As consumer expectations continue to rise in step with regulatory demands, fraud and compliance teams face a pivotal challenge: how to scale operations without sacrificing security. According to Trustfull CEO Marko Maras, the key lies in leveraging open-source intelligence (OSINT)—a transformative tool that taps into publicly available data to deliver unrestricted, global insights.
While open source intelligence, as a concept, has been around since the 1940s, its potential as a powerful, accessible tool has only come into focus in more recent years. Since the early 2000s, the amount of data available online has exploded thanks to the growth of the internet. This has enabled fraud prevention experts to access information from online search engines, media publications, online forums, public records, government records, and much more. Then, over the past decade, further advancements in API and machine learning technology have accelerated the expansion of OSINT, making it possible to embed real-time and fully silent checks into every sign-up, login and transaction attempt as a vital first line of defence.
According to Maras, “this shift is crucial for FinTechs and financial institutions seeking to scale rapidly without compromising security. Leveraging OSINT helps these companies strike the perfect balance between robust fraud prevention and a seamless customer experience.”
Balancing customer demands and fraud prevention
Finding this balance is more important than ever, as today’s customers demand faster, better services—and won’t hesitate to switch providers if their expectations aren’t met. According to a Zendesk report, 72% of customers want immediate service, while 49% of customers left a brand to which they’d been loyal due to poor customer experience (Source: Emplifi). At the same time, the threat of fraud is rising, and firms need to strengthen their protections and controls. It is estimated that $3.1trn was lost through money laundering in 2023, while fraud schemes accounted for $485.6bn in projected losses globally. As threats are rising, fraud and compliance teams need to find customer-centric ways to protect their business and their users.
Maras believes that OSINT solutions, thanks to their adaptive and cross-border nature, are perfectly positioned to support firms in this challenge. “If integrated into fraud prevention strategies and utilised at scale,” he said “OSINT can identify risk signals and suspicious patterns, such as new accounts being created with incongruent or inconsistent contact details, before they escalate into fraud. More specifically, by continuously cross-referencing digital signals from email, phone numbers, IP addresses and devices, OSINT can help verify user identities in real-time, deterring fraudulent activity proactively rather than reactively.”
In fact, one of the most common mistakes firms make in relation to OSINT is using it as a reactive tool to investigate an attempted or successful fraud incident, rather than using it in advance to prevent fraud from occurring.
Many fraud teams are already leveraging OSINT, but only sporadically or manually, limiting its potential. Instead, Maras encourages companies to integrate OSINT checks as a proactive, automated layer of protection that is embedded within all onboarding, authentication, and transaction processes. “OSINT acts as a continual deterrent, identifying fraud indicators at the earliest stages and helping to stop fraud before it happens rather than serving as a post-fraud investigation tool,” he added.
Regulatory requirements
Customer expectations aren’t the only pressure point for FinTechs and financial institutions—regulatory demands are intensifying as well. A prime example of this is the newly launched reimbursement rules in the UK for authorised push payment (APP) fraud. Payment firms, including banks, building societies, and smaller e-money firms, are now required to reimburse victims of APP fraud within five business days, pushing fraud prevention to the forefront of priorities. Maras highlighted the role that OSINT should play in this regard: “OSINT enables fraud and compliance teams to perform deep, real-time checks without compromising speed or user experience, helping flag suspicious behaviours or circumstances that could indicate the presence of fraud”. From delaying transactions made during suspicious calls to triggering extra OSINT checks when account contact details are updated, the potential applications are transformative.
Stopping global threats
While the internet has improved the ability to prevent fraud, it has also increased the scale and sophistication of the phenomenon. Instead of needing protection only from local criminals, financial institutions are now potentially vulnerable to a wide range of international crime syndicates. And, while many fraudsters already know how to use OSINT to uncover someone’s personal details, the dark web is a golden source of stolen data on people from every country in the world.
Once in possession of stolen or fabricated personal data, fraudsters also have a variety of tools available to them to hide their identities. Marasexplained,“Usingfakecontactdetails andmaskedIPaddresses fraudsters can easily create synthetic identities with an appearance of legitimacy and trustworthiness. These ‘frankenstein profiles’ are hard to spot if firms rely only on basic checks. However, with advanced OSINT tools like Trustfull, these facades are easier to uncover.”
The Trustfull platform dives deep, analysing digital signals that can reveal inconsistencies in the digital footprint of users, including mismatched IP geolocation and device behaviours, or flag newly created email addresses and disposable phone numbers. This empowers firms with more advanced checks to spot fraudulent identities in real time.
According to Maras, while a fraudster can quickly create legitimate accounts with disposable emails and rented phone numbers, they cannot easily build a long-standing digital footprint. By leveraging data from publicly available sources, fraud prevention teams can assess the digital history of an identity, such as the age of an email and the consistency of online activity and identify the suspicious accounts instantly. “This global intelligence layer enables fraud prevention strategies that are adaptive, proactive, and resilient to evolving cross-border threats.”
Driving OSINT efficiency with Trustfull
Trustfull was founded in 2020 to help firms tackle the rising threat of fraud using the power of open source intelligence. Its platform embeds fraud prevention into the core of every digital interaction, serving as a global gatekeeper. Leveraging publicly obtainable
data and predictive analytics, the solution gathers and analyses hundreds of digital signals to verify the contact details, behaviours and business information of users. Not only does it monitor traditional OSINT data sources, but can analyse and cross-reference signals from sources like phones, emails, IP addresses, devices and browsers to detect discrepancies, such as mismatched contact details, device spoofing or suspicious geolocations.
Talking about the value that Trustfull brings to customers, Maras said: “Our solutions go beyond basic validation, analysing if a user’s digital footprint indicates a genuine individual or a synthetic identity. This approach not only deters fraud but also minimises friction, allowing firms to grow securely and confidently.”
One notable use case is the platform’s phone-to-name capability. Traditional methods use limited or region-specific telecommunication databases, whereas Trustfull aggregates a variety of data sources to offer precise name matching regardless of country of operation.
Some of the other notable features of Trustfull’s solutions are its Rule Engine, which boasts the flexibility to build bespoke models tailored to a client’s specific policies, and the Insights and What-if Analysis features that empower firms to backtest risk models and continuously refine and improve model accuracy against actual training data. Finally, the Trustfull Identity Graph is a tool to help firms connect data points across various accounts, uncovering relationships and potential multi-accounting attempts. This tool visually links users and highlights any unusual patterns or connections that could indicate fraud.
What’s ahead for Trustfull
The team behind Trustfull is continuously enriching the platform’s data catalogue and consolidating the company’s presence across Europe and North America. Striving to constantly keep pace with industry needs, they are currently working on the release of two important solutions: advanced authentication to block account takeover attempts, and domain intelligence to verify small and micro businesses using insights sourced from the web.
“This roadmap will enhance our clients’ fraud detection capabilities across more touchpoints in the user journey”, Maras said. “In today’s rapidly evolving digital landscape, innovating constantly is a must. By broadening our offerings and refining our data assets, Trustfull will ensure that clients remain one step ahead of emerging fraud tactics.”
When asked why a company should work with Trustfull, Maras mentioned the radically different and effective approach the company brings to fraud prevention, as well as its track record with clients, including Cofidis, Younited, Lastminute.com, Nexi and Elavon.
He concluded, “At Trustfull, we truly believe in the power and effectiveness of open source intelligence to stop and prevent fraud. By constantly expanding and refining our data catalogue, we empower our clients with the most advanced library of digital signals in the industry. This is how we help them protect their business against fraud in a seamless and truly customer-centric way”.
Keep up with all the latest FinTech news here
Copyright © 2024 FinTech Global
Copyright © 2018 RegTech Analyst