PCI DSS v3.2.1 accredited
Part 3 – Tapping Into the Right Data Sources
In the second article of our series on identity management and fraud prevention we examined how creating layers of technology defenses boosts performance. Today Anand Krishnaswamy, VP and Head of Identity Solutions Center of Excellence for TransUnion International, explains the value of tapping into the right data sources, the rising importance of digital identities and the ultimate data goal: a 360 degree view of identity.
For the most part, our discussions to date in this series have centered on a rhetorical question: How can you build the fraud prevention tools of tomorrow using yesterday’s technology? We’ve looked at a variety of best practices in leveraging cutting-edge technology. Today’s article changes focus to look at some of the powerful new roles and uses of data in identity management and fraud prevention.
Harnessing the right data is of course tremendously important in fraud prevention and identity management. Intelligent expansion of the data universe can yield deeper insights into consumer behavior and risks. This in turn enables development of more powerful and effective solutions. We have already seen this play out in the credit reporting industry where the use of trended and alternative data has become a best practice due to its inherent advantages in understanding consumer risk. The introduction of trended data marked a seismic shift in the way we use data. We can now see consumers in greater detail and truly understand their behavior over time, which has enabled businesses and consumers to make better decisions.
In the fraud space, advancements are following a similar path, with the incorporation of new data types significantly enhancing effectiveness. Traditionally, best practices have relied almost exclusively on offline data for identity verification: mainly personally identifiable information (PII) that appears in credit headers, such as name address and social security number. The need for non-credit data to address the new-to-credit population has led to the emergence of multiple, additional offline data sources, including demographic, voter registration, vehicle, and telco information.
More recently, online/digital data have come to form an increasingly powerful part of identity verification. In a world of breaches and easy access to PII information through Google searches, offline identity data has become relatively easy to find and less reliable than in the past for verifying someone’s identity, particularly when the consumer you are dealing with is invisible to you (accessing your online/mobile channel and not physically present). Moreover, the ongoing, massive global convergence of the physical and digital worlds is driving sharp increases in peoples’ digital activity, creating rich new data streams that can be harnessed for deeper consumer understanding. These factors have led to the development of digital identities, which provide a new, expanded view of an individual’s identity, enhancing insight and effectiveness.
Today, linking offline and online identity data to provide 360 degree views of customers has emerged as the Holy Grail in fraud prevention. By combining extensive online and offline datasets and leveraging emerging technologies, a “digital identity plus” approach can drive huge improvements in our abilities to detect and prevent fraud.
Today, linking offline and online identity data to provide 360 degree views of customers has emerged as the Holy Grail in fraud prevention.
In a recent Forrester study, less than a quarter of all firms surveyed said they were completely satisfied with their current fraud detection and prevention solutions 1. The quality and accuracy of data that organizations use to build their solutions is one of the reasons for this. As mentioned, insurers and financial institutions traditionally have relied on PII and credit information for verification and fraud prevention, but PII provides only a static view of consumer information, which makes it highly prone to hacking, account takeover and other fraud.
Tapping into alternative and trended data to build digital identities with a broader view is critical to overcoming these and other challenges. Galileo didn’t solve planetary motion by looking at half the sky. To better evaluate behavior, you need to consider a full universe of information, a la Sherlock Holmes. Digital identities complement a foundation of traditional offline data by layering on extensive online/digital data such as email, phone, location, biometrics, and behavior information, adding important dynamic and contextualized data capabilities. This results in richer insight into changing behaviors and environments and stronger protections for account acquisition and access.
Digital identities are key to staying relevant in today’s rapidly evolving digital world and building effective, friction-right experiences.
Solutions that can effectively leverage vast amounts of offline and offline data from different markets – whether it is voter ID data, vehicle registration data, connected device data, etc. — have strong strategic advantages, as they can validate the identity of the applicant quickly with relevant, friction-right processes. (See here for more.) When institutions recognize their ‘good’ customers, they can quickly pass them through approvals.
To protect themselves when a suspicious identity is detected, lenders can require additional information or steps from the consumer before they are approved. Often, fraudsters look for fast approvals and will be deterred by additional friction. Lenders who can quickly verify consumers, deliver solutions to make the process more seamless and reduce friction can convert more applications into acquisitions – helping them win in the Consumer-First Era. Passive authentication can satisfy the requirement of embedding and implementing security measures without burdening the user and the more the transaction risk increases, the more overt the verification checks become. This balance is crucially important and all are geared to making it more difficult for fraudsters to tamper with or circumvent checks.
Digital identities include an exciting new tool: device data. Device data and intelligence is quickly becoming a real game-changer as it offers powerful next-generation methods designed for today’s digital age. This technology can immediately evaluate mobile phones, laptops and indeed any internet-connected device and determine if the device has been used to commit fraud or if it appears to exhibit anomalous behavior. Device reputations can be determined, as well as hidden device associations, helping to identify bad actors working together. This enables real-time transaction blocking, keeping businesses ahead of risk.
Integrating device intelligence with other fraud prevention tactics and tools across channels helps ensure that if one mechanism fails to catch fraudulent consumer activity, another will.
The power of device intelligence is amplified by global networks. Fraud analysts can share device reputation around the world. This device intelligence can help other businesses make better-informed decisions about customers. Thus, businesses can benefit from thousands of additional resources, tools, and experiences, without adding to their initial fraud detection investment.
Fraud prevention and identification management strategies that integrate device intelligence are also making it easier for companies around the world to balance meeting regulatory standards with delivering a positive, friction-right customer experience. Take for example the EU Payment Services Directive (PSD2), which effects all businesses that process online payments or provide account related services in the European Economic Area (the EU plus Iceland, Liechtenstein and Norway). PSD2 sets out what it calls Strong Customer Authentication (SCA) standards, requiring the use of two or more of the following authentication methods:
There are exemptions to these standards, and this is where the value of device intelligence shines. Solutions are exempt if they operate in real-time and verify transactions against anomalies in user behavior, including the following:
Device intelligence technologies meet all SCA requirements and when combined with machine learning that can predict the likelihood of fraudulent activity, device data solutions can enable businesses to reduce fraud rates, maximize SCA exemptions and minimize customer hurdles.2
A final point on why digital identity is so promising: digital identity not only solves for fraud and risk, it also creates new growth and service opportunities. A great example is India’s Aadhaar. This national digital ID program serves as a platform connecting 1.2 billion people to a variety of financial services. Digital identity in India is an empowering hub around which the country is building an increasing number of services, with growing benefits to its citizens. Thus, digital identity has exceptionally strong value in developing markets where credit history, IDs and other traditional ID forms are not available or widespread.
TransUnion’s IDVision with iovation offers a full-range platform of solutions for firms, encompassing ID establishment, ID verification, fraud checks, analytics/models, and stepped-up authentication. Make sure you explore here what these can do for you.
Next in our series, we examine new developments in identification management and fraud prevention in seamless onboarding.
We're sorry, your request failed. Please try again in a little while.