Australian businesses, including financial institutions, make only limited use of best practice fraud detection and mitigation systems, and many organisations are still relying on manual processes, according to a new report.
Business information and analytics company LexisNexis Risk Solutions surveyed executives responsible for fraud protection at more than 100 Australian companies in the financial services, retail and e-commerce industries for its report, Risk Solutions 2021 True Cost of Fraud APAC Study.
It found that the recent strong growth in mobile and online banking and shopping has contributed to an increase in fraud. Detection and mitigation practices have not kept up.
Respondents reported that mobile/digital wallets accounted for as much fraud as debit cards, despite the relatively small value of transactions they make up.
LexisNexis said identity fraud is the key threat and concluded that more real-time transaction tracking is needed.
“Various factors contribute to identity verification challenges, including limited real-time transaction tracking tools and third-party data, the rise of synthetic identities and concerns about customer friction,” the report says.
LexisNexis applies a multiplier to direct fraud costs. It found that the total cost of fraud is 3.8 times the lost transaction value for financial services companies. The multiplier covers such things as legal and recovery costs, and the cost of funding fraud operations.
It said this multiple is high relative to other countries and higher than the multiple calculated in a previous survey in 2019.
The report makes a number of recommendations to bring industry processes up to best practice. At the top of the list, businesses need technology that recognises customers, pinpoints fraud and builds a fraud knowledge base.
“Organisations can no longer rely on manual processes with the assistance of limited technologies,” the report said.
The director of fraud and identity at LexiNexis Risk Solutions, Cameron Church, said continued use of manual processes to detect fraud was surprising but reflected gaps in technology planning and budgets. “Some things fall through the cracks,” he said.
The report says “single-point protection” is no longer enough for effective fraud protection. It recommends the use of behavioural biometrics to guard against bot attacks.
And it recommends that business work more closely and share data on fraud strategies, blacklisted devices and accounts.
Church said that in some overseas markets services like Scamwatch work more closely with business to develop fraud prevention strategies. That needs to be done here.