The sheer range of dynamic and emerging fraud tactics can impede agencies from achieving security. These threats must be met with a variety of identity proofing and management tactics. Without monitoring, performance assessments and tuning, a singular and static identity proofing strategy can be exposed by evolving schemes and the use of high-quality compromised identity data. Traditional verification and validation parameters alone are simply too obtuse and can be circumvented easily by those with criminal intent.
Static rules based on overly simplistic verification and validation checks can be outsmarted by intelligent fraudsters. Conversely, those same static rules must also have built-in mechanisms to accommodate true-name users who initially may not meet that criteria for identity proofing.
Vast and diverse user populations, more arduous — and arguably more difficult to achieve — digital identity guidelines put forth by the National Institute of Standards and Technology, and operational constraints all pose significant challenges for government. But there are ways for government to modernize identity proofing successfully.
Modern fraud and identity strategies
There are many emerging trends and best practices for modern fraud and identity strategies, including:
- Applying right-sized fraud and identity proofing solutions. To reduce user friction or service disruption and manage fraud risk appropriately, agencies need to apply fraud mitigation strategies. Such strategies reflect the cost, measured risk and level of confidence, as well as compliance needed, for each interaction. This is called right-sizing the fraud solution. For example, agencies can cater a fraud solution that ensures a seamless experience when a citizen is calling a service center, versus an online interaction, versus a face-to-face one.
- Maintaining a universal view of the user. Achieved by employing a diverse breadth and depth of data assets and applied analytics, this tactic is the core of modern fraud mitigation and identity management. Knowing the individual user extends beyond a traditional 360-degree view. It means having knowledge of a person’s offline and online behavior, not only with your agency, but also with other agencies with which that user has a relationship.
- Expanding user view through a blended ecosystem. Increasingly, agencies are participating in a blended ecosystem — working with vendors, peer agencies and partners. There exists a collaborative culture in identity and fraud management that doesn’t exist in more competitive commercial environments. Fraudsters easily share information with one another, so those combatting it need to share information as well.
- Achieving agility and scale using service-based models. More agencies are adopting service-based models that provide greater agility and response to dynamic fraud threats, diverse population changes, and evolving compliance requirements or guidance. Service-based identity proofing provides government agencies the benefit of regularly updated data assets, analytics and expertise in strategy design. These assets are designed to respond to fraud or identity intelligence observed across various markets and industries, often protecting proactively rather than reactively.
- Future-proofing fraud solution choices. Technical and operational resources are always in relatively short supply compared to demand. Agencies need the ability to “code once” in order to expand and evolve their fraud strategies with ease. Future-proofing solutions must also be combined with an ever-changing set of identity proofing requirements and best practices, powered by a robust and innovative marketplace of service providers.
The future of identity proofing in the public sector is more than just verifying individual identities. New standards in digital identity proofing are a responsive result of mass data compromise and failures in legacy techniques. Achieving compliant and confident identity assurance requires a layered approach, flexibly designed and orchestrated to accommodate diverse identity assertions, evidence, and contextual invocation of technologies and data assets. Government must now use risk-based approaches and mitigation strategies to identity threats quickly and determine the type of fraud before damage is done.
Download our recent report in which we discuss the primary challenges of identity proofing in the public sector and what modernization of identity proofing looks like.