Financial services companies will probably pay more attention next year to state-of-the-art techniques against new-account fraud, industry experts say.
In some cases those already taking action are borrowing technologies used in casinos. In general they are tightening customer authentication and trying to head off new-account fraud.
"We're all kind of doing things around knowing your customer," said Greg Framke, the chief information officer of E-Trade Financial Corp. "I think there's a lot more that we can do."
Since December of 2004 the brokerage and bank has been using RSA Security Inc.'s Secure ID tokens - key-chain-size devices that generate a new passcode every minute. This is an "almost foolproof" method of preventing unauthorized access to accounts, since a user must be holding the token to log in, Mr. Framke said.
E-Trade, of New York, said in March that it would offer the tokens free to customers making more than five trades a month or with more than $50,000 in their accounts. Other customers pay to use them.
These devices are good at protecting established accounts but do little to help guard against "new customers who look legitimate but aren't, for whatever reason," Mr. Framke said.
He noted that emerging technology can help with background checks for prospective customers.
For instance, this year Primary Payment Systems Inc. of Scottsdale, Ariz., which is majority owned by First Data Corp., began to offer more real-time services to fight fraud.
Other databases range from those of the credit bureaus to the lists maintained by the U.S. Treasury Department's Office of Foreign Assets Control.
Mr. Framke said that though such lists are necessary, "I don't personally think it's enough just to go out and check certain public information."
He said E-Trade is looking at software and services now being developed or adapted for banks to find deeper associations than a search of public records may reveal. Such technology is already in use at casinos, he said.
"I think we'll be experimenting with it next year," Mr. Framke said.
He noted that several companies are offering these types of services.
International Business Machines Corp. of Armonk, N.Y., bought Systems Research and Development of Las Vegas in January 2004 and renamed it IBM Entity Analytics. It has been marketing the acquired firm's software to banks and has adapted it to keep it compliant with banking privacy rules.
Seth Twery, who leads IBM's banking risk and compliance practice, said "timeliness is an important issue" in fraud prevention - the process must be effective while not slowing the approval process.
The system examines a person's address, phone number, and variations of his name. In casinos it has compared this personal information against that of casino employees to ferret out insider scams.
"You can make it even more powerful if you are able to share data" and spot fraudsters across various institutions, Mr. Twery said, but it must be done anonymously to ensure regulatory compliance. IBM's software can compare customer data anonymously among several institutions without disclosing the contents of the lists it shares.
Mr. Twery said some financial companies are about to implement IBM's technology. "As these early adopters adopt these technologies, they will see how behind they were" in fraud detection, he said.
Avivah Litan, a vice president and research director at Gartner Inc. in Stamford, Conn., said the tactic of altering personal information - essentially, inventing an identity - account for the majority of new-account fraud.
"It's a big problem for a lot of banks," she said.
Those using invented identities rather than stolen ones are especially hard to catch because "you don't have a victim whining," Ms. Litan said.
Sharing new-customer data with other banks is essential, since crooks often try to open accounts at several institutions at once, she said. Such fraud "really is hard to solve if you don't have a network."
She says few vendors will come out in early 2006 with reliable tools to combat this fraud.
"It's going to be a much more difficult problem to crack" than phishing, she said, "and we will see developments," but the products "probably won't mature for a couple of years."
