It’s been said that faster payments lead to faster fraud, but what if identity verification and authentication technology become faster, too? More importantly: What if they become stronger?
According to David Barnhardt, CxO at GIACT, this is what must happen to thwart faster fraud.
Bankers, billers, lenders, utilities, insurers, money service businesses, brick-and-mortar and eCommerce retailers, governments, and any financial organization that’s doing business with these players – from cards businesses to the trusted financial institution down the street – all of the above face their own unique challenges when it comes to identity verification and fraud. But if you ask Barnhardt, there is one overarching principle that could guide them all.
“In today’s identity landscape,” says Barnhardt, “it is more important than ever to manage an identity lifecycle and manage that customer holistically.”
Here’s what that means, and why Barnhardt says it could – and should – change the landscape for any organization that facilitates payments.
The Looming Fiend of Fraud
In the financial world, the threat of fraud affects everyone, albeit in different ways. Point solutions are tailored to the individual needs of players on the consumer and retail side of the space as well as those on the wholesale commercial side. However, fraudsters aren’t attacking single points anymore.
The modern fraudster’s approach has become much more comprehensive and insidious. They’re not just stealing account numbers; they’re stealing entire identities and/or synthesizing new ones from bits and pieces of data exposed by the mass data breaches of recent years.
Barnhardt said 15 percent of consumers discover new account fraud – that is, fraudulent accounts opened using all or some of their credentials – when they review their credit, while another 13 percent only learn about these fake accounts when a debt collector contacts them.
“Fraud is evolving,” Barnhardt says. “With the chip cards coming out, that very lucrative broad stream has dried up, so fraudsters are in a period where they’re innovating themselves.” And that, he added, means everyone else had better start innovating, too!
The Identity Picture
The first and most important implication of the evolving innovation by fraudsters is that fraud tools can no longer stop at searching for stolen card data. New tools must be able to unpack how digital identities are composed in order to sort out the real from the fake. They must be able to positively identify and authenticate end customers so that financial organizations can obtain a full picture of who is sending the money and who is receiving it.
“When it comes to putting together an identity picture – we refer to it as the ‘digital DNA,’ and this applies to a consumer or business – you’re looking at not just what they have at this point in time, but what has been there in the past, and how much of the non-traditional data corroborates with header data.”
Barnhardt says artificial intelligence (AI) and probabilistic modeling can be very effective tools for assessing digital DNA, provided the organization is ingesting the right kind of data. Traditional data like credit header data and bank account information can no longer be used in a vacuum. Non-traditional data from sources like customer emails, phones, and social media accounts are essential components that cannot be overlooked in the identity lifecycle.
Of course, that data must be current real-time data if AI systems are to function optimally – that’s how GIACT supports faster payments with faster identity verification. With this combination, organizations can increase their ability to detect synthetic identity and other forms of highly-orchestrated fraud.
Re-Identification
It will always be important to authenticate and verify the identities of customers at the point of enrollment, whether dealing with individual end consumers or with businesses. However, it’s becoming more critical to repeat these processes continually – in real-time, just like the payments they protect and like the fraud they fight.
“Companies need to proactively engage with their customers at each opportunity, whether it be a change to a customer profile, or a request for checks for a new debit card in the case of banking,” Barnhardt says.
More than that, he adds, companies might know their own customers. But what about the party on the other end – the party receiving the wire or ACH payment? Banks are especially concerned about ensuring that both parties conducting a transaction are legitimate; otherwise, they risk taking an OFAC hit.
Challenges with identity verification
There are two major challenges companies will face as they move toward real-time, passive verification. One is customer experience, and the other is interoperability (or lack thereof).
Organizations must strike a balance when enrolling new customers: The process must be quick and efficient, but it must also mitigate risks. Continuous identity verification must strike the same balance of catching fraudsters in the act without interrupting the customer’s journey – indeed, if possible, passive verification should improve the customer experience.
A lack of interoperability can interfere with that goal, however. Numerous companies have cobbled together point solutions to address the growing fraud problem, and this chain of incongruent middleware can be fraught with cracks for data to fall through. This approach inhibits the effectiveness of the overall prevention program, often slowing it down and compromising the customer experience.
Interoperability enables all products to work in unison, taking the whole lifecycle into account and driving that holistic approach.
Unanswered questions
It’s not uncommon for executives to have many unanswered questions around IDV tools and processes. Regulations implementing new laws are often in flux until the point they go into effect. As such, so many companies may not even know that their processes are out of step with new requirements. Confer with your company’s legal and compliance officers if you are uncertain about the rules and regulations that apply to your business.
On top of that, Barnhardt says there are a few best practices to consider. Continue working toward digitizing operations; that’s the way things are done now and will be done in the future. Automated collection and verification of data can help mitigate the failures and inefficiencies of paper-based authentication processes. Just be aware that increasing the amount of digital information you collect and hold requires protecting that data, too.
Emerging and future technologies will introduce new ways to make payments. That will drive new innovations and best practices for identity verification. The one thing that’s certain is that a future with faster payments will, unfortunately, include faster fraud; therefore, businesses must strive for faster IDV.
— via PaymentsJournal