Spike in Fraudulent FX Accounts During the Pandemic? Time for Better User Authentication

If your forex business has seen a growing number of fraud attacks recently, you’re not alone. Here’s where better user authentication can help.

The Covid-19 outbreak isn’t just alarming for companies who had to pause their operations. Cybercrime is on the rise for online businesses, and the increased numbers of signups also mean a bigger challenge when it comes to battling more fraudsters than ever.

While this is true of all verticals, including online stores and SaaS, in this post, we’ll look at why forex companies are particularly at risk, and which tools they have at their disposal to block bad users from entering their platforms during user authentication. 

Why the Escalating Fraud Rates Now?

Forex companies are facing the same application fraud and fraud attacks as before the pandemic, only on a much bigger scale.

Everyone is stuck at home, and many people are worried about their sources of income, which explains the rise in the number of amateur day traders. The problem? They’re more likely to regret their signups or early trades. 

This creates the perfect storm for record-high levels of friendly fraud, exemplified by the following scenarios:

• Users abuse the chargeback process to avoid losing their successful trades.
• They realize forex and cryptocurrency trading is harder than they thought and decide it isn’t for them.
• A family member signs up and makes trades, unbeknown to the cardholder whose card was used.
  

So one of the key challenges is clearly to prevent chargebacks: Meanwhile, career fraudsters are also making the most of the pandemic chaos and confusion to hide and attack exchanges, especially the newer ones.

This is, however, old news for mature forex platforms, who are already a high target of fraudsters, due to the fact that they operate as digital wallets. This is doubly true for those who also offer crypto trading, and those who cover risky markets such as Latin America or the APAC region, where synthetic identity fraud is a known issue.

In fact, the key point to understand is that Forex companies are facing the same application fraud and fraud attacks as before the pandemic, only on a much bigger scale. These include:

• Account takeovers: where fraudsters log into other users’ accounts to drain them of funds, or to gather data about the person.
  
• Multi accounting: using stolen IDs or synthetic ID to benefit from promotional signup bonuses or referral programs, amongst others. Forex bonuses are increasingly popular, but also the cause of numerous fraud problems, as we often see in the iGaming industry.
  
• Application fraud: where bad agents make use of synthetic ID fraud to open an account and trade using dirty money or crypto. 

The last point is particularly worrisome as it facilitates money laundering, described as the Achilles heel of forex and crypto trading for its ability to burden exchanges with regulatory fines, scare clients away, and stop banks from working with you.

Expect a New Avalanche of Synthetic Identity Fraud

The rise of remote work and the work-from-home movement also means people are more vulnerable to phishing attempts and poor security. Unprotected by a company firewall or simply adjusting to a new form of work makes it easier for fraudsters to confuse people and extract their login details, which they will use for application fraud.

The general public must also access unfamiliar websites to reach government relief funds, get general information and health news, which is why Covid-19 phishing attacks grew by 600% worldwide.

In short, we can expect a growing number of data leaks to appear on darknet marketplaces in the following months. These IDs are then bought by other fraudsters, who use them to create accounts on all kinds of sites, especially high targets such as Forex and crypto trading platforms.

A Bad Time to Turn Away New Users

“Exchanges, especially new ones, often try to gain a competitive edge with zero friction onboarding — but it all flies out the window if the manual reviews slow things down.“

Complicating matters is the fact that many of these Forex companies face a big dilemma when it comes to onboarding new users. In these uncertain times, nobody wants to lose business. 

This explains why you might be tempted to relax your user authentication process in order to grow your user base. This is a calculated risk, as it’s a well-known fact that a lighter authentication can decrease churn, but also increase application fraud rates, which make it harder to prevent chargebacks and to flag synthetic ID fraud.

Which brings us to the topic of manual reviews. While risk teams can be pretty good at spotting red flags with user applications, it’s a lengthy and time-consuming process. Exchanges, especially new ones, often try to gain a competitive edge with zero friction onboarding — but it all flies out the window if the manual reviews slow things down.

3 User Authentication Tech to Prevent Chargebacks and Reduce Fraud

By now it should be clear that user authentication is the key stage to focus on. Block fraudsters before they can sign into your platform, and you reduce chargebacks. You also improve your KYC in crypto, and avoid the increasingly heavy AML fines, whether you’re allowing users to trade FX only, or act as a cryptocurrency exchange. 

The question remains: how do you offer a seamless customer journey while flagging fraudsters as soon as they land on your website? Here are the tools we recommend at SEON.

Data Enrichment

Whether you deploy an email analysis or phone analysis data enrichment module, the concept is the same: use very few data points, and get a much better idea of who your user is.

Because data enrichment such as the one offered by SEON works in real-time, you can instantly get a precise risk score based on, say, an email address only given at user authentication, which removes doubts of synthetic ID fraud.

Efficiency and speed are the key benefits here, as it lets you safely onboard low-risk users with very few data points, creating a layer of invisible security that doesn’t slow down your growth.

Dynamic Friction

Now let’s say a user’s email address and name returns a risk score which would normally require a manual review. You can still also automate the process thanks to dynamic friction. The idea is simply to separate KYC processes into light and heavy ones.

You initially only use light KYC, and only trigger heavy KYC like a selfie photo or ID document upload for those who could be a threat of using synthetic identity theft techniques at the user authentication stage.

This is a much more efficient method than asking for ID after registration. For one, it lets fraudsters know immediately that they are being watched. It also removes any potential frustration for users who manage to sign up, and then find themselves waiting for authentication before they can begin FX or crypto trading.

Social Media Lookup

Social media lookup, as the name suggests, attempts to find information about a user by gathering their social data. While this is usually considered part of the data enrichment process, it deserves its own mention here, as it can be used for two good reasons:

• Help predict fraud risk: for loan providers, we found that 76% of defaulting customers had no social media presence, proving they had signed up using synthetic ID fraud techniques.
  
• Help fight chargebacks: some of our clients, for instance, use SEON’s social media lookup to collect evidence against chargeback claims. This doesn’t prevent chargebacks, but helps with a better success rate when contesting them.

Ready to Supercharge Your User Authentication Process?

At SEON, we’ve worked hard to offer the user authentication tools mentioned above, and many more. We offer a complete end-to-end fraud detection services, or data enrichment modules that integrate into your Forex platform in any way you want.

In short, we want to make it as easy as possible for you to add a new layer of protection to your site, or to start from scratch and ensure no bad agents make it past your landing page.