The digital revolution has enhanced how we shop, pay our phone bill or purchase a home. But it comes with a downside: people’s personally identifiable information (PII) is increasingly being compromised in data breaches then used by criminals to take over accounts or to make new, fake ones.
Part of the problem is that it’s harder to verify the identity of a user online, in a faceless environment. In an online setting, a criminal armed with the right login information can appear to be a legitimate user.
This makes identification and authentication crucial components of any company’s fraud protection efforts. In order to avoid fraudulent interactions, companies need to verify that the consumer is who they’re supposed to be.
To learn about the state of fraud, the importance of identification and authentication, and what solutions exist to help companies stay ahead of the fraudsters, PaymentsJournal sat down with David Barnhardt, Chief Experience Officer at GIACT. Joining us in the conversation was Tim Sloane, VP of Payments Innovation at Mercator Advisory Group.
Identification & Authentication in the digital world
As more interactions shift from the physical space into the cyber one, financial institutions are moving quickly to find solutions to verify the identity of consumers. A common practice is for consumers to create an account then use that account as a means of verifying themselves in an interaction. However, creating an online identity that can be verified “requires a range of high-tech capabilities,” explained Sloane.
For example, Sloane noted, a successful identification solution needs to be able to determine if the accountholder is still alive, rather than it being someone else using the deceased person’s account. An effective solution also requires the ability to utilize behavioral biometrics generated by the user using the mobile app or website. You then need risk policies to understand if an individual qualifies as high-risk or not.
Sloane pointed out that the exact configuration of technologies varies by use case, as different processes exist for creating a healthcare account versus a bank account, for example. In any case, a large amount of PII data is being generated and stored, meaning that proper security measures need to be put in place. If a company fails to secure the PII, it may face fines and substantial reputational harm.
“It’s amazing how much PII data is released every week”
Due to the increase of data breaches, companies are facing an uphill battle when it comes to identifying and authenticating users. “It’s amazing how much PII data is released every week, every month,” remarked Sloane.
Stolen PII, usernames, and passwords enable hackers to gain access to legitimate accounts and exploit them for criminal purposes.
“Today, the need to verify and validate at every touch point is critical, because the fraud operators will exploit any part of that process which they feel like is deficient, or has gaps,” said Barnhardt.
One fraud vector that is hard to combat is synthetic identity fraud. This is when a criminal combines a real person’s information, such as a social security number, with fake information, such as an imaginary name. The result is a “synthetic identity” because it is a combination of real and fake information.
An easier type of fraud to detect is traditional identity fraud, when a person’s account is simply taken over by the hacker.
In both cases, companies looking to fight back against the fraud “really have to dig into the digital DNA of the consumer, using a mix of traditional and nontraditional data,” said Barnhardt. “The PII is the key in detecting these identity crimes.”
Companies can’t simply rely on traditional data like usernames, mother’s maiden name, or passwords because these are too easy to compromise. If that’s the only way you’re validating your consumer, said Sloane, “you’re exposing yourself because all that data is already available on the dark web for millions and millions of users.”
Keeping up with customer’s ever-changing PII: gIDENTIFY Persistent Monitoring
Companies that want to protect themselves from fraud and also create a positive customer experience should continually stay up to date on their customers’ PII. But this is easier said than done.
“Unfortunately, companies have to rely on the customers themselves, often, for an update,” said Barnhardt. This is a problem because customer routinely forget to update their information.
For example, if someone gets married and changes their last name, they may not alert their bank about the name change. This can create headaches later on.
In response to the pain points generated by consumers not updating their own information, GIACT created gIDENTIFY Persistent Monitoring. The solution enables businesses to proactively manage their customer bases.
It works by triangulating customers’ PII against a variety of data sources, ensuring that the information stays updated.
One salient use case is how when a customer passes away, it’s very important for the customer’s financial institution to know in order to freeze the account. Otherwise, someone can go into the account and withdraw funds. But with GIACT’s gIDENTIFY solution, financial institutions can proactively get the information they need to avoid such a situation.
Address changes are another area where GIACT’s product comes into play. As mentioned, many customers forget to change their address after moving. Then they may order a product but not have it go to the proper address. Even though this is technically the consumer’s fault (because they failed to update their address), they’re likely to blame the company anyways. But with gIDENTIFY Persistent Monitoring, companies can keep track of changing PII.
Barnhardt also explained how the gIDENTIFY product allows companies to meet KYC requirements.
Overall, products such as gIDENTIFY help companies fight back against the fraudsters while also offering a better customer experience. “These are all things that really truly do help the companies to manage their entire customer lifecycle,” said Barnhardt.
