There are times that the terms credit risk and fraud risk are used interchangeably. However, these refer to two entirely different risk assessment practices. Simply put, credit risk analysis refers to a company (usually a financial institution) evaluating the likelihood that a borrower (or customer) will default on a loan, or repay a debt. On the other hand, fraud risk analysis is the evaluation of inputted data points to determine the likelihood of fraud during a digital interaction. Assessing credit risk and fraud risk have different expected outcomes, and as such, different approaches must be used for each.
The methods used by financial institutions have remained relatively static for decades. The process is straight-forward: before a customer can take out a loan, credit risk is evaluated by assessing an individual’s credit history and the score assigned to this history. Those histories are associated with the individual by static personal identifiable information (PII), and are often focused on highly-verified data in order to make deterministic decisions on creditworthiness.
This typically involves unique identifiers such as date of birth and social security number or national ID. The primary objective is to red-flag individuals who failed to pay on time or defaulted on their loans altogether. Financial institutions are looking to be 100% sure the person they’re loaning the money to is exactly who they say they are and has a proven history they can point to for their decision.
However, the past 20 years have seen rapid development in the landscape of digital commerce and banking that calls for a more evolved evaluation process than the more stringent reviewing tactics of credit risk. This, coupled with the large-scale data breaches during the early 2000s (think Equifax, First American and many others), has made relying on credit data and a deterministic approach to fraud risk analysis impossible.
Today, nearly half of all consumers have had some of their personal data compromised. This causes customers making real purchases to be flagged as fraudulent, leaving a lot of money on the table for merchants and creating a frustrating experience for customers. More than 70 percent of consumers say account creation should be instantaneous. An overwhelming majority also expect a fast, frictionless experience that is as trustworthy and secure as possible. Businesses have to use better methods to suss out the fraudsters.
Determining Fraud Risk
The more mature method of determining fraud risk relies on a dynamic dataset of personally identifiable information (PII) across multiple categories and taking a probabilistic approach in evaluating the potential for fraud. The largest benefits of this approach can be summarized in three main points:
1. Provides a superior customer experience
Using a probabilistic approach to assess fraud risk allows merchants to approve legitimate customers without requiring the customer to enter additional identity verification information. This ensures the least amount of friction is experienced by the customer and will allow them to move more seamlessly through the transaction process flow.
2. Shows a more complete digital customer profile:
Traditional PII uses static information, like social security numbers, government IDs, and addresses, while fraud risk analysis leverages dynamic PII. Dynamic PII moves beyond the traditional static and often compromised data set, and instead looks at the linkages between data points such as email, IP, phone, name and address, along with device ID, behavioral analytics, and often biometrics to get a better view of risk. By assessing a wider breadth of data points, the connections between them, and how they behave online, businesses can obtain a more complete picture of the identity behind a transaction, and make more reliable decisions around the risk of fraud.
3. A global solution:
Using credit data to assess risk inevitably limits business opportunities, as there are only about 20 mature credit markets globally. Anyone residing outside those silos and the underbanked populations would be hard for an organization to evaluate accurately, and inadvertently decreases a merchant’s potential customer base. Dynamic PII elements circumvent this issue as the data can be formatted and leveraged in models or rules around the globe.Using credit data to assess digital fraud when e-commerce was a new market may have been “enough” back then, but it no longer satisfies the needs of merchants seeking to do business online today.
As most traditional PII is compromised in widespread data breaches and the consumer demand for a frictionless experience grows, businesses have to move beyond static thresholds for approval. They have to find the right balance of moving good customers through quickly while not exposing themselves to unnecessary risk. New technologies that leverage dynamic PII in a probabilistic evaluation of fraud risk is the future of online transacting.