Cyber-fraud criminals are sophisticated, well-funded, and adapt quickly to exploit weaknesses in new platforms, software, and mobile devices. As a result, the number of cyberattacks continues to grow while identity fraud prevention plays catch-up. The key for risk managers is to find an identity verification solution that is fully customizable but also easily adaptable to shifting business priorities and risks.
The Importance of Identity Verification in Risk Management
One critical strategy for combating fraud and money laundering is to verify all customers using an online platform. ID verification is a legal requirement for all financial institutions and investment-broker dealers under anti-money laundering “Know Your Customer” (KYC) regulations. Identity verification helps to ensure that a person is who they claim to be. This is especially important in situations where individuals open bank accounts, apply for loans, or engage in large asset transfers.
But the importance of ID verification is not just limited to financial institutions. In this global economy, all businesses need to assess their risks and conduct due diligence on customers to protect themselves from fraud and data breaches. With global customers, in-person customer identity verification is usually very difficult. However, many tools allow for digital identity verification, for example using global data verification, or using data with automated document verification including biometric or face recognition. This multi-source approach to identity verification allows you to protect your business and comply with regulations whilst limiting the amount of personal information (PII) required.
Digital Identity Verification: Static vs. Dynamic
Digital identity verification is an established process to verify a new or existing customer’s identity. This can be done using online data and personally identifiable information PII to trace the claimed identity back to a real person, organization, or device.
Static ID verification strategies rely on customers providing a dual sourced data verifications, 2+2, or social security number, driver’s license number, mother’s maiden name, or answering special security questions. The later are generally referred to as knowledge-based authentication (KBA) factors. Static information was thought to provide security because such personal information was supposedly outside of the hands of criminals and not guessable. Having acknowledged this, often times that is the right approach, relative to the risk, in order to limit PII to be shared. Additionally, static KBA solutions for identity verification are lengthy, rigid, and cumbersome to customer onboarding and sometimes they can be guessed. KBA questions also require a great amount of data to keep fresh and be successful. This unnecessary friction risks alienating customers who will switch to other financial institutions that provide a faster, easier experience.
Dynamic digital identities merge the physical and the online aspects of a user’s actual identity. While digital identities do include some static elements such as name, address, phone number, and driver’s license, they also include dynamic elements. These dynamic elements are informed by alternative data sources that represent an individual’s behavior in the digital world– the dynamic element of a digital identity. A customer’s dynamic digital identity is constantly updated based on the information available from every digital transaction the customer makes anywhere online. Additionally, digital identities require a trusted method of authentication to provide authoritative identity proofing that can’t be easily spoofed or subverted such as facial recognition or voice call authentication.
Taking a Risk-based Approach to ID Verification
Risk Managers assess identity verification solutions largely based on improving compliance and lowering the risks and costs associated with fraudulent transactions. However, it is imperative to mitigate risk from a holistic point of view, including the customer experience and protecting revenues. The best way to balance all these needs is to take a risk-based approach to ID verification.
A risk-based approach simply means that the amount of information needed to verify a customer’s digital identity is dependent on the risk level of that specific customer’s transaction or request. With the right analytics, digital identities can be scored to determine the risk that they pose to your business. The identity network’s infrastructure does the hard work of matching the verification methods to the risk level, offering an optimal user experience with the appropriate security measures. This risk-based approach allows the identity network to scale the amount of PII needed to verify a digital identity accordingly.
Rules-based ID solutions can no longer keep up. Dynamic machine learning driven digital identity analytics allow organizations to analyze data with context across devices, applications, transactions. This requires very little manual input. Machine learning algorithms analyze transaction data and only flag suspicious transactions with higher risk scores. This risk-based analytics approach can detect complex patterns and better assess potential risk, achieving a context-aware identity verification solution. This solution enables a company to make real-time security decisions based on the total risk associated with a new customer.
Modernize Your Digital ID Protocol with Integrity
By modernizing your business’s ID verification process to use a risk-based approach, you can help your business effectively navigate the constantly evolving digital identity landscape. Your business will be able to offer greater accessibility to digital services. Integrity’s ID solutions are here to help. ID-Direct is a web-based solution allows you to quickly and conveniently authenticate individuals online against our database of government-issued ID’s for citizens of 135 countries around the globe. Contact us today to learn how we can help your business build a safe and effective risk-based digital ID verification protocol.
Aristotle’s SVP of Business Development, Michael Bolcerek will be attending Money2020 Europe from June 7th – June 9th 2022 in Amsterdam. If you are interested in meeting in person, please email [email protected] to arrange for an appointment.