Facebook, Twitter, Instagram, Snapchat and other social media channels play a tremendous role in the everyday lives of many people. These platforms make it easy to stay in touch with physically distant family and friends, share personal adventures and viewpoints, or just show off a photo of that well-plated entrée from the local gastro-pub.
Most, if not all social media outlets have easy-to-use apps as well, making it even more convenient for the always-connected consumer to snap a selfie and post it directly from a mobile device. However, while social media is a great way to stay in touch, it is also a great way to unwittingly give fraudsters access to the personal details that can lead to compromised accounts or identity theft.
It is hard to fault a consumer for sharing personal details through social media channels. Social sharing is easy, and engaging with an audience through social media helps meet our psychological needs of love, belonging, and self-esteem. Chris Skinner wrote a recent blog about the role of social media, stating: “the digital mobile world we live in today plays to our basic psychological and self-fulfillment needs, which is why it is so addictive.”[i]
But when consumers share or corroborate unique personal data, they are potentially, and inadvertently, giving fraudsters the keys to their financial lives. Information like birthdays, school history, family members, pet names and more could be answers to “challenge questions” that a fraudster can use when attempting to impersonate a consumer.
According to analysts at Aite, consumers who also interact with a particular brand or bank through social channels are essentially confirming that they have a relationship with that organization. Fraudsters can take that valuable information and supplement it with stolen credentials, or use social engineering tactics to compromise an account.
As if those scenarios weren’t scary enough, there is also the potential for a consumer to engage with a fake social media profile that is impersonating a trusted brand. Fraudsters can, and do, skillfully replicate the online presence of FIs, which can trick consumers into revealing personally identifiable information (PII) to these shell profiles.
The numbers back up the fact that a stronger social presence leads to a higher incidence of fraud. In the 2017 Identity Fraud Study released by Javelin Strategy & Research, the researchers found that consumers with strong social presence and frequent online shopping are exposed “to greater risks, a 30 percent higher risk of fraud” than offline consumers. Even more compelling is the finding that social networkers with infrequent or no online shopping “face…a 46 percent higher risk of account takeover fraud” than offline consumers.[ii] (Read our recent blog post for more details about account takeover fraud.)
Ways to Fight Back
Consumers and financial institutions (FIs) have a number of tactics they can employ to combat the fraud risk associated with social media.
For consumers, one of the primary ways to reduce risk is to lock down access to social media profiles. Companies like Facebook offer strict privacy controls, allowing individuals to share personal details only with the people they know and trust. Fully implementing the strictest privacy settings on any social platform is a good first step for consumer protection.
Consumers can also exercise good judgment when it comes to adding new friends and followers to their social platforms. Individuals should ensure they know the person to whom they give access to full profile details, and regularly monitor their friend lists for suspicious activities and messages.
FIs can help mitigate risk through social channels in a number of ways as well. According to analysts at Aite, these can include limiting consumer interaction through social messenger apps to lower risk activities, like providing account balances. For substantive transactions, FIs should require customers to switch to their secure online or mobile applications.
FIs can also regularly monitor social platforms and identify any fraudulent “phishing” accounts that are set up to impersonate the institution. By seeking and stamping out those profiles, FIs can help reduce the risk to consumers and their own organizations.
Actively Monitor Social Media to Manage Risk
Long term risk management in the age of social media will require vigilance and active monitoring of account activity. Consumers who take the time to set their privacy controls and clean their social connections of unknown persons/entities can help mitigate the potential for account compromise. FIs who have a social presence can route substantive customer transactions to more secure channels and scour the platforms for potentially fraudulent copycat profiles.
Both consumers and FIs can actively monitor accounts for fraud as well. By keeping a finger on the pulse of account activity, consumers and FIs can mitigate the risk for fraud and limit the impact of a compromised account.
Fraud platforms like the one Zoot provides also enable FIs to apply additional layers of security, like traditional and device ID verification, for frictionless protection against fraud. For more information on the fraud and risk management options available through Zoot, please visit our Fraud platform page.