Tag: biometrics

This article was updated on February 23, 2024. First impressions are always important – whether it’s for a job interview, a first date or when pitching a client. The same goes for financial services onboarding as it’s an opportunity for organizations to foster lifetime loyalty with customers. As a result, financial institutions are on the hunt now more than ever for frictionless online identity verification methods to validate genuine customers and maintain positive experiences during the online onboarding process. In a predominantly digital-first world, financial companies are increasingly focused on the customer experience and creating the most seamless online onboarding process. However, according to Experian’s 2023 Identity and Fraud Report, more than half of U.S. consumers considered dropping out during account opening due to friction and a less-than positive experience. And as technology continues to advance, digital financial services onboarding, not surprisingly, increases the demand for fraud protection and authentication methods – namely with digital identity (ID) verification processes. According to Experian’s report, 64% of consumers are very or somewhat concerned with online security, with identity theft being their top concern. So how can financial institutions guarantee a frictionless online onboarding experience while executing proper authentication methods and maintaining security and fraud detection? The answer? While a “frictionless” experience can seem like a bit of a unicorn, there are some ways to get close: Utilizing better data - Digital devices offer an extensive amount of data that’s useful in determining risk. Characteristics that allow the identification of a specific device, the behaviors associated with the device and information about a device’s owner can be captured without adding friction for the user. Analytics – Once the data is collected, advanced analytics uses information based on behavioral data, digital intelligence, phone intelligence and email intelligence to analyze for risk. While there’s friction in the initial ask for the input data, the risk prediction improves with more data. Document verification and biometric identity verification – Real-time document verification used in conjunction with facial biometrics, behavioral biometrics and other physical characteristics allows for rapid onboarding and helps to maintain a low friction customer journey. Financial institutions can utilize document verification to replace manual long-form applications for rapid onboarding and immediately verify new data at the point of entry. Using their mobile phones, consumers can photograph and upload identity documents to pre-fill applications. Document authenticity can be verified in real-time. Biometrics, including facial, behavioral, or other physical characteristics (like fingerprints), are low-touch methods of customer authentication that can be used synchronously with document verification. Optimize your financial services onboarding process Experian understands how critical identity management and fraud protection is when it comes to the online onboarding process and identity verification. That’s why we created layered digital identity verification and risk segmentation solutions to help legitimize your customers with confidence while improving the customer experience. Our identity verification solutions use advanced technology and capabilities to correctly identify and verify real customers while mitigating fraud and maintaining frictionless customer experiences. Learn more

This article was updated on April 23, 2024. Keeping your organization and consumers safe can be challenging as cybercriminals test new attack vectors and data breaches continually expose credentials. Instead of relying solely on usernames and passwords for user identity verification, adding extra security measures like multi-factor authentication can strengthen your defense. What is multi-factor authentication? Multi-factor authentication, or MFA, is a method of authenticating people using more than one type of identifier. Generally, you can put these identifiers into three categories based on the type of information: Something a person knows: Usernames, passwords, and personal information are common examples of identifiers from this category. Something a person has: These could include a phone, computer, card, badge, security key, or another type of physical device that someone possesses. Something a person is: Also called the inherence factor, these are intrinsic behaviors or qualities, such as a person's voice pattern, retina, or fingerprint. The key to MFA is it requires someone to use identifiers from different categories. For example, when you withdraw money from an ATM, you're using something you have (your ATM card or phone), and something you know (your PIN) or are (biometric data) to authenticate yourself. Common types of authenticators Organizations that want to implement multi-factor authentication can use different combinations of identifiers and authenticators. Some authenticator options include: One-time passwords: One-time passwords (OTPs) can be generated and sent to someone's mobile phone via text to confirm the person has the phone or via email. There are also security tokens and apps that can generate OTPs for authentication. (Something you know.) Knowledge-based authentication: Knowledge-based authentication (KBA) identity verification leverages the ability to verify account information or a payment card, “something you have,” by confirming some sequence of numbers from the account. (Something you know.) Security tokens: Devices that users plug into their phone or computer, or hold near the device, to authenticate themselves. (Something you have.) Biometric scans: These can include fingerprint and face scans from a mobile device, computer, or security token. (Something you are.) Why MFA is important It can be challenging to keep your users and employees from using weak passwords. And even if you enforce strict password requirements, you can't be sure they're not using the same password somewhere else or accidentally falling for a phishing attack. In short, if you want to protect users' data and your business from various types of attacks, such as account takeover fraud, synthetic identity fraud, and credential stuffing, you’ll need to require more than a username and password to authenticate users. That’s where MFA comes in. Because it uses a combination of elements to verify a consumer’s identity, if one of the required components in a transaction is missing or supplied incorrectly, the transaction won’t proceed. As a result, you can ensure you’re interacting with legitimate consumers and protect your organization from risk. LEARN MORE: Explore our fraud prevention solutions. How to provide a frictionless MFA experience While crucial to your organization, in-person and online identity verification shouldn’t create so much friction that legitimate consumers are driven away. Experian's 2023 U.S. Identity and Fraud Report found that 96 percent of consumers view OTPs as convenient identity verification solutions when opening a new account. An increasing number of consumers also view physical and behavioral biometrics as some of the most trustworthy recognition methods — 81 and 76 percent, respectively. To create a low friction MFA experience that consumers trust, you could let users choose from different MFA authentication options to secure their accounts. You can also create step-up rules that limit MFA requests to riskier situations — such as when a user logs in from a new device or places an unusually large order. To make the MFA experience even more seamless for consumers, consider adding automated identity verification (AIV) to your processes. Because AIV operates on advanced analytics and artificial intelligence, consumers can verify their identities within seconds without physical documentation, allowing for a quick, hassle-free verification experience. How Experian powers multi-factor authentication Experian offers various identity verification and risk-based authentication solutions that organizations can leverage to streamline and secure their operations, including: Experian’s CrossCore® Doc Capture confidently verifies identities using a fully supported end-to-end document verification service where consumers upload an image of a driver’s license, passport, or similar directly from their smartphone. Experian’s CrossCore Doc Capture adds another layer of security to document capture with a biometric component that enables the individual to upload a “selfie” that’s compared to the document image. Experian's OTP service uses additional verification checks and identity scoring to help prevent fraudsters from using a SIM swapping attack to get past an MFA check. Before sending the OTP, we verify that the number is linked to the consumer's name. We also review additional attributes, such as whether the number was recently ported and the account's tenure. Experian's Knowledge IQSM offers KBA with over 70 credit- and noncredit-based questions to help you engage in additional authentication for consumers when sufficiently robust data can be used to prompt a response that proves the person has something specific in their possession. You can even configure it to ask questions based on your internal data and phrase questions to match your brand's language. Learn more about how our multi-factor authentication solutions can help your organization verify consumer identities and mitigate fraud. Learn about our MFA solutions

"Grandma, it’s me, Mike.” Imagine hearing the voice of a loved one (or what sounds like it) informing you they were arrested and in need of bail money. Panicked, a desperate family member may follow instructions to withdraw a large sum of money to provide to a courier. Suspicious, they even make a video call to which they see a blurry image on the other end, but the same voice. When the fight or flight feeling settles, reality hits. Sadly, this is not the scenario of an upcoming Netflix movie. This is fraud – an example of a new grandparent scam/family emergency scam happening at scale across the U.S. While generative AI is driving efficiencies, personalization and improvements in multiple areas, it’s also a technology being adopted by fraudsters. Generative AI can be used to create highly personalized and convincing messages that are tailored to a specific victim. By analyzing publicly available social media profiles and other personal information, scammers can use generative AI to create fake accounts, emails, or phone calls that mimic the voice and mannerisms of a grandchild or family member in distress. The use of this technology can make it particularly difficult to distinguish between real and fake communication, leading to increased vulnerability and susceptibility to fraud. Furthermore, generative AI can also be used to create deepfake videos or audio recordings that show the supposed family member in distress or reinforce the scammer's story. These deepfakes can be incredibly realistic, making it even harder for victims to identify fraudulent activity. What is Generative AI? Generative artificial intelligence (GenAI) describes algorithms that can be used to create new content, including audio, code, images, text, simulations, and videos. Generative AI has the potential to revolutionize many industries by creating new and innovative content, but it also presents a significant risk for financial institutions. Cyber attackers can use generative AI to produce sophisticated malware, phishing schemes, and other fraudulent activities that can cause data breaches, financial losses, and reputational damage. This poses a challenge for financial organizations, as human error remains one of the weakest links in cybersecurity. Fraudsters capitalizing on emotions such as fear, stress, desperation, or inattention can make it difficult to protect against malicious content generated by generative AI, which could be used as a tactic to defraud financial institutions. Four types of Generative AI used for Fraud: Fraud automation at scale Fraudulent activities often involve multiple steps which can be complex and time-consuming. However, GenAI may enable fraudsters to automate each of these steps, thereby establishing a comprehensive framework for fraudulent attacks. The modus operandi of GenAI involves the generation of scripts or code that facilitates the creation of programs capable of autonomously pilfering personal data and breaching accounts. Previously, the development of such codes and programs necessitated the expertise of seasoned programmers, with each stage of the process requiring separate and fragmented development. Nevertheless, with the advent of GenAI, any fraudster can now access an all-encompassing program without the need for specialized knowledge, amplifying the inherent danger it poses. It can be used to accelerate fraudsters techniques such as credential stuffing, card testing and brute force attacks. Text content generation In the past, one could often rely on spotting typos or errors as a means of detecting such fraudulent schemes. However, the emergence of GenAI has introduced a new challenge, as it generates impeccably written scripts that possess an uncanny authenticity, rendering the identification of deceit activities considerably more difficult. But now, GenAI can produce realistic text that sounds as if it were from a familiar person, organization, or business by simply feeding GenAI prompts or content to replicate. Furthermore, the utilization of innovative Language Learning Model (LLM) tools enables scammers to engage in text-based conversations with multiple victims, skillfully manipulating them into carrying out actions that ultimately serve the perpetrators' interests. Image and video manipulation In a matter of seconds, fraudsters, regardless of their level of expertise, are now capable of producing highly authentic videos or images powered by GenAI. This innovative technology leverages deep learning techniques, using vast amounts of collected datasets to train artificial intelligence models. Once these models are trained, they possess the ability to generate visuals that closely resemble the desired target. By seamlessly blending or superimposing these generated images onto specific frames, the original content can be replaced with manipulated visuals. Furthermore, the utilization of AI text-to-image generators, powered by artificial neural networks, allows fraudsters to input prompts in the form of words. These prompts are then processed by the system, resulting in the generation of corresponding images, further enhancing the deceptive capabilities at their disposal. Human voice generation The emergence of AI-generated voices that mimic real people has created new vulnerabilities in voice verification systems. Firms that rely heavily on these systems, such as investment firms, must take extra precautions to ensure the security of their clients' assets. Criminals can also use AI chatbots to build relationships with victims and exploit their emotions to convince them to invest money or share personal information. Pig butchering scams and romance scams are examples of these types of frauds where AI chatbots can be highly effective, as they are friendly, convincing, and can easily follow a script. In particular, synthetic identity fraud has become an increasingly common tactic among cybercriminals. By creating fake personas with plausible social profiles, hackers can avoid detection while conducting financial crimes. It is essential for organizations to remain vigilant and verify the identities of any new contacts or suppliers before engaging with them. Failure to do so could result in significant monetary loss and reputational damage. Leverage AI to fight bad actors In today's digital landscape, businesses face increased fraud risks from advanced chatbots and generative technology. To combat this, businesses must use the same weapons than criminals, and train AI-based tools to detect and prevent fraudulent activities. Fraud prediction: Generative AI can analyze historical data to predict future fraudulent activities. By analyzing patterns in data and identifying potential risk factors, generative AI can help fraud examiners anticipate and prevent fraudulent behavior. Machine learning algorithms can analyze patterns in data to identify suspicious behavior and flag it for further investigation. Fraud Investigation: In addition to preventing fraud, generative AI can assist fraud examiners in investigating suspicious activities by generating scenarios and identifying potential suspects. By analyzing email communications and social media activity, generative AI can uncover hidden connections between suspects and identify potential fraudsters. To confirm the authenticity of users, financial institutions should adopt sophisticated identity verification methods that include liveness detection algorithms and document-centric identity proofing, and predictive analytics models. These measures can help prevent bots from infiltrating their systems and spreading disinformation, while also protecting against scams and cyberattacks. In conclusion, financial institutions must stay vigilant and deploy new tools and technologies to protect against the evolving threat landscape. By adopting advanced identity verification solutions, organizations can safeguard themselves and their customers from potential risks. To learn more about how Experian can help you leverage fraud prevention solutions, visit us online or request a call

What Is Identity Proofing? Identity proofing, authentication and management are becoming increasingly complex and essential aspects of running a successful enterprise. Organizations need to get identity right if they want to comply with regulatory requirements and combat fraud. It's also becoming table stakes for making your customers feel safe and recognized. 63 percent of consumers expect businesses to recognize them online, and 48 percent say they're more trusting of businesses when they demonstrate signs of security. Identify proofing is the process organizations use to collect, validate and verify information about someone. There are two goals — to confirm that the identity is real (i.e., it's not a synthetic identity) and to confirm that the person presenting the identity is its true owner. The identity proofing process also relates to and may overlap with other aspects of identity management. Identity proofing vs identity authentication Identity proofing generally takes place during the acquisition or origination stages of the customer lifecycle — before someone creates an account or signs up for a service. Identity authentication is the ongoing process of re-checking someone's identity or verifying that they have the authorization to make a request, such as when they're logging into an account or trying to make a large transaction. How does identity proofing work? Identity proofing typically involves three steps: resolution, validation, and verification. Resolution: The goal of the first step is to accurately identify the single, unique individual that the identity represents. Resolution is relatively easy when detailed identity information is provided. In the real world, collecting detailed data conflicts with the need to provide a good customer experience. Resolution still has to occur, but organizations have to resolve identities with the minimum amount of information. Validation: The validation step involves verifying that the person's information and documentation are legitimate, accurate and up to date. It potentially involves requesting additional evidence based on the level of assurance you need. Verification: The final step confirms that the claimed identity actually belongs to the person submitting the information. It may involve comparing physical documents or biometric data and liveness tests, such as a comparison of the driver's license to a selfie that the person uploads. Different levels of identity proofing may require various combinations of these steps, with higher-risk scenarios calling for additional checks such as biometric or address verification. Service providers can implement a range of methods based on their specific needs, including document verification, database validation, or knowledge-based authentication. Building an effective identity proofing strategy By requiring identity proofing before account opening, organizations can help detect and deter identity fraud and other crimes. You can use different online identity verification methods to implement an effective digital identity proofing and management system. These may include: Document verification plus biometric data: The consumer uploads a copy of an identification document, such as a driver's license, and takes a selfie or records a live video of their face. Database validations: The proofing solution verifies the shared identifying information, such as a name, date of birth, address and Social Security number against trusted databases, including credit bureau and government agency data. Knowledge-based authentication (KBA): The consumer answers knowledge-based questions, such as account information, to confirm their identity. It can be a helpful additional step, but they offer a low level of assurance, partially because data breaches have exposed many people's personal information. In part, the processes you'll use may depend on business policies, associated risks and industry regulations, such as know your customer (KYC) and anti-money laundering (AML) requirements. But organizations also have to balance security and ease of use. Each additional check or requirement you add to the identity proofing flow can help detect and prevent fraud, but the added friction they bring to your onboarding process can also leave customers frustrated — and even lead to customers abandoning the process altogether. Finding the right amount of friction can require a layered, risk-based approach. And running different checks during identity proofing can help you gauge the risk involved. For example, comparing information about a device, such as its location and IP address, to the information on an application. Or sending a one-time password (OTP) to a mobile device and checking whether the phone number is registered to the applicant's name. With the proper systems in place, you can use high-risk signals to dynamically adjust the proofing flow and require additional identity documents and checks. At the same time, if you already have a high level of assurance about the person's identity, you can allow them to quickly move through a low-friction flow. Experian goes beyond identity proofing Experian builds on its decades of experience with identity management and access to multidimensional data sources to help organizations onboard, authenticate and manage customer identities. Our identity proofing solutions are compliant with National Institute of Standards and Technology (NIST) and enable agencies to confidently verify user identities prior to or during account opening, biometric enrollment or while signing up for services. Learn more   This article includes content created by an AI language model and is intended to provide general information.

Cryptocurrency scams are on the rise as digital currencies gain popularity. The decentralized nature of these currencies makes them equally attractive to both legitimate consumers and fraudsters. Businesses may find themselves in a difficult position as they seek to prevent cryptocurrency-related fraud and help protect consumers. What are cryptocurrency scams? Cryptocurrencies are virtual currencies often based on and secured by blockchain technology. However, this does not always translate into security for the individual consumer. Many individuals fall victim to either cryptocurrency investment scams or cryptocurrency theft. Cryptocurrencies are not yet well-regulated or backed by a sovereign entity, leaving consumers open to threats when purchasing funds. The deregulated nature of the currencies makes it easy for scammers to build what appear to be legitimate cryptocurrency projects before disappearing, similar to pump-and-dump stock schemes. Additionally, scammers will perpetrate romance or other relationship-based scams and convince the victim to send them funds in cryptocurrency form. Cryptocurrency theft follows a few traditional fraud patterns: The fraudster may use phishing or social engineering to steal credentials. A crime ring might leverage malware or keystroke loggers to do the same thing. A scammer might present a “reward” to an unsuspecting consumer and require access to their wallet in order to “gift” the reward. Scammers consistently find new ways to trick unsuspecting consumers, including a recent scam relying on QR codes to steal funds converted to cryptocurrency via an ATM. Other common scams utilize imposter websites, fake mobile apps, bad tweets, or scamming emails to steal information and funds. The impact of scams on consumers According to the FTC, investment cryptocurrency scam reports have skyrocketed, with nearly 7,000 people reporting losses totaling more than $80 million from October 2020 to March 2021, with a media loss of $1,900. In 2020 the Better Business Bureau Scam Tracker Risk Report ranked cryptocurrency scams as the seventh riskiest. In 2021, they jumped to the second riskiest scam. In Michigan alone 31 cryptocurrency scams were reported from January 2020 to March 2022, with reported loses from $350 all the way to $41,000. The impact of scams on businesses While the true impact of cryptocurrency scams on businesses is hard to measure, it’s easy to identify several areas for concern. First is the opportunity for the theft of personally identifiable information (PII) during a fraudulent cryptocurrency transaction. Once fraudsters have stolen funds, they may also funnel them through a legitimate business and turn them into a regulated form of currency for easy of use. Businesses with legitimate cryptocurrency interactions may also suffer from spoofed apps or websites, causing reputational damage when consumers are taken in by a scam. Preventing the fallout from scams As companies debate accepting cryptocurrency as a form of payment, it’s important to consider that funds may be stolen or accessed by a malicious party. One way to protect your organization is to have a strong device identification strategy that can help ensure the entity accessing an account and the funds within is the true owner. By layering in this protection with other fraud defenses, businesses can be better prepared as consumer payment preferences shift. Additionally, financial institutions and other organizations should keep consumers informed about how to protect their own data and signs of scams. To learn more about how Experian is helping businesses develop and maintain effective fraud and identity solutions, visit us or request a call. And keep an eye out for additional in-depth explorations of our Future of Fraud Forecast. Request a call Future of Fraud Forecast

Recently, I wrote about how Experian is assisting NASWA (National Association of State Workforce Agencies) with identity verification to help mitigate the spike in fraudulent unemployment insurance claims. Because of this I was not all that surprised when I found a letter in my mailbox from the Texas Workforce Commission with a fraudulent claim using my identity, inspiring me to follow up on this topic with a focus on fraud prevention best practices. Identity theft is on the rise According to Experian data analysis and a recent study on unemployment insurance fraud, at least 25% of new claims are a result of identity theft. This is 50 times higher than what we have traditionally seen in the highest ID theft fraud use case, new credit card applications, which generally amounts to less than 0.5% of new applications. Increasing digitization of the last few years—culminating in the huge leap forward in 2020—has resulted in a massive amount of information available online. Of that information, a reported 1.03 billion records were exposed between 2016 and 2020. There are currently approximately 330 million Americans, so on average more than three records per person have been exposed, creating an environment ripe for identity theft. In fact, a complete identity consisting of name, address, date of birth, and Social Security number (SSN) can be purchased for as little as $8. This stolen data is then often leveraged by both criminal rings who are able to perpetrate fraud on a large scale and smaller scale opportunists – like the ones in Riverside, CA leveraging access to identities of prison inmates. Fraud prevention through layered identity controls In the 20 years that I have been combatting ID theft both in the private and public sectors, I’ve learned that the most effective identity proofing goes beyond traditional identity resolution, validation, and verification. To be successful, you must take advantage of all available data and incorporate it into a layered and risk-based approach that utilizes device details, user behavior, biometrics, and more. Below, I outline three key layers to design an effective process for ID proofing new unemployment insurance claims. Layer 1: Resolve and Validate Identities Traditional identity data consists of the same basic information—name, address, date of birth, telephone number, and SSN—which is now readily available to fraudsters. These have been the foundation for ID proofing in the past and are still critical to resolving the identity in question. The key is to also include additional identity elements like email address and phone number to gain a more holistic view of the applicant. Layer 2: Assess Fraud Risk Determining an identity belongs to a real-life subject is not sufficient to mitigate the risk of ID theft associated with a new unemployment insurance claim. You must go beyond identity validation to assess the risk associated with their claim. Risk assessment risk falls into two categories – identity and digital risk. Identity Risk When assessing a claim, it’s important to check the identity for: Velocity: How often have you (or other states) seen the information being presented with this application? Has the information been associated with multiple identities? Recency of change: How long has the identity been associated with the contact information (phone, email, address, etc.)? Red flags: Has the subject been a recent victim of ID theft, or are they reported as deceased? Synthetic Identity: Are there signs that the identity itself is fictitious or manipulated and does not belong to a real-life person? Digital Risk Similar to the identity risk layer above, the device itself and how the subject interacts with the device are significantly important in identifying the likelihood a new claim is fraudulent. Device risk can be assessed by utilizing geolocation and checking for inconsistent settings or high-risk browsers, while behavioral risk might check for mouse movement, typing speed, or screen pressure. Layer 3: Verify Highest Risk Subjects The final stage in this process is to require additional verification for the highest risk claims, which helps to balance the experience of your valid subjects while minimizing the impact of fraud. Additional steps might include: Document verification: Scanning a government-issued ID (driver’s license, passport, or similar), which includes assessing for document security features and biometric comparison to the applicant. One-time passcode (OTP): It is key to deploy this sparingly only to phone numbers that have been associated with the subject for a significant time frame and incorporate checks to determine if it is at high risk (e.g., recently ported or forwarded). Knowledge-based verification (KBV): Leveraging non-public information from a variety of sources. By adding additional, context-based identity elements, it becomes possible to improve the three main objectives of most agencies’ identity proofing process – get good constituents through the first time, protect the agency and citizens from fraud, and deliver a smooth and secure customer experience in online channels. While there’s no quick fix to prevent unemployment insurance fraud, a layered identity strategy can help prevent it. Finding a partner that has a single, holistic solution empowers agencies to defend against unemployment insurance fraud while minimizing friction for the end-user, and preparing for future fraud schemes. To learn more about how you can protect your constituents and your agency from unemployment insurance fraud request a call today. Contact us

Digitalization, also known as the process of using digital technology to provide new opportunities for revenue and growth, continues to remain a top priority for many organizations in 2021. In fact, IDC predicts that by 2024, “over 50% of all IT spending will be directly for digital transformation and innovation (up from 31% in 2018).”[1] By combining data and analytics, companies can make better and more instant decisions, meet customer expectations, and automate for greater efficiency. Advances in AI and machine learning are just a few areas where companies are shifting their spend. Download our new white paper to take a deep dive into other ongoing analytics trends that seem likely to gain even greater traction in 2021. These trends will include: Increased digitalization – Data is a company’s most valuable asset. Companies will continue utilizing the information derived from data to make better data-driven decisions. AI for credit decisioning and personalized banking – Artificial intelligence will play a bigger role in the world of lending and financial services. By using AI and custom machine learning models, lending institutions will be able to create new opportunities for a wider range of consumers. Chatbots and virtual assistants – Because customers have come to expect excellent customer services, companies will increase their usage of chatbots and virtual assistants to facilitate conversations. Cloud computing – Flexible, scalable, and cost-effective. Many organizations have already seen the benefits of migrating to the cloud – and will continue their transition in the next few years. Biometrics – Physical and behavioral biometrics have been identified as the next big step for cybersecurity. By investing in these new technologies, companies can create seamless interactions with their consumers. Download Now [1] Gens, F., Whalen, M., Carnelley, P., Carvalho, L., Chen, G., Yesner, R., . . . Wester, J. (2019, October). IDC FutureScape: Worldwide IT Industry 2020 Predictions. Retrieved January 08, 2021, from https://www.idc.com/getdoc.jsp?containerId=US45599219

The COVID-19 pandemic and resulting rush to transition to a remote lifestyle made it clear that many businesses need a refreshed digital authentication and fraud prevention strategy that includes an investment in technology and provides consumer assurance. This is particularly important when it comes to identity, as many of the standard in-person verification methods and tools are currently unavailable. The meaning of identity is growing and shifting Technology trends are intersecting with social trends to create heightened awareness, and a whole new public conversation has emerged around customer trust and privacy. Attitudes and ideas are changing—even to the point of what we mean by “identity.” An identity is no longer just a name, date of birth, and SSN. Now, there are digital manifestations everywhere you look: screen names, email addresses, mobile phone numbers, device identifiers, and the other “exhaust” we leave behind as we travel the internet. This leads to concerns about what an identity is, who owns it, and who manages and protects it. Businesses have to be able to prove to their ability to protect their customers’ identities through investment in technology and a robust fraud strategy. Consumer attitudes are changing Several years ago, consumers were excited by all the new digital capabilities and the speed, ease, and convenience they provided. Last year, Experian found that consumers still wanted those things, with 70% willing to provide more information to businesses if there was a perceived benefit. However, they also wanted more security in the balance. In Experian’s most recent Global Identity and Fraud Report, we found that 74% of consumers say that security is the most important factor when deciding to engage with a business. Consumers are particularly more tolerant of friction during the enrollment process—as a means of building trust. But, when they return to the app or website, they want to be recognized. This means achieving a balance by using layered technologies, some of which are active and visible to the consumer, and some of which are invisibly working in the background to confirm the identity of returning consumers. Consumer attitudes vs. regulatory pressure The drivers behind the business changes are twofold: shifting consumer attitudes and regulatory changes. While regulations are becoming stricter on a national and global level, they’re not keeping pace with technology and social change. The digital world is evolving at a rapid pace, opening up more new ways for companies to collect information about consumers and use it to identify and verify, and also to target goods and services. With all of this data available, it’s important for businesses to use the tools in the market to help protect identity information. Next steps in technology The bottom line is, businesses can’t wait for regulations to dictate how best to protect information. Instead, they should be looking to technologies like physical and behavioral biometrics to help provide identity authentication and protection – layering those solutions with information from the user and from third parties to give a holistic consumer view. Businesses should adopt a platform approach for identity and fraud in order to be able to adapt quickly, whether to incorporate new kinds of technology or to prevent emerging types of fraud. By investing in technology now, even in the midst of the COVID-19 pandemic, businesses can build the flexibility needed to respond to future crises and help offset future fraud losses. In turn, those fraud-loss savings can then be used to help grow the business in the future. Learn more about Experian’s commitment to helping businesses maximize their investment in technology to safeguard against fraud. Learn more

Security. Convenience. Personalization. Finding the balance between these three priorities is key to creating a safe and low-friction customer experience. We surveyed more than 6,500 consumers and 650 businesses worldwide about these priorities for our 2020 Global Identity and Fraud Report: Most business are focusing on personalization, specifically in relation to upselling and cross-selling. This is frustrating customers who are looking for increases in both security and convenience. It’s possible to have all three. Read Full Report

Update: After closely monitoring updates from the WHO, CDC, and other relevant sources related to COVID-19, we have decided to cancel our 2020 Vision Conference. If you had the chance to experience tomorrow, today, would you take it? What if it meant you could get a glimpse into the future technology and trends that would take your organization to the next level? If you’re looking for a competitive edge – this is it. For more than 38 years, Experian’s premier conference has connected business leaders to data-driven ideas and solutions, fueling them to target new markets, grow existing customer bases, improve response rates, reduce fraud and increase profits. What’s in it for you? Everything to gain and nothing to lose. Are you a marketer? These sessions were made to drive your conversion rates to new heights: Know your customers via omnichannel marketing: Your customers are everywhere, but can you reach them? Learn how to drive business-expansion strategy, brand affinity and customer engagement across multiple channels. Plus, gain insight into connecting with customers via one-to-one messaging. By invitation only, the future of ITA marketing: An evolving landscape means marketers face new challenges in effectively targeting consumers while staying compliant. In this session, we’ll explore how you can leverage fair lending-friendly marketing data for targeting, analysis and measurement. Want the latest in technology trends? Dive into discussions to transform your customer experience: Credit in the age of technology transformation: Machine learning and artificial intelligence are the current darlings of big data, but the platform that drives the success of any big data endeavor is crucial. This session will dive into what happens behind the curtain. Put away your plastic – next-generation identity: An industry panel of experts discusses the newest digital identity and authentication capabilities – those in use today and also exciting solutions on the horizon. How about for the self-proclaimed data geeks? Analyze these: Alternative data: Listen in on an in-depth conversation about creative and impactful examples of using emerging data assets, such as alternative and consumer-permissioned data, for improved consumer inclusion, risk assessment and verification services. The next wave in open data: Experian will share their views on the potential of advanced data and models and how they benefit the global value chain – from consumer scores to business opportunities – regardless of local regulations. And the risk masters? Join us as we kick fraud to the curb: Understanding and tackling synthetic ID fraud: Synthetic IDs present a serious challenge for our entire industry. This expert panel will explore the current landscape – what’s working and what’s not, the expected impact of the next generation SSA eCBSV service, and best practice prevention methods. You are your ID – the new reality of biometrics: Consumers are becoming increasingly comfortable with biometrics. Just as CLEAR has transformed how we use our biometric identity to move through airports, sports venues and more, financial transactions can also be made friction-free. The point is, there’s something for everyone at Vision 2020. It’s not just another conference. Trade in stuffy tradeshow halls and another tri-fold brochure for the insights and connections you need to take your career and organization to the next level. Like technology itself, Vision 2020 promises to connect us, unify us and enable us all to create a better tomorrow. Join us for unique networking opportunities, one-on-one conversations with subject-matter experts and more than 50 breakout sessions with the industry’s most sought-after thought leaders.    

If you’ve seen an uptick in photos of friends and celebrities looking older with wrinkles on your social media feeds, you’re not alone. A new free photo editor has taken the internet by a storm, featuring an AI-powered image-altering application that allows users to see their “future self.” All you have to do is upload a single photo (or few) from your camera roll to be enhanced. While this may seem like harmless fun, the app is now making headlines over increased privacy concerns about what occurs behind the scenes once users submit their selfies. Red flags were raised when multiple alleged negative implications were connected to the app – including the app’s ownership and the potential risk that the app downloaded a user’s entire photo album onto their database. In fact, the privacy concerns also prompted Democratic Party officials to implore federal agencies, including the FBI, “to look into the potential national security and privacy risks the phone app poses to the United States.” Since then, the app’s creators have addressed these concerns, stating most of the photo processing occurs in the cloud and most photos are deleted within 48 hours. Additionally, the only photos uploaded are ones that have been personally submitted by the user. Regardless, a database of user-submitted photos could be seen as a goldmine to fraudsters. In a time where personal and biometric data (including facial recognition) are some of the key ways to validate security, it’s important for consumers to be aware of how and where they’re sharing their data, whether it’s for an age-progression photo app, or their financial accounts. Consumers, businesses, financial institutions – everyone – should exhibit caution and take measures to ensure personal information remains secure and is not being used for nefarious reasons. While consumers may be aware that businesses are collecting data, companies should take steps to form digital trust with transparency. This could be achieved by: Educating consumers on how their data is being used Effectively communicating privacy policies and service terms more concisely Helping consumers feel in control of their information To learn more about research that indicates a shift to advanced authentication methods (including biometrics), fraud trends and how to combat them, download our e-book. Download Now

For most businesses, building the best online experience for consumers requires a balance between security and convenience. But the challenge has always been finding a happy medium between the two – offering enough security that won’t get in the way of convenience and vice versa. In the past, it was always believed that one would always come at the expense of the other. But technology and innovation is changing how businesses approach security and is allowing them to give the maximum potential of both. Consumers want security AND convenience Consumers consider security and convenience as the foundation of their online experience. Findings from our 2019 Global Identity and Fraud Report revealed approximately 74 percent of consumers ranked security as the most important part of their online experience, followed by convenience. In other words, they expect businesses to provide them with both. We see this with how consumers are typically using the same security information each time they open a new digital account – out of convenience. But if one account is compromised, the consumer becomes vulnerable to possible fraudulent activity. With today’s technology, businesses can give consumers an easier and more secure way to access their digital accounts. Creating the optimal online experience More security usually meant creating more passwords, answering more security questions, completing CAPTCHA tests, etc. While consumers are willing to work through these friction-inducing methods to complete a transaction or access an account, it’s not always the most convenient process. Advanced data and technology has opened doors for new authentication methods, such as physical and behavioral biometrics, digital tokenization, device intelligence and machine learning, to maximize the potential for businesses to provide the best online experience possible. In fact, consumers have expressed greater confidence in businesses that implement these advanced security methods. Rates of consumer confidence in passwords was only 44 percent, compared to a 74 percent rate of consumer confidence in physical biometrics. Consumers are willing to embrace the latest security technology because it provides the security and convenience they want from businesses. While traditional forms of security were sufficient, advanced authentication methods have proven to be more reliable forms of security that consumers trust and can improve their online experience. The optimal online experience is a balance between security and convenience. Innovative technologies and data are helping businesses protect people’s identities and provide consumers with an improved online experience.  

Perhaps more than ever before, technology is changing how companies operate, produce and deliver products and services to their customers. Similarly, technology is also driving a shift in customer expectation in how, when and where they consume products and services. But these changes aren’t just relegated to the arenas where tech giants with household names, like Amazon and Google, play. Likewise, financial institutions of every size are also fielding the changes brought on by innovations to the industry in recent years. According to this report by PWC, 77% of firms plan on dedicating time and budgets to increase innovation. But what areas make the most sense for your business? With a seemingly constant shift in consumer and corporate focus, it can be difficult to know which technological advancements are imperative to your company’s success and which are just the latest fizzling buzzword. As you evaluate innovation investments for your organization in 2019 and beyond, here’s a list of four technology innovations that are already changing the financial sector or will change the banking landscape in the near future. The APIs of Open Banking Ok, it’s not a singular innovation, so I’m cheating a bit here, but it’s a great place to begin the conversation because it comprises and sets the stage for many of the innovations and technologies that are in use today or will be implemented in the future. Created in 2015, the Open Banking Standard defined how a bank’s system data or consumer-permissioned financial data should be created, accessed and shared through the use of application programming interfaces or APIs. When financial institutions open their systems up to third-party developer partners, they can respond to the global trends driving change within the industry while greatly improving the customer experience. With the ability to securely share their financial data with other lenders, greater transparency into the banking process, and more opportunities to compare product offerings, consumers get the frictionless experience they’ve come to expect in just about every aspect of life – just not necessarily one that lenders are known for. But the benefits of open banking are not solely consumer-centric. Financial institutions are able to digitize their product offerings and thus expand their market and more easily share data with partners, all while meeting clients’ individualized needs in the most cost-effective way. Biometrically speaking…and smiling Verifying the identity of a customer is perhaps one of the most fundamental elements to a financial transaction. This ‘Know Your Customer’ (KYC) process is integral to preventing fraud, identity theft, money laundering, etc., but it’s also time-consuming and inconvenient to customers. Technology is changing that. From thumbprint and, now, facial recognition through Apple Pay, consumers have been using biometrics to engage with and authorize financial transactions for some time now. As such, the use of biometrics to authenticate identity and remove friction from the financial process is becoming more mainstream, moving from smartphones to more direct interaction. Chase has now implemented voice biometrics to verify a consumer’s identity in customer service situations, allowing the company to more quickly meet a customer’s needs. Meanwhile, in the US and Europe, Visa is testing biometric credit cards that have a fingerprint reader embedded in the card that stores his or her fingerprint in order to authenticate their identity during a financial transaction. In China, companies like Alipay are taking this to the next level by allowing customers to bypass the phone entirely with its ‘pay with a smile’ service. First launched in KFC restaurants in China, the service  is now being offered at hospitals as well. How, when and where a consumer accesses their financial institution data actually creates a digital fingerprint that can be verified. While facial and vocal matching are key components to identity verification and protecting the consumer, behavioral biometrics have also become an important part of the fraud prevention arsenal for many financial institutions. These are key components of Experian’s CrossCore solution, the first open fraud and identity platform partners with a variety of companies, through open APIs discussed above. Not so New Kid on the Block(chain) The first Bitcoin transaction took place on January 12, 2009. And for a number of years, all was quiet. Then in 2017, Bitcoin started to blow up, creating a scene reminiscent of the 1850s California gold rush. Growing at a seemingly exponential rate, the cryptocurrency topped out at a per unit price of more than $20,000. By design cryptocurrencies are decentralized, meaning they are not controlled or regulated by a single entity, reducing the need for central third-party institutions, i.e. banks and other financial institutions to function as central authorities of trust. Volatility and regulation aside, it’s understandable why financial institutions were uneasy, if not skeptical of the innovation. But perhaps the most unique characteristic of cryptocurrencies is the technology on which they are built: blockchain. Essentially, a blockchain is just a special kind of database. The database stores, validates, transfers and keeps a ledger of transfers of encrypted data—records of financial transfers in the case of Bitcoin. But these records aren’t stored on one computer as is the case with traditional databases. Blockchain leverages a distributed ledger or distributed trust approach where a full copy of the database is stored across many distributed processing nodes and the system is constantly checking and validating the contents of the database. But a blockchain can store any type of data, making it useful in a wide variety of applications including tracking the ownership digital or physical assets or the provenance of documents, etc. From clearing and settlements, payments, trade finance, identity and fraud prevention, we’re already seeing financial institutions explore and/or utilize the technology. Santander was the first UK bank to utilize blockchain for their international payments app One Pay FX. Similarly, other banks and industry groups are forming consortiums to test the technology for other various uses. With all this activity, it’s clear that blockchain will become an integral part of financial institutions technology and operations on some level in the coming years. Robot Uprising Rise in Robots While Artificial Intelligence seems to have only recently crept into pop-culture and business vernacular, it was actually coined in 1956 by John McCarthy, a researcher at Dartmouth who thought that any aspect of learning or intelligence could essentially be taught to a machine. AI allows machines to learn from experience, adjust to new inputs and carry out human-like tasks. It’s the result of becoming ‘human-like’ or the potential to become superior to humans that creeps out people like my father, and also worries others like Elon Musk. Doomsday scenarios a la Terminator aside, it’s easy to see how the tech can and is useful to society. In fact, much of the AI development done today uses human-style reasoning as a model, but not necessarily the ultimate aim, to deliver better products and services. It’s this subset of AI, machine learning, that allows companies like Amazon to provide everything from services like automatic encryption in AWS to products like Amazon Echo. While it’s much more complex, a simple way to think about AI is that it functions like billions of conditional if-then-else statements working in a random, varied environment typically towards a set goal. Whereas in the past, programmers would have to code these statements and input reference data themselves, machine learning systems learn, modify and map between inputs and outputs to create new actions based on their learning. It works by combining the large amounts of data created on a daily basis with fast, iterative processing and intelligent algorithms, allowing the program to learn from patterns in the data and make decisions. It’s this type of machine learning that banks are already using to automate routine, rule-based tasks like fraud monitoring and also drive the analytical environments used in their risk modeling and other predictive analytics. Whether or not you’ve implemented AI, machine learning or bot technology into your operations, it’s highly likely your customers are already leveraging AI in their home lives, with smart home devices like Amazon Echo and Google Home. Conversational AI is the next juncture in how people interface with each other, companies and life in general. We’re already seeing previews of what’s possible with technologies like Google Duplex. This has huge implication for the financial services industry, from removing friction at a transaction level to creating a stickier, more engaging customer experience. To that end, according to this report from Accenture, AI may begin to provide in-the-moment, holistic financial advice that is in a customer’s best interest.   It goes without saying that the market will continue to evolve, competition will only grow more fierce, consumer expectation will continue to shift, and regulation will likely become more complex. It’s clear technology can be a mitigating factor, even a competitive differentiator, with these changing industry variables. Financial institutions must evolve corporate mindsets in their approach to prioritize innovations that will have the greatest enterprise-wide impact. By putting together an intelligent mix of people, process, and the right technology, financial institutions can better predict consumer need and expectation while modernizing their business models.

In my last post I discussed the problem with confusing what I would call “real” Knowledge Based Authentication (KBA) with secret questions.   However, I don’t think that’s where the market focus should be.  Instead of looking at Knowledge Based Authentication (KBA) today, we should be looking toward the future, and the future starts with risk-based authentication. If you’re like most people, right about now you are wondering exactly what I mean by risk-based authentication.  How does it differ from Knowledge Based Authentication, and how we got from point A to point B? It is actually pretty simple.  Knowledge Based Authentication is one factor of a risk-based authentication fraud prevention strategy.  A risk- based authentication approach doesn’t rely on question/answers alone, but instead utilizes fraud models that include Knowledge Based Authentication performance as part of the fraud analytics to improve fraud detection performance.  With a risk-based authentication approach, decisioning strategies are more robust and should include many factors, including the results from scoring models. That isn’t to say that Knowledge Based Authentication isn’t an important part of a risk-based approach.  It is.  Knowledge Based Authentication is a necessity because it has gained consumer acceptance. Without some form of Knowledge Based Authentication, consumers question an organization’s commitment to security and data protection. Most importantly, consumers now view Knowledge Based Authentication as a tool for their protection; it has become a bellwether to consumers. As the bellwether, Knowledge Based Authentication has been the perfect vehicle to introduce new and more complex authentication methods to consumers, without them even knowing it.  KBA has allowed us to familiarize consumers with out-of-band authentication and IVR, and I have little doubt that it will be one of the tools to play a part in the introduction of voice biometrics to help prevent consumer fraud. Is it always appropriate to present questions to every consumer?  No, but that’s where a true risk-based approach comes into play.  Is Knowledge Based Authentication always a valuable component of a risk based authentication tool to minimize fraud losses as part of an overall approach to fraud best practices?  Absolutely; always. DING!