Fraud & Identity Management

The Dangers of Buy Now, Pay Never Fraud

With rapid growth comes an increased risk of fraud, making "Buy Now, Pay Never" a crucial fraud threat to watch out for in 2024.

Published: February 12, 2024 by Guest Contributor
What Is Enterprise Identity Management?

Enterprise identity management helps companies manage their customers' digital identities and information.

Published: February 5, 2024 by Stefani Wendel
What is Identity Resolution?

Leveraging an identity resolution solution, organizations can accurately recognize consumers, build targeted marketing campaigns and more.

Published: January 26, 2024 by Guest Contributor
Overcoming Online Identity Verification Challenges

Effective online identity verification can help improve your customers' experiences while preventing fraud.

Published: January 24, 2024 by Stefani Wendel
Payment Fraud Detection and Prevention: What You Need to Know

Approaches to payment fraud detection and prevention have evolved over time. Many organizations are now using AI and machine learning models.

Published: January 19, 2024 by Eilean.Roppel@experian.com
Safeguarding Your Business from Employment Fraud 

The rise of remote work has significantly increased the prevalence of employment fraud. Learn how to safeguard your organization.

Published: January 18, 2024 by Alex Lvoff
How to Build a Know Your Customer Checklist – Everything You Need to Know

Meeting Know Your Customer (KYC) regulations and staying compliant is paramount to running your business with ensured confidence in who your customers are, the level of risk they pose, and maintained customer trust. What is KYC?KYC is the mandatory process to identify and verify the identity of clients of financial institutions, as required by the Financial Conduct Authority (FCA). KYC services go beyond simply standing up a customer identification program (CIP), though that is a key component. It involves fraud risk assessments in new and existing customer accounts. Financial institutions are required to incorporate risk-based procedures to monitor customer transactions and detect potential financial crimes or fraud risk. KYC policies help determine when suspicious activity reports (SAR) must be filed with the Department of Treasury’s FinCEN organization. According to the Federal Financial Institutions Examinations Council (FFIEC), a comprehensive KYC program should include:• Customer Identification Program (CIP): Identifies processes for verifying identities and establishing a reasonable belief that the identity is valid.• Customer due diligence: Verifying customer identities and assessing the associated risk of doing business.• Enhanced customer due diligence: Significant and comprehensive review of high-risk or high transactions and implementation of a suspicious activity-monitoring system to reduce risk to the institution. The following organizations have KYC oversight: Federal Financial Institutions Examinations Council (FFIEC), Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), national Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB). How to get started on building your Know Your Customer checklist 1. Define your Customer Identification Program (CIP) The CIP outlines the process for gathering necessary information about your customers. To start building your KYC checklist, you need to define your CIP procedure. This may include the documentation you require from customers, the sources of information you may use for verification and the procedures for customer due diligence. Your CIP procedure should align with your organization’s risk appetite and be comply with regulations such as the Patriot Act or Anti-money laundering laws. 2. Identify the customer's information Identifying the information you need to gather on your customer is key in building an effective KYC checklist. Typically, this can include their first and last name, date of birth, address, phone number, email address, Social Security Number or any government-issued identification number. When gathering sensitive information, ensure that you have privacy and security controls such as encryption, and that customer data is not shared with unauthorized personnel. 3. Determine the verification method There are various methods to verify a customer's identity. Some common identity verification methods include document verification, facial recognition, voice recognition, knowledge-based authentication, biometrics or database checks. When selecting an identity verification method, consider the accuracy, speed, cost and reliability. Choose a provider that is highly secure and offers compliance with current regulations. 4. Review your checklist regularly Your KYC checklist is not a one and done process. Instead, it’s an ongoing process that requires periodic review, updates and testing. You need to periodically review your checklist to ensure your processes are up to date with the latest regulations and your business needs. Reviewing your checklist will help your business to identify gaps or outdated practices in your KYC process. Make changes as needed and keep management informed of any changes. 5. Final stage: quality control As a final step, you should perform a quality control assessment of the processes you’ve incorporated to ensure they’ve been carried out effectively. This includes checking if all necessary customer information has been collected, whether the right identity verification method was implemented, if your checklist matches your CIP and whether the results were recorded correctly. KYC is a vital process for your organization in today's digital age. Building an effective KYC checklist is essential to ensure compliance with regulations and mitigate risk factors associated with fraudulent activities. Building a solid checklist requires a clear understanding of your business needs, a comprehensive definition of your CIP, selection of the right verification method, and periodic reviews to ensure that the process is up to date. Remember, your customers' trust and privacy are at stake, so iensuring that your security processes and your KYC checklist are in place is essential. By following these guidelines, you can create a well-designed KYC checklist that reduces risk and satisfies your regulatory needs. Taking the next step Experian offers identity verification solutions as well as fully integrated, digital identity and fraud platforms. Experian’s CrossCore & Precise ID offering enables financial institutions to connect, access and orchestrate decisions that leverage multiple data sources and services. By combining risk-based authentication, identity proofing and fraud detection into a single, cloud-based platform with flexible orchestration and advanced analytics, Precise ID provides flexibility and solves for some of financial institutions’ biggest business challenges, including identity and fraud as it relates to digital onboarding and account take over; transaction monitoring and KYC/AML compliance and more, without adding undue friction. Learn more *This article includes content created by an AI language model and is intended to provide general information.

Published: January 10, 2024 by Stefani Wendel
Battling Online Gaming Fraud: The Ultimate Combat

The online gaming industry has experienced tremendous growth. This surge in popularity has also sparked an increase in online gaming fraud.

Published: December 20, 2023 by Alex Lvoff
Optimized Strategies for Customer Acquisition

To stay competitive and engage high-value customers, you’ll need to optimize your customer acquisition process.

Published: December 19, 2023 by Theresa Nguyen
A Look Back: 2023 Biggest Fraud Trends

. As we reflect on 2023, let’s look at the biggest fraud trends and their continued potential impact on your business.

Published: December 19, 2023 by Laura.Burrows@experian.com
Demand Deposit Account (DDA) Fraud and Deposit Fraud Detection

Cris Ryan, Go to Market Lead for Experian Identity and Fraud, shares his thoughts on demand deposit account fraud and how to combat it.  

Published: December 13, 2023 by Laura.Burrows@experian.com
Fraud Detection and Machine Learning: A Powerful Combo

Future-proof your business and safeguard your customers with fraud detection leveraging machine learning solutions.

Published: December 12, 2023 by Julie.JLee@experian.com
What is Knowledge Based Authentication?

Sometimes logging into an account feels a bit like playing 20 questions. Security is vital for a positive customer experience, and engaging the right identity verification strategies is essential to proactive fraud prevention. For financial institutions and businesses, secure authentication is more important than ever. It is imperative for customer safety – which drives retention and loyalty – and your bottom line – as fraud has determinantal effects on and off the balance sheet. Information sharing has proliferated, as has the number of times consumers are prompted to provide access to sensitive information. While today’s consumer has grown accustomed to providing such information, there’s also a heightened demand for security. According to Experian’s 2023 U.S. Identity and Fraud Report, nearly two-thirds (64%) of consumers say they’re very or somewhat concerned with online safety, listing identity theft, stolen card information and online privacy as top concerns. Customers want to know who they are providing access to and whether that entity will have their safety in mind. From a business perspective, one way to ensure that only the right people can get in is by using (KBA). KBA takes traditional authentication methods, like passwords and Personal Identification Numbers (PINs), one step further by creating an additional layer of security through collecting private facts from each user. In this post, we'll look at how KBA works, what its benefits are as a form of identity verification, and how it can improve customer trust. Introducing Knowledge Based Authentication (KBA): What it is and how it works Knowledge Based Authentication can be part of a multifactor authentication solution and is one way to stay on top of privacy and security for your customers – existing and new. KBA is a feature designed to protect online accounts by verifying the account holder’s identity. It involves answering a series of personal questions, such as mother's maiden name or first pet's name, that only the account holder should know. This system has become increasingly popular due to its effectiveness in preventing fraud and identity theft. With KBA, businesses and individuals can have peace of mind that their information is protected by a reliable authentication system that is difficult for unauthorized users to breach. Benefits of implementing KBA and a multifactor authentication strategy By implementing KBA into your business, customers experience an additional layer of security by verifying the identity of users through personalized questions. This reduces the risk of fraud and enhances customer trust and confidence. Secondly, it improves the customer experience by making the authentication process faster and user-friendly. Lastly, KBA reduces costs by automating the authentication process and reducing the need for manual intervention. However, KBA is just one facet of an ideal strategy. Multifactor authentication provides confidence while reducing friction. Risk-based authentication tools allow organizations to assess risk to apply the appropriate level of security. Factors to consider adding to your authentication processes include: Generating unique one-time passwords (OTPs): By creating a new OTP for each transaction, you can increase the level of security. Confirm device ownership: A multifactored approach applies device intelligence checks to increase confidence that the message is reaching the correct user. Maintain low friction with secondary options: If the OTP fails or can’t be attempted by the user, working with a provider who allows an automatic default to another authentication service, such as a knowledge-based authentication solution, decreases end-user friction. Identifying potential security risks associated with KBA KBA relies on personal information that may easily be discovered via social media and other public records, which makes it vulnerable to fraud and identity theft. This highlights the need for a multilayered fraud and identity solution. The landscape of digital security is constantly changing, leveraging an arsenal of fraud and identity prevention strategies, like document verification, one-time passcode, and various identity authentication and verification measures, is critical for keeping your customers and business safe. Commonly used technologies for enhancing KBA security With the rising need for secure authentication, KBA systems have become increasingly popular. However, cyberthreats evolve at an alarming rate, making it imperative to stay current with the latest fraud schemes and how to enhance and supplement your security. Biometrics, like facial recognition and fingerprint scans, as a tactic is gaining traction, as evidenced by “85% of consumers report physical biometrics as the most trusted and secure authentication method they have recently encountered,” according to Experian’s 2023 U.S. Identity and Fraud Report. Additionally, machine learning algorithms detect patterns and anomalies in user behavior and flag any potential security breaches. Multi-factor authentication is another tool that adds an extra layer of security by requiring users to provide multiple forms of identification before logging in. Keeping up with these and other technological advancements can help ensure your KBA system stays one step ahead of potential cyberattacks. Interestingly, there’s a disconnect between the technologies consumers feel safe with and/or are prepared to use versus the technologies and strategies that organizations implement. According to the U.S. Identity and Fraud Report, biometrics are only currently used by 33% of businesses to detect and protect against fraud. An opportunity for business differentiation and driving customer loyalty through a better customer experience may be tapping into some of these lesser used – but sought after – technologies. Compliance with industry standards regarding KBA Ensuring that your system complies with industry standards regarding KBA is crucial for protecting sensitive information from unauthorized access. By implementing the following tips, you can stay ahead of the game and safeguard your organization's data. Analyze your system's current authentication methods and evaluate if they meet industry standards. Additionally, follow standard guidelines for data storage and encryption, limit access to only authorized personnel, and y current with regulations. Lastly, conduct frequent security audits and perform vulnerability tests to identify and address any potential threats. Knowledge-based authentication offers a robust security solution for businesses of all sizes, and incorporating KBA as part of a multifactor authentication strategy is a winning course of action. It provides an added layer of protection for personal data, encourages user accountability, and safeguards against unauthorized access. By leveraging appropriate KBA technologies and maintaining compliance with industry standards, it is possible to create a secure system for customers that gives you peace of mind for your business and bottom line. Experian can help you with knowledge-based authentication offerings, a multifactor authentication strategy and everything in between to enhance your existing authentication process without causing user fatigue. Increase your pass rates, confirm device ownership and add security to risky or high-value transactions, all while executing identity verification and fraud detection to protect your business from risk. The most important step is getting started. Learn more

Published: December 5, 2023 by Stefani Wendel
Navigating Travel, Loyalty and Hospitality Fraud

Learn about travel, hospitality and hotel fraud and how you can best detect and combat it. Read more here!

Published: November 21, 2023 by Alex Lvoff
The Importance of Trust and Safety in Online Marketplaces

The gig economy — also called the sharing economy or access economy — is an activity where people earn income by providing on-demand work, services, or goods. Often, it is through a digital platform like an application (app) or website. The gig economy seamlessly connects individuals with a diverse range of services, whether it be a skilled handyman for those long-awaited office shelves, or an experienced chauffeur to quickly drive you to the airport to not miss your flight. However, there are instances when these arrangements fall short of expectations. The hired handyman may send a substitute who’s ill-equipped for the task, or the experienced driver takes the wrong shortcut leaving you scrambling to make your flight on time. On the flip side, there are numerous risks faced by those working in the gig/sharing economy, from irritable customers to dangerous situations. In such cases, trust takes a hit. The gig economy has witnessed a surge in recent years, as individuals gravitate towards flexible, freelance, and contract work instead of traditional full-time employment. This shift has unlocked a multitude of opportunities for both workers and businesses. Nevertheless, it has also ushered in challenges pertaining to security and trust. One such challenge revolves around the escalating significance of digital identity verification within the gig economy.  Digital identity verification and the gig economy  Digital identity verification encompasses validating a person's identity through digital means, such as biometric data, facial recognition, or document verification. Within the gig economy, this process has high importance, as it establishes trust between businesses and their pool of freelance or contract workers. With the escalating number of remote workers and the proliferation of online platforms connecting businesses with gig workers, verifying the identities of these individuals has become more vital than ever before.  Protecting gig users and improving the customer experience   One primary rationale behind the mounting importance of digital identity verification in the gig economy is its role in curbing fraud. As the gig economy gains traction, the risk of individuals misrepresenting themselves or their qualifications to secure work burgeons. This scenario can lead businesses to hire unqualified or even fraudulent workers, thereby posing severe repercussions for both the company and its customers. By adopting digital identity verification processes, businesses can ensure the legitimacy and competence of their workforce, subsequently decreasing the risk of fraudulent activities.  In the digital age, trust and safety are crucial for businesses to succeed. Consumers prioritize brands they can trust, and broken trust can lead to loss of customers.According to Experian's 2023 Fraud and Identity Report, over 52% of US consumers feel they’re more of a target for online fraud than they were a year ago. As such, online security continues to be a real concern for most consumers. Nearly 64% of consumers say that they are very or somewhat concerned with online security, with 32% saying they are very concerned. Establishing trust and safety measures not only protects your brand but also enhances the user experience, fosters loyalty, and boosts your business.    Role of a dedicated Trust and safety team  Trust and safety are the set of business practices for online platforms to follow to reduce the risk of users being exposed to harm, fraud, or other behaviors outside community guidelines. This is becoming an increasingly important function as online platforms look to protect their users while improving customer acquisition, engagement, and retention.  That team also safeguards organizations from security threats and scams. They verify customers' identities, evaluate actions and intentions, and ensure a safe environment for all platform users. This enables both organizations and customers to trust each other and have confidence in the platform. Their role has evolved from fraud prevention to encompass broader areas, such as user-generated content and the metaverse. With the rise of user-generated content, platforms face challenges like fake accounts, imitations, malicious links, and inappropriate content. As a result, trust and safety teams have expanded their focus and are involved in product engineering and customer journey design. Another noteworthy factor contributing to the growing emphasis on digital identity verification for trust and safety teams stems from the necessity to adhere to diverse regulations and laws. Many countries have implemented stringent regulations to safeguard workers and ensure the legal and ethical operations of businesses. In the United States, for instance, businesses must verify the identities and work eligibility of all employees, including freelancers and contractors, as part of the Form I-9 process. By leveraging digital identity verification tools, businesses can streamline these procedures and guarantee compliance with prevailing regulations.  Mitigating risk in online marketplaces  To mitigate risks in online marketplaces, businesses can take several steps, including creating a clear set of user guidelines, implementing identity verification during onboarding, enforcing multi-factor authentication for all accounts, leveraging reverification during high-risk moments, performing link analysis on the user base, and applying automation. Online identity verification plays a pivotal role in safeguarding gig workers themselves. With the surge of online platforms connecting businesses with freelancers and contractors, there comes an augmented risk of workers falling prey to scams or identity theft. By mandating digital identity verification as an integral part of the onboarding process, these platforms can shield workers and ensure they only engage with bona fide businesses.  While automation can be a powerful tool for fraud detection and mitigation, it is not a cure-all solution. Automated identity verification has its strengths, but it also has its weaknesses. While automation can spot risk signals that a human might miss, a human might spot risk signals that automation would have skipped. Therefore, for many companies, the goal should not be full automation but achieving the right ratio of automation to manual review. Manual review takes time, but it's necessary to ensure that all potential risks are identified and addressed. The more efficient these processes can be, the better, as it allows for a quicker response to potential threats. As the number of individuals embracing freelance and contract work surges, and businesses increasingly rely on these workers to carry out vital responsibilities, ensuring the security and trustworthiness of these individuals becomes paramount. By integrating digital identity verification processes, businesses can shield themselves against fraud, comply with regulations, and cultivate trust with their gig workers.  Finding the right partner While trust and safety are concerns for all online marketplaces, there’s no universal solution that will apply to all businesses and in all cases. Your trust and safety policies need to be tailored to the realities of your business. The industries you serve, regions you operate in, regulations you are subject to, and expectations of your users should all inform your processes. Experian’s comprehensive suite of customizable identity verification solutions can help you solve the problem of trust and safety once and for all.  Learn more *This article leverages/includes content created by an AI language model and is intended to provide general information.

Published: November 14, 2023 by Alex Lvoff

Subscribe to our thought leadership

Enter your name and email for the latest updates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe to our thought leadership

Don't miss out on the latest industry trends and insights!
Subscribe