Identity verification refers to the authentication process businesses, financial institutions and government entities use to confirm the true identity of an individual or business. This includes proving that an individual or business is, in fact, real and legitimate, and not pretending to be someone else.
A wide range of organizations use identity verification for many processes, from securing account opening, KYC compliance, distributing benefits, underwriting loans, to preventing identity-based attacks. Verifying identity is important to protect both organizations and consumers from identity theft, and its resulting financial implications.
What are the use cases for identity verification and how can organizations streamline the process of authenticating a customer’s identity? To answer these questions PaymentsJournal, along with the help of the digital identity experts at GIACT (a Refinitiv company), takes a deep dive into the topic of identity verification.
What is an identity verification service?
Organizations use identity verification services to verify the identity of the users or customers of their services. Some of these services exist in person, such as merchants requiring an identification card from customers purchasing alcohol or tobacco. Other forms of identity verification are digital, such as using an identity verification service to triangulate identity data to confirm its accuracy; two-factor authentication (2FA) or out-of-band verification; digital document verification; to biometric verification, such as face recognition.
For example, the Internal Revenue Service (IRS) uses online and over the phone identity verification to process income tax returns and issue refunds. The IRS also conducts identity verification for suspected victims of identity fraud and identity theft scams.
The bottom line is that any organization that operates or transacts digitally is at risk if they do not include identity verification in their customer journey. These risks include facilitating identity theft, financial losses and possible enforcements and fines.
Identity verification services are commonly used to mitigate these risks, but also to help organizations streamline onboarding and compliance, for example.
The challenges of verifying business and consumer identity
Identity verification comes with a number of challenges. For starters, fraud operators have become both increasingly sophisticated and increasingly bold. They are no longer a clandestine group of basement hackers. They are well-organized, well-funded, and well-equipped to take advantage of unprotected organizations and individuals.
Fraud numbers in recent years reflect the increasing sophistication of fraud tactics. According to a report underwritten by GIACT, nearly half (47%) of U.S. consumers were victims of identity theft from 2019 to 2020. This represents a staggering $712 billion in losses. Over one-third (38%) of consumers experienced account takeover attacks or unauthorized access to their existing account in the past two years, and 2021 is slated to be a record-breaking year for data breaches. This will translate to additional exposed personal identifiable information (PII) and greater losses in 2022.
“The opportunity to commit fraud is too good for fraud operators to pass up. In most cases, fraud online represents a low-risk, high rewards game. Fraudsters are rarely caught or prosecuted, while the upside can mean big cash returns. That is why fraud will be unrelenting as we go into 2022,” explained James Mirfin, Global Head of Identity and Fraud Solutions at Refinitiv.
Digital identity and COVID-19
It is impossible to unpack identify fraud in the context of 2022 without mentioning the ongoing impact of the COVID-19 pandemic. Facing pandemic-era lockdowns, social distancing mandates, and safety concerns, consumers swiftly shifted their activity in 2020.
While convenient, the digital capabilities that kept consumers safe during the pandemic also made it easier for cybercriminals to commit crimes. This makes it more important than ever before for organizations to deploy powerful identity verification solutions to reduce risk.
Federal Trade Commission (FTC) data from 2019 and 2020 underscores this message. U.S. consumers made more than 2.1 million fraud reports in 2020. And according to Mercator Advisory Group, identity fraud peaked during the initial waves of the pandemic.
Meanwhile, the FTC’s Consumer Sentinel Network database received more than 4.7 million reports in 2020. This included 1.4 million reports of identity theft. Over one in four (406,375) identity theft reports came from individuals who said fraudsters misused their information to apply for a government document or benefit (e.g., unemployment insurance), highlighting the need for not only businesses and financial institutions to use proper identity verification, but also government agencies.
Identity verification use cases
Fraud is not exclusive to a single stage in the customer lifecycle. “One of the things that strikes me… is how much crime has taken place against consumers. Their losses have been mounting … across bank fraud, credit fraud, loan or lease fraud, and that’s impacting businesses. They’ve got to learn how to protect themselves, how to identify their customers, and then track those customers over time,” said Tim Sloane, VP of Payments Innovation at Mercator Advisory Group, in a recent episode of the PaymentsJournal podcast.
Likewise, identity verification doesn’t only occur at the first point of contact with a customer. Rather, it is necessary throughout the customer journey. “Any consumer, business, or industry that transacts online is at risk of an identity-based attack,” said Mirfin. “You can’t onboard a customer and think the job is done. Identity verification is required at each stage of the customer lifecycle – from enrollment to [a] payment change event to ongoing due diligence and compliance,” he added.
Use case: Enrollment and onboarding
Enrolling new customers requires striking a balance between accuracy and speed. If the onboarding process has too much friction, the consumer may abandon the enrollment process and seek a competitor. If onboarding is seamless but does not have any fraud controls in place, organizations are putting themselves and their customers at risk.
Stolen payment card information “poses serious risks to the financial health of individuals across the globe. With approximately 4.5 million card details available for purchase on the dark web, a variety of stakeholders, including cardholders, financial institutions, and merchants, must evaluate their risk levels and respond appropriately,” wrote Shreyas Shaktikumar, Research Analyst at Mercator Advisory Group, in a recent PaymentsJournal article.
Identity verification addresses the following risks at the point of enrollment:
- Synthetic identity fraud. This occurs when fraudsters combine real and fake personal information to create fictitious identities and open an account. For example, a fraudster may attempt to create an account with a stolen Social Security number and a fake name.
- New account fraud. This occurs when fraudsters use stolen PII to open an account and siphon money, loans, goods, or services.
- True name fraud. This occurs when fraudsters assumes the identity of a real victim to open an account.
Use case: Change events
Change events are instances when customer information changes. For example, a customer may change their address, email, or bank account information. The risk with these types of events is that an account takeover may have occurred. This also brings compliance risk and red flag rules, such as returned mail. Identity verification during change events can flag suspicious activity and prevent fraudsters from changing a real customer’s information.
Use case: Due diligence
Ongoing due diligence is crucial to maintaining the security of accounts. This means maintaining customer lists by ensuring all information is accurate and up to date. The risks of not doing due diligence include non-compliance with Know Your Customer (KYC) and other regulations. This can lead to fines, enforcement, and reputational damage.
The good news is that organizations can minimize losses associated with identity theft by confirming that the individual signing up for a service is a real person and is who they claim to be, and do so on an ongoing basis.
How to streamline identity verification
Identity fraud can happen at any point in the customer lifecycle. Because of that, organizations must take a holistic approach to fraud and risk management. Additionally, with more exposed PII becoming available on the dark web, not to mention easier ways to target, research, and reach potential victims, identity verification will require both more and better data.
Not all identity verification tools are up to the task. “We have seen tremendous innovations that have improved digital experiences and commerce online. Methods to protect these channels and transactions, however, have not kept pace. Ensuring that your identity verification tools are constantly keeping pace is essential,” said Mirfin.
GIACT, a Refinitiv company, is built on the most complete foundation of data assets available anywhere. GIACT uses thousands of traditional and non-traditional data sources, including email, social, and mobile data, to conduct identity verification with a multi-dimensional view of both consumer and business identity as well as payments and compliance risk.
By validating and revalidating identity throughout the lifecycle, Refinitiv’s GIACT represents an end-to-end solution that protects businesses and their customers at every touchpoint, from account opening and servicing to payment processing and compliance.
“Refinitiv delivers a complete, multi-dimensional view of consumer and business identity and associated account risk in real time across the customer lifecycle. By leveraging Refinitiv’s foundation of data assets delivered in real time, businesses, financial institutions, and government entities can mitigate risk, streamline compliance, and enhance the customer experience,” concluded Mirfin.