As we continue to move through 2020 and an unpredictable economy, how are businesses approaching identity proofing in a way that truly meets consumer needs via digital channels?
Not long ago Matt Johnson, Product Marketing Manager for Fraud and Identity at TransUnion, recorded a podcast about how businesses should be tackling identity proofing during COVID-19. While we have touched on the subject of identity proofing in previous blog posts, the topic remains timely given the continued rise of identity fraud during the pandemic, and we therefore felt it would be valuable to circle back to some of the most pertinent messages from the podcast.
What is identity proofing?
At its core, the concept of identity proofing seems simple. Identity proofing is the means of verifying and authenticating the identities of legitimate consumers while preventing fraudsters from curating account credentials, transacting or gaining access to unauthorized accounts. But this is where the simplicity ends and where the balancing act of delivering the modern friction right experience that consumers demand against the risk of fraud begins.
The COVID-19 pandemic placed unprecedented demands within online channels, and has caused immediate changes in shopping patterns, along with an unprecedented spike in digital transactions. In fact, according to TransUnion data, there was a 23% increase in e-commerce transactions in just the first week after the declaration of the COVID-19 pandemic on March 11th, 2020, and at the time of this recording, a 14% increase in risky financial services transactions.
The shift to digital transactions has been steady in recent years, but some industries, such as insurance and even still many financial institutions, have not kept pace with the desire of their customers to move online. The current world issues are serving as a catalyst, forcing this migration as the shift that digital transactions has now been brought forward and is accelerating, with all indications of this being a permanent change.
The changing face of fraud
Fraudsters thrive on the uncertainties of today and the foreseeable future, and are leveraging the world events for fresh attacks on organizations that are least prepared. Nearly every company has taken measures to assure some level of certainty of who they are doing business with, driven in part by regulations and rules such as know your customer or KYC, anti-money laundering and OFAC guidelines depending on your industry.
But many organizations have been hesitant to go beyond the minimum compliance requirements. Acquiring a customer is challenging enough, without inserting the additional friction into the fraud prevention process. Some organizations have even been willing to accept some level of fraud, simply writing it off as the cost of doing business.
Combating today’s evolving threats
Fraudsters talk with one another and know who to attack and how to best carry it out. Many companies are not prepared to confront the issues created by the new realities of today. In a normal environment, as new threats have emerged, organizations have typically deployed a myriad of siloed solutions that focus primarily on identity verification to establish identity and knowledge-based authentication to authenticate the individual is who they claim to be.
While it has met the requirements to comply with regulations, this structure has been less than ideal, as fraudsters have increasingly been able to defeat it with breached PII data, necessitating organizations to make that tradeoff between customer experience and locking things down with tighter fraud prevention measures.
Protecting your business
Let’s discuss some best practices to ensure your organization is ready. First, given the rapid shift to online channels, you should consider accelerating any planned investment for your digital channels, as the current world events will bring forward a major shift in how consumers transact, requiring new resilient and innovative business models and workflows. If you don’t have the capacity to serve your customers and they experienced service interruptions, trust can erode from your organization.
As it pertains to identity proofing, as I mentioned, it’s complex. It’s not a good idea to go at it alone and attempt to build your own solutions against fraudsters that are experts in finding ways to defeat your countermeasures. In fact, their livelihoods often depend on it. It’s better to partner with a vendor that is dedicated to the cause so that you can focus on your core business.
Identity proofing strategy foundation
The foundation to any good identity proofing strategy is data. You should seek out a partner that has the depth and breadth of diverse public records, consumer credit, personal and digital identity data sources. With this foundation of data, it’s also necessary to possess the expertise, to apply technology to make linkages within the data to enable actionable insights. You can have all the data in the world, but if you can’t take any insights from it, it’s not very useful.
Which solutions do you need?
Traditional identity verification and knowledge base authentication solutions are still an important part of the mix, but they are no longer the strategy itself. A modern approach should also include digital attribute risk assessment from the device that is being used, document-centric identity authentication, real-time fraud alerts, behavior analysis, reputation and link analysis, along with dynamic multifactor authentication strategies that are aligned to transaction risk.
You should be able to truly know your customer and quickly approved trusted customers while applying appropriate friction to the higher risk transactions. This results in treating each customer individually rather than everyone in the same manner.
Partner smart to ensure compliance
Finally, it’s essential to work with a partner that has support on the ground in the regions where your business operates, to ensure ongoing regulatory compliance anywhere in the world. With growing privacy awareness by consumers and ever-changing regulatory and compliance regulations, such as GDPR, PSD2, KYC, AML and OFAC, along with others, you can minimize your exposure to running afoul of them by leaving it to a partner that can manage it for you.
TransUnion’s global fraud and identity solutions are uniquely positioned to assist organizations attain these objectives through a modern approach to identity. To find out how our team can help your business navigate identity proofing during COVID-19 and beyond, request a demo with us.
To hear identity expert Bianca Lopes discuss how multinational organizations are approaching identity proofing on a global level, watch our recent webinar.