s experience with the right risk controls.
Also critical is real-time and historical intelligence of the customer’s legitimate identity usage in other interactions on other sites or apps around the world. Organizations should shift emphasis to establishing “the good” in terms of normative devices and behaviors informed by global-scale intelligence instead of focusing on trying to ferret out “the bad.” This practice uncovers anomalies instantly. The key then is to ensure the identification of anomalies and a proactive response at every decisive moment – not just when the financial transaction is taking place.
For all of this, the other side of the equation is just as important. Recalling “the customer comes first,” this focus on protecting the customer also pays serious dividends for the institutions they do business with. Finally, the brand experience matches the brand marketing.
Cybersecurity and fraud risk controls enable significant differentiation for the brand through consumer loyalty and convenience. According to Forrester, less than 10% of organizations ever crack that code.
Institutions that use data insights to coordinate risk and fraud control strategies across channel and consumer journey silos inevitably deliver a faster, more consistent experience across the entire omni-channel spectrum.