OFX differentiates themselves as one of our customers that is at the cutting edge of identifying new accounts that are fraudulent. They implemented our Identity Check API through Accertify and use Identity Check to strengthen their ruleset in the Interceptas Platform.
OFX delivers fast, secure international money transfers to consumers and businesses at bank-beating rates—with outstanding customer service. The business deals across 55 currencies globally from six office bases and executes around 3,250 daily transfers.
The company was founded in 1998 by two Aussie entrepreneurs aimed at delivering a fair deal on foreign currency exchange—19 years later it is an international leader in overseas money transfer and still a champion of customer value.
Jason Nader is the Fraud Risk Manager at OFX. He has worked in the Finance and eCommerce industry for 10 years, gaining experience in fraud and investigations encompassing digital fraud, loan fraud, card fraud, money laundering, scams, and internal fraud. Jason is passionate about technology and providing a secure platform for international payments.
Please tell me us about your business, top priorities and challenges.
Our top priority as a business lies in putting the customer at the heart of everything we do. From investing in technology; to improving the performance of the website; to finding partners who can help us protect against fraud—our key focus is doing what we do better, every day, for the benefit of our customers.
There are challenges in the competitive landscape—new payments methods are springing up almost weekly, using social platforms to move funds and biometric identification to confirm identity. In addition, the overall threat level for the digital security of our data has never been higher. We are constantly assessing and troubleshooting to ensure that we are well positioned to keep our customer’s data safe.
What are you using to help detect account takeover, such as behavior analytics, two-factor authentication, etc.?
One method we use to help detect account takeover is the certification of new information. When a client’s details are changed in the system, we communicate with our third-party integrators to verify the information. For example, if a North American based client updates their physical address, we call out to Ekata using an auto-certification API to check the new data and see if their information matches ours. If it doesn’t, that’s a cue for us to investigate further. We also monitor device IDs and partners such as ThreatMetrix give us access to data on normal patterns of device use. Again, if things don’t look routine, we can investigate further.
Is this the only form of takeover that you experience? Do you see other patterns like fraudsters accessing emails/passwords to login and then initiate a transaction?
Account takeover is one of the least common fraud occurrences at OFX. On very rare occasions, we might see this if a client’s device has been compromised. Our most common route of fraud threat is via telephone, with individuals trying to access or move funds that they are not authorized to manage.
What advice would you give to consumers and companies to protect themselves when major data breaches happen?
Advice for consumers
- Don’t use the same password for everything and change your passwords regularly.
- Don’t click on links that you don’t recognize. If you’re not sure, investigate further via a company name search on google, or a phone call before you simply click on a link.
- Set your social media profile to high privacy settings and be really careful of any information that you share.
Advice for companies
- Educate your staff around good data security practices and build awareness to reduce the chances of them falling victim to an approach that could impact the whole business.
- Keep your tech systems up to date at all times, particularly the patches on all software and systems.
- Have an action plan ready for a data breach situation—there should be an internal plan of action and an external plan that includes things like media inquiries, customer communications and government/third-party handling.
According to the 2017 Fraud Report, account takeover losses reached $2.3 billion in the US, an increase of 61% from 2015 to 2016. With account takeover on the rise, how do you balance fraud prevention and making it a seamless process for customers to create an account?
At OFX, we achieve the right balance in security and customer experience by using advanced technology in the background of our product operations, and by being able to detect patterns of use that are inconsistent with normal behaviours. We step in to conduct manual checks when required to prevent unnecessary disruption to customer account operation. We also work collaboratively—sharing information across the compliance team—so that everyone is knowledgeable about suspicious activity that might have the potential to become a pattern.