With regulations becoming increasingly strict, it is more important than ever for companies to deploy a holistic approach to managing risk. More specifically, financial services organizations should be using a digital identity network to decrease fraud and optimize identity verification.
To learn why a digital identity network is the best approach to digital identity verification, PaymentsJournal sat down with Steve Munford, CEO at Trulioo, and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group.
What is digital identity verification?
Digital identity verification is a process that identifies a person’s digital identity—the data and personally identifiable information (PII) existing online that can be traced back to a real person, organization, or device.
Digital identity networks allow businesses to take a risk-based approach to verifying digital identity. A risk-based approach means that the identity network uses only the PII needed to verify a digital identity. The amount of information needed and verification methods used is dependent on the risk level of the specific digital user being identified.
For someone in North America, that digital proof of identity might come from a driver’s license and proof of address such as a utility bill. For someone in a developing country, that might be a mobile phone number tied to their name, a selfie (biometric authentication), and digital document verification.
The identity network’s infrastructure does the hard work of matching the verification methods to the risk level, offering an optimal user experience with the appropriate security measures.
Why an identity network is the best approach to digital identity services
Businesses that operate in the digital economy—and in particular regulated entities—must create their own safe and trustworthy online environments. This means satisfying strict security requirements without lengthy identity checks that can alienate customers. This is particularly true during the customer onboarding process, which needs to have the right level of protection while also being frictionless for customers.
Without these layers of protection, companies risk inviting fraudsters and bad actors who are looking to breach the onboarding process. “Account takeover [ATO] fraud rates grew by 282% from Q2 of 2019 to Q2 of 2020, with overall fraud rates rising 1.6% year over year to 5.3% in Q2 of 2020,” said Munford, citing the findings of a recent report.
To combat rising fraud rates and the costs associated with successful security breaches, countless identity providers are striving to fill the trust gap—but many are missing the mark. That’s because single solutions that verify one facet of identity don’t go far enough in reducing fraud.
For example, it’s easier for a bad actor to get past the verification process if it only checks an ID document, but doesn’t verify the PII on that document or further authenticate the user with biometrics.
Deloitte researchers have called for a way to “tie [these] solutions together so they form a strong identity system. Something that’s convenient, effective, lets users control their information and protects their information where it is in use. Something that can handle large transaction volumes and makes good sense for everyone involved.” In other words, a digital identity network.
Digital proof of identity combats an alarming rise in fraud and associated costs
As digital identity security and fraud prevention technology advances, it is becoming easier for organizations to prevent unsophisticated forms of fraud. Unfortunately, as many know, fraudsters are also taking advantage of new technologies and techniques to create more elaborate and profitable schemes.
“I spent my last 20 years in the security industry, and if I learned anything, [it’s] that if there’s money, there will be sophisticated actors that will try to get it in a fraudulent or malicious way,” explained Munford. “And this is exactly what we’re seeing,” he added.
One form of fraud that is on the rise involves the use of “fullz,” a slang word for full sets of identity data that can be used for account openings. The proliferation of data breaches has led to widespread black market access to these identity data sets, resulting in a huge spike in this type of fraud.
The costs associated with new account fraud are significant, with a Javelin Strategy & Research study estimating that FIs lose more than $10 billion a year, not including synthetic identity fraud or other identity-related fraud. Further, the Federal Trade Commission has reported an increase in new accounts with credit card fraud, new mobile accounts with fraud, and new fraudulent bank accounts. And with the increase of digital activities due to the COVID-19 pandemic, these costs look like they are rising.
Fortunately, the technologies for digital identity security and authentication are advancing rapidly and provide multiple layers of protection to combat new account fraud. While a data breach might expose one set of data, numerous other data sources can provide alternative information to verify against.
“An identity network reduces the effort [of providing credentials and other information] for the consumer, while assuring that the individuals [who] are trying to authenticate the user have good data and actually know who it is they’re interoperating with,” noted Sloane.
Digital identity networks are well-suited for the needs of financial services providers
The financial services industry is highly regulated, with providers needing to comply with complex Know Your Customer (KYC) identification and authentication requirements to prevent money laundering, terrorism financing, and other financial crimes and fraud. These regulations complicate the desires of organizations to launch global services.
So how can fintechs and other financial organizations accelerate their global expansion plans while meeting data privacy, KYC, and other regulations that differ across the globe?
By partnering with a provider that offers a digital identity network, financial services organizations can provide a single point of access for KYC and KYB, simplifying the process of regulatory compliance.
“They really need access to a network and to have at their disposal the right techniques for the right markets,” said Munford. “A digital identity network allows organizations to tailor what information they request in a specific geography to match what information they need, both to be compliant and to provide [digital identity security].”
Rising fraud, data privacy concerns, and an increasingly complex regulatory landscape have brought urgency to the adoption of digital identity and identity verification. As public and private entities continue to undergo digital transformation, regulations, standards, and guidelines will evolve to address new use cases and fraud attempts will become more sophisticated.
Digital identity networks can help businesses navigate this constantly changing digital identity landscape, providing a holistic view of user identities and risk factors and bringing greater accessibility to digital services. Businesses seeking to undergo digital transformation should leverage digital identity networks to engender consumer trust, mitigate business risk, and enable continued growth, convenience, and inclusion.