Three Things an Identity Fraud Platform Needs – Info Risk Manage

Identity fraud is a significant risk to your business; expense, customer satisfaction and brand reputation are all at risk. More than 1 billion records are stolen annually, causing financial institutions to shift their posture and assume ALL customer and prospect data is potentially exposed.

The impact on customers is sobering: Almost 20% of US adults report that their identity has definitely been used by a criminal to open an account. The financial impact is significant: Consumers lost more than $16B to identity theft (application and account take-over) in 2016, and annual first-party fraud losses, including synthetic ID fraud, for U.S. lenders is now estimated to be up to $10 billion.

Best-in-class identity fraud approaches require a frictionless customer authentication experience, so deploying authentication and identity management controls requires thoughtful navigation. Some 48% of US adults expect that they can prove their identity online when they set up an online account, but more than 1 in 3 will immediately terminate the relationship if a fraud event is not handled well. The impact is real and you need to have an engineered response to identity risk.

Identity Fraud – Beyond Point Solutions

Every week there are more and more providers entering the financial crime intelligence marketplace. They produce APIs and capabilities to validate different aspects of both physical and digital identities. These providers and solutions range across various categories including:

• Digital-based authentication information, such as:
  • Bureau data
  • Negative list
  • Device profiling
  • Geolocation
  • Email profiling
  • Biometrics
  • Social media data
• Call/IVR-based verification data, such as:
  • ANI spoofing
  • Negative lists
  • Line and device scoring
• 3DS protocols for CNP
• POS, in-person and ATM-based data.

The information is rich and plentiful, but as independent entities, it’s like looking at the complex authentication threat through a straw. The combination of disparate point solutions and rapid data accumulation of ID, verification and authentication signals hinders how most organizations pivot to manage the needs of identity fraud.

When considering any point solution, you should be asking:

• Which of these can be deployed quickly and how can we add/remove suppliers with minimal delay to our business functions?
• Each data element has an expense. How much of these data sources do we need? Do we need all this data all the time for every authentication interaction? How do we only pay for the data that adds value to our approach?
• How do we know if adding a new data sources/validation will increase our performance?
• How do we derive context from the various external suppliers and our own data?

Three Key Capabilities for Identity Fraud

When you take a more strategic approach to managing identity authentication, you need a platform that enables you to:

1. Establish omni-channel awareness

You need to seamlessly orchestrate the authentication events across your digital, voice, branch, CNP and ATM channels. Central management of all authentication channels means you can establish clarity to cross-channel customer/fraudster interactions and elevate controls of those channels under attack when fraudsters attempt to exploit points of cross-channel weakness. This comprehensive approach is critical to address the more complex, multi-channel ATO threats that have enumerable soft spots.

2. Efficiently manage existing and emerging authentication data 

With so many potential sources of authentication data, you need a solution that flexes to your requirements in any given scenario. It is not only about orchestration for the best authentication results, you also need to be able to deliver the right level of authentication at the right price point.

For example, a platform that can leverage internal data in concert with third-party data means that you can balance risk appetite with cost. There is no need to pull expensive external ID verification and authentication data when you may already have the answer in-house. When decisions need to be made, the capability to flexibly vet and match known fraud and other third-party data authentication in real time is a must.

3. Manage the complete customer-lifecycle

You need an identity fraud approach that supports your risk controls across the customer lifecycle from new-to bank to existing customer interactions. Solutions must consider seamlessly adding authentication context; or information derived based on receipt of raw data from different authentication and ID suppliers, blended with your internal bank data. This information can be leveraged by your application and fraud monitoring solutions to comprehensively understand customer interactions and respond to the associated threat. A complete lifecycle identity risk strategy allows for rapid, customer-centric detection of the most nefarious fraud types; early pay defaults, synthetic identities, bust-outs, sleepers and organized crime.

A scalable, straightforward identity fraud solution that rapidly and flexibly orchestrates the mountains of authentication information is mandatory for today’s digital banks. Organizations experiencing growth in origination and account take-over threats need a more strategic approach to managing their authentication, ID and verification data assets. They need a platform, if you will, that allows for rapid ingestion, context, measurement and decisioning. A platform that creates full fidelity to the landscape of identity risk posed to your organization.

The organizational adoption of centralized authentication is more of a journey then a one-off project. Enterprises need a solution that meets the dynamic challenges of digital maturation, threat landscape and the availability of emerging authentication data. The streaming capabilities of our FICO® Decision Management Platform, added to our Falcon Platform, offer organizations a way to handle batch and streaming authentication sources within a unified processing platform to meet the goals described above and take optimal authentication decisions across your customer base.