Tag: Identity proofing

Meeting Know Your Customer (KYC) regulations and staying compliant is paramount to running your business with ensured confidence in who your customers are, the level of risk they pose, and maintained customer trust. What is KYC?KYC is the mandatory process to identify and verify the identity of clients of financial institutions, as required by the Financial Conduct Authority (FCA). KYC services go beyond simply standing up a customer identification program (CIP), though that is a key component. It involves fraud risk assessments in new and existing customer accounts. Financial institutions are required to incorporate risk-based procedures to monitor customer transactions and detect potential financial crimes or fraud risk. KYC policies help determine when suspicious activity reports (SAR) must be filed with the Department of Treasury’s FinCEN organization. According to the Federal Financial Institutions Examinations Council (FFIEC), a comprehensive KYC program should include:• Customer Identification Program (CIP): Identifies processes for verifying identities and establishing a reasonable belief that the identity is valid.• Customer due diligence: Verifying customer identities and assessing the associated risk of doing business.• Enhanced customer due diligence: Significant and comprehensive review of high-risk or high transactions and implementation of a suspicious activity-monitoring system to reduce risk to the institution. The following organizations have KYC oversight: Federal Financial Institutions Examinations Council (FFIEC), Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), national Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB). How to get started on building your Know Your Customer checklist 1. Define your Customer Identification Program (CIP) The CIP outlines the process for gathering necessary information about your customers. To start building your KYC checklist, you need to define your CIP procedure. This may include the documentation you require from customers, the sources of information you may use for verification and the procedures for customer due diligence. Your CIP procedure should align with your organization’s risk appetite and be comply with regulations such as the Patriot Act or Anti-money laundering laws. 2. Identify the customer's information Identifying the information you need to gather on your customer is key in building an effective KYC checklist. Typically, this can include their first and last name, date of birth, address, phone number, email address, Social Security Number or any government-issued identification number. When gathering sensitive information, ensure that you have privacy and security controls such as encryption, and that customer data is not shared with unauthorized personnel. 3. Determine the verification method There are various methods to verify a customer's identity. Some common identity verification methods include document verification, facial recognition, voice recognition, knowledge-based authentication, biometrics or database checks. When selecting an identity verification method, consider the accuracy, speed, cost and reliability. Choose a provider that is highly secure and offers compliance with current regulations. 4. Review your checklist regularly Your KYC checklist is not a one and done process. Instead, it’s an ongoing process that requires periodic review, updates and testing. You need to periodically review your checklist to ensure your processes are up to date with the latest regulations and your business needs. Reviewing your checklist will help your business to identify gaps or outdated practices in your KYC process. Make changes as needed and keep management informed of any changes. 5. Final stage: quality control As a final step, you should perform a quality control assessment of the processes you’ve incorporated to ensure they’ve been carried out effectively. This includes checking if all necessary customer information has been collected, whether the right identity verification method was implemented, if your checklist matches your CIP and whether the results were recorded correctly. KYC is a vital process for your organization in today's digital age. Building an effective KYC checklist is essential to ensure compliance with regulations and mitigate risk factors associated with fraudulent activities. Building a solid checklist requires a clear understanding of your business needs, a comprehensive definition of your CIP, selection of the right verification method, and periodic reviews to ensure that the process is up to date. Remember, your customers' trust and privacy are at stake, so iensuring that your security processes and your KYC checklist are in place is essential. By following these guidelines, you can create a well-designed KYC checklist that reduces risk and satisfies your regulatory needs. Taking the next step Experian offers identity verification solutions as well as fully integrated, digital identity and fraud platforms. Experian’s CrossCore & Precise ID offering enables financial institutions to connect, access and orchestrate decisions that leverage multiple data sources and services. By combining risk-based authentication, identity proofing and fraud detection into a single, cloud-based platform with flexible orchestration and advanced analytics, Precise ID provides flexibility and solves for some of financial institutions’ biggest business challenges, including identity and fraud as it relates to digital onboarding and account take over; transaction monitoring and KYC/AML compliance and more, without adding undue friction. Learn more *This article includes content created by an AI language model and is intended to provide general information.

Trust is the primary factor in any business building a long-lasting relationship, especially when a company operates globally and wants to build a loyal customer base. With the rapid acceleration of digital shopping and transactions comes a growing fraud landscape. And, given the continual increase of people wanting to transact online, marketplace companies – from ecommerce apps, ridesharing, to rental companies – need to have ideal strategies in place to protect themselves and their customers from fraudulent activities. Without ideal risk mitigation or comprehensive fraud and identity proofing strategies, marketplaces may find themselves facing the following: Card-not-present (CNP) Fraud: As online shopping increases, customers can’t provide a credit card directly to the merchant. That’s why fraudsters can use stolen credit card information to make unauthorized transactions. And in most cases, card owners are unaware of being compromised. Without an integrated view of risk, existing credit card authentication services used in isolation can result in high false positives, friction and a lack of card issuer support. Unverified Consumer Members, Vendors, Hosts & Drivers: From digital marketplace merchants like Etsy and Amazon, to peer-to-peer sharing economies like AirBnB, Uber and Lyft, the marketplace ecosystem is prone to bad actors who use false ID techniques to exploit both the platform and consumers for monetary gain. Additionally, card transaction touchpoints across the customer lifecycle increases risks of credit card authentication. This can be at account opening, account management when changes to existing account information is necessary, or at checkout. Buy Now, Pay Later (BNPL) Muling: While a convenient way for consumers to plan for their purchases, experts warn that without cautionary and security measures, BNPL can be a target for digital fraud. Fraudsters may use their own or fabricated identities or leverage account takeover to gain access to a legitimate user’s account and payment information to make purchases with no intent to repay. This leaves the BNPL provider at the risk of unrecoverable monetary losses that can impact the business’ risk tolerance. Forged Listings & Fake Accounts: Unauthorized vendors that create a fake account using falsified identities, stolen credit cards and publish fake listings and product reviews are another threat faced by ecommerce marketplaces. These types of fraud can happen without the vast data sources necessary to assess the risk of a customer and authenticate credit cards among other fraud and identity verification solutions. By not focusing on establishing trust, fraud mitigation management solutions and identity proofing strategies, businesses can often find themselves with serious monetary, reputational, and security qualms. Interested in learning more? Download Experian’s Building Trust in Digital Marketplaces e-book and discover the strategies digital marketplaces, like the gig economy and peer-to-peer markets, can take to keep their users safe, and protected from fraudulent activity. For additional information on how Experian is helping businesses mitigate fraud, explore our comprehensive suite of identity and fraud solutions. Download e-book

The fraud problem is ever-present, with 94% of businesses reporting it as a top priority, and fraudsters constantly finding new targets for theft. Preventing fraud requires a carefully orchestrated strategy that can recognize and treat a variety of types — without adding so much friction that it drives customers away. Experian’s fraud prevention and detection platform, CrossCore®, was recently named an Overall Leader, Product Leader in Fraud Reduction Intelligence Platforms, Innovation Leader and Market Leader in Fraud Reduction by KuppingerCole. CrossCore is an integrated digital identity and fraud risk platform that enables organizations to connect, access, and orchestrate decisions that leverage multiple data sources and services. CrossCore combines risk-based authentication, identity proofing, and fraud detection into a single, state-of-the-art cloud platform. It engages flexible decisioning workflows and advanced analytics to make real-time risk decisions throughout the customer lifecycle. This recognition highlights Experian’s comprehensive approach to combating fraud and validates that CrossCore offers best-in-class capabilities by augmenting Experian’s industry-leading identity and fraud offerings with a highly curated ecosystem of partners which enables further optionality for organizations based on their specific needs. To learn more about how CrossCore can benefit your organization, read the report or visit us. Learn more

What Is Identity Proofing? Identity proofing, authentication and management are becoming increasingly complex and essential aspects of running a successful enterprise. Organizations need to get identity right if they want to comply with regulatory requirements and combat fraud. It's also becoming table stakes for making your customers feel safe and recognized. 63 percent of consumers expect businesses to recognize them online, and 48 percent say they're more trusting of businesses when they demonstrate signs of security. Identify proofing is the process organizations use to collect, validate and verify information about someone. There are two goals — to confirm that the identity is real (i.e., it's not a synthetic identity) and to confirm that the person presenting the identity is its true owner. The identity proofing process also relates to and may overlap with other aspects of identity management. Identity proofing vs identity authentication Identity proofing generally takes place during the acquisition or origination stages of the customer lifecycle — before someone creates an account or signs up for a service. Identity authentication is the ongoing process of re-checking someone's identity or verifying that they have the authorization to make a request, such as when they're logging into an account or trying to make a large transaction. How does identity proofing work? Identity proofing typically involves three steps: resolution, validation, and verification. Resolution: The goal of the first step is to accurately identify the single, unique individual that the identity represents. Resolution is relatively easy when detailed identity information is provided. In the real world, collecting detailed data conflicts with the need to provide a good customer experience. Resolution still has to occur, but organizations have to resolve identities with the minimum amount of information. Validation: The validation step involves verifying that the person's information and documentation are legitimate, accurate and up to date. It potentially involves requesting additional evidence based on the level of assurance you need. Verification: The final step confirms that the claimed identity actually belongs to the person submitting the information. It may involve comparing physical documents or biometric data and liveness tests, such as a comparison of the driver's license to a selfie that the person uploads. Different levels of identity proofing may require various combinations of these steps, with higher-risk scenarios calling for additional checks such as biometric or address verification. Service providers can implement a range of methods based on their specific needs, including document verification, database validation, or knowledge-based authentication. Building an effective identity proofing strategy By requiring identity proofing before account opening, organizations can help detect and deter identity fraud and other crimes. You can use different online identity verification methods to implement an effective digital identity proofing and management system. These may include: Document verification plus biometric data: The consumer uploads a copy of an identification document, such as a driver's license, and takes a selfie or records a live video of their face. Database validations: The proofing solution verifies the shared identifying information, such as a name, date of birth, address and Social Security number against trusted databases, including credit bureau and government agency data. Knowledge-based authentication (KBA): The consumer answers knowledge-based questions, such as account information, to confirm their identity. It can be a helpful additional step, but they offer a low level of assurance, partially because data breaches have exposed many people's personal information. In part, the processes you'll use may depend on business policies, associated risks and industry regulations, such as know your customer (KYC) and anti-money laundering (AML) requirements. But organizations also have to balance security and ease of use. Each additional check or requirement you add to the identity proofing flow can help detect and prevent fraud, but the added friction they bring to your onboarding process can also leave customers frustrated — and even lead to customers abandoning the process altogether. Finding the right amount of friction can require a layered, risk-based approach. And running different checks during identity proofing can help you gauge the risk involved. For example, comparing information about a device, such as its location and IP address, to the information on an application. Or sending a one-time password (OTP) to a mobile device and checking whether the phone number is registered to the applicant's name. With the proper systems in place, you can use high-risk signals to dynamically adjust the proofing flow and require additional identity documents and checks. At the same time, if you already have a high level of assurance about the person's identity, you can allow them to quickly move through a low-friction flow. Experian goes beyond identity proofing Experian builds on its decades of experience with identity management and access to multidimensional data sources to help organizations onboard, authenticate and manage customer identities. Our identity proofing solutions are compliant with National Institute of Standards and Technology (NIST) and enable agencies to confidently verify user identities prior to or during account opening, biometric enrollment or while signing up for services. Learn more   This article includes content created by an AI language model and is intended to provide general information.

Across all levels of government, we are seeing a surge in digital modernization — transforming the delivery of traditional services into a contactless, digital environment. Whether it is with the Social Security Administration’s digital modernization effort, the state of California’s Vision 2023, or even at the local level with counties modernizing digital access to records for their citizens. This comes at a time when identity fraud in government services is growing at an alarming rate, with an increase of over 2,900 percent related to government benefits or document fraud in 2020 according to the FTC. A key challenge for any agency planning digital modernization is balancing access with security. This is particularly critical in an environment where over 1 billion records were exposed over a recent five-year span. Given the U.S. population is currently about 330 million, that means each citizen had an average of three breach exposures. Therefore, identity proofing must be a critical part of any agency modernization effort. National Institute of Standards and Technology Special Publication (NIST SP) 800-63 revision 3 lays out a risk assessment to help organizations determine the appropriate level of security to apply based on six areas of impact. However, identity proofing a new citizen through digital channels requires significant friction at levels above Identity Assurance Level 1 (IAL1). The stringent requirement for a biometric match in this standard at IAL2 presents a real challenge to the balance mentioned above, which has led agencies to seek alternatives that both combat the risk of fraud and identity theft and are operationally sound. Experian has been supporting the private sector in this endeavor for years, helping them effectively manage identity theft and fraud concerns while allowing seamless access to services for the vast majority of their consumers. This risk-based approach through our CrossCore® platform and multitude of options to identify and combat fraud allows agencies to deliver the security and accessibility expected by their citizens. CrossCore allows agencies to verify and identify citizens using multiple data points: Traditional personally identifiable information (name, address, Social Security number, date of birth) Email Phone number Device identification Biometrics CrossCore can instantly take the risk information from these risk signals above and initiate additional verification where there is a higher risk of identity theft or fraud, including knowledge-based verification (KBV), one-time passcode (OTP) to a trusted phone number linked to the identity being presented, or even remotely verifying identity documents (e.g., driver’s license, passport, etc.) through our new CrossCore Doc Capture solution. Just recently, Experian helped a state lottery agency implement an efficient identity proofing system to enable digital redemption of winning tickets, saving both the government and the citizens time and money. Experian’s identity, verification, and fraud solutions can help government agencies of all sizes on their journey to digital modernization. To learn more about the options available to your agency, visit us or request a call. CrossCore Doc Capture

Over the past year and a half, the development of digital identity has shifted the ways businesses interact with consumers. Companies across every industry have incorporated digital services, biometrics, and other verification tools to enhance the consumer experience without increasing risk.   Changing consumer expectations   A digital identity strategy is no longer a nice-to-have, it’s table stakes. Consumers expect to be recognized across platforms and have a seamless experience every time.   89% of consumers use mobile banking 80% of companies now have a customer recognition strategy in place 55% of banking customers say they plan to visit the bank branch less often moving forward   Businesses are responding to these changing expectations while working to grow during the economic recovery – trying to balance consumer experience with risk appetite and bottom-line goals. The present state of digital identity   Digital identity strategies require both standardization and interoperability. The first provides the ability to consistently capture data and characteristics that can be used to recognize a specific individual. The second allows businesses to resolve an identity to a specific person – recognizing a phone number, user ID and password, or a device – and use that information to determine if the user of the identity is in fact the identity owner.   There are some roadblocks on the road to a seamless digital identity strategy. Issues include a lack of consumer trust and an ambiguous regulatory landscape – creating friction on both ends of the equation.   Recipe for success   To succeed, businesses need a framework that can reliably use different combinations of physical and digital identity data to determine that the person behind the identity is a known, verified, and unique individual. A one-size-fits-all solution doesn’t exist. However, a layered approach allows businesses to modernize identity, providing the services consumers want and expect while remaining agile in an ever-changing environment.   In our newest white paper, developed in partnership with One World Identity, we explore the obstacles hindering digital identity management, and the best way to build a layered solution that is flexible, trustworthy, and inclusive.   To learn more, download our “Capturing the Digital Evolution Through a Layered Approach” white paper. Download white paper

Sometimes, the best offense is a good defense. That’s certainly true when it comes to detecting synthetic identities, which by their very nature become harder to find the longer they’ve been around. To launch an offense against synthetic identity fraud, you need to defend yourself from it at the top of your new customer funnel. Once fraudsters embed their fake identity into your portfolio, they become nearly impossible to detect. The Challenge Synthetic identity fraud is the fastest-growing type of financial crime in the United States. The cost to businesses is hard to determine because it’s not always caught or reported, but the amounts are staggering. According to the Aite Group, it was estimated to total at least $820 million in 2017 and grow to $1.2 billion by 2020. This type of theft begins when individual thieves and large-scale crime rings use a combination of compromised personal information—like unused social security numbers—and fabricated data to stitch together increasingly sophisticated personas. These well-crafted synthetic identities are hard to differentiate from the real deal. They often pass Know Your Customer, Customer Identification Program and other onboarding checks both in person and online. This puts the burden on you to develop new defense strategies or pay the price. Additionally, increasing pressure to grow deposits and expand loan portfolios may coincide with the relaxation of new customer criteria, allowing even more fraudsters to slip through the cracks. Because fraudsters nurture their fake identities by making payments on time and don’t exhibit other risk factors as their credit limits increase, detecting synthetic identities becomes nearly impossible, as does defending against them. How This Impacts Your Bottom Line Synthetic identity theft is sometimes viewed as a victimless crime, since no single individual has their entire identity compromised. But it’s not victimless. When undetected fraudsters finally max out their credit lines before vanishing, the financial institution is usually stuck footing the bill. These same fraudsters know that many financial institutions will automatically settle fraud claims below a specific threshold. They capitalize on this by disputing transactions just below it, keeping the goods or services they purchased without paying. Fraudsters can double-dip on a single identity bust-out by claiming identity theft to have charges removed or by using fake checks to pay off balances before maxing out the credit again and defaulting. The cost of not detecting synthetic identities doesn’t stop at the initial loss. It flows outward like ripples, including: Damage to your reputation as a trusted organization Fines for noncompliance with Know Your Customer Account opening and maintenance costs that are not recouped as they would be with a legitimate customer Mistakenly classifying fraudsters as bad debt write offs Monetary loss from fraudsters’ unpaid balances Rising collections costs as you try to track down people who don’t exist Less advantageous rates for customers in the future as your margins grow thinner These losses add up, continuing to impact your bottom line over and over again. Defensive Strategies So what can you do? Tools like eCBSV that will assist with detecting synthetic identities are coming but they’re not here yet. And once they’re in place, they won’t be an instant fix. Implementing an overly cautious fraud detection strategy on your own will cause a high number of false positives, meaning you miss out on revenue from genuine customers. Your best defense requires finding a partner to help you implement a multi-layered fraud detection strategy throughout the customer lifecycle. Detecting synthetic identities entails looking at more than a single factor (like length of credit history). You need to aggregate multiple data sets and connect multiple customer characteristics to effectively defend against synthetic identity fraud. Experian’s synthetic identity prevention tools include Synthetic Identity High Risk Score to incorporate the history and past relationships between individuals to detect anomalies. Additionally, our digital device intelligence tools perform link analyses to connect identities that seem otherwise separate. We help our partners pinpoint false identities not associated with an actual person and decrease charge offs, protecting your bottom line and helping you let good customers in while keeping false personas out. Find out how to get your synthetic identity defense in place today.

Whenever someone checks in for a flight, airport security needs to establish their identity. Prior to boarding the plane, passengers are required to show a government-issued ID. Agents check IDs for validity and compare the ID picture to the face of the person standing in front of them. This identity proofing is about making sure that would-be flyers really are who they claim to be. But what about online identity proofing? That’s much more challenging. Online banks certainly want to make sure they know a person’s identity before giving them access to their account. But for other online services, it’s fine to remain anonymous. The amount of risk involved in the engagement directly ties to the amount of verification and assurance needed for the individual. Government agencies care very much about identity. They won’t — and shouldn’t — issue a tax refund, provide a driver’s license or allow someone to sign up for Social Security benefits before they’re certain that the claimant’s identity is verified. Since we increasingly expect the same online user experience from government service providers as from online banks, hotel websites and retailers, this poses a challenge. How do government agencies establish a sufficient level of assurance for an online identity without sending their customers to a government office for face-to-face identity verification? To answer this challenge, the National Institute of Standards and Technology (NIST) has developed Digital Identity Guidelines. In its latest publication, SP 800-63-3, NIST helps government agencies implement their digital services while still mitigating the identity risks that come with online service provision. The ability to safely sign up, transact and interact with a government agency online has many benefits. Applying for something like unemployment insurance online is faster, cheaper and more convenient than using paper and waiting in line at a government field office. And for government agencies themselves, providing online services means that they can improve customer satisfaction levels while reducing their costs and subsequent bureaucracy. CrossCore®, was recently recognized by the independent Kantara Initiative for its conformance with NIST’s Digital Identity Guidelines for Identity Assurance (IAL2). Our document verification solution combines authoritative sources, machine learning and facial recognition technology to identify people accurately using photo-based government identification like a driver’s license or passport. The best part? Users can verify their identity in about 60 seconds, at whatever location they prefer, using their personal smartphone.

June 2018 will mark the one-year anniversary of the National Institute of Standards and Technology (NIST) release of Special Publication 800-63-3, Digital Identity Guidelines. While federal agencies are the most directly impacted, this guidance signals a seismic shift in identity proofing across the entire ecosystem of consumers, private sector businesses and public sector agencies. It’s the clearest claim I’ve seen to date that traditional, and rather basic, personally identifiable information (PII) verification should no longer be trusted for remote user interaction. For those of us in the fraud and identity space, this isn’t a new revelation, but one we as an industry have been dealing with for years. As the data breach floodgates continue to be pushed further open, PII is a commodity for the fraudsters, evident in PII prices on the dark web, which are often lower than your favorite latte. Identity-related schemes have increased due to fraud attacks shifting away from card compromise (due to the U.S. rollout of chip-and-signature cards), double-digit growth in online and mobile consumer channels, and high-profile fraud events within both the public and private sector. It’s no shock that NIST has taken a sledgehammer to previous guidance around identity proofing and replaced it with an aggressive and rather challenging set of requirements seemingly founded in the assumption that all PII (names, addresses, dates of birth, Social Security numbers, etc.) is either compromised or easily can be compromised in the future. So where does this leave us? I applaud the pragmatic approach to the new NIST standards and consider it a signal to all of us in the identity marketplace. It’s aggressive and aspirational in raising the bar in identity proofing and management. I welcome the challenge in serving our public sector clients, as we have done for nearly a decade. Our innovative approach to layered levels of identity verification, validation, risk assessment and monitoring adhere to the recommendations of the new NIST standards. I do, however, recommend that any institution applying these standards to their own processes and applications ensure they place equal focus on comparable alternatives for those addressable populations and users who are likely to either opt out of, or fail, initial verification steps stringently aligned with the new requirements. While too early to accurately forecast, it’s relatively safe to assume that the percentage of the population “falling out of the process” may easily be counted in the double digits. It’s only through advanced analytics and technology reliant on a significant breadth and depth of identity data and observations that we can provide trust and confidence across such a diverse population in age, demographics, expectations and access.

The sheer range of dynamic and emerging fraud tactics can impede agencies from achieving security. These threats must be met with a variety of identity proofing and management tactics. Without monitoring, performance assessments and tuning, a singular and static identity proofing strategy can be exposed by evolving schemes and the use of high-quality compromised identity data. Traditional verification and validation parameters alone are simply too obtuse and can be circumvented easily by those with criminal intent. Static rules based on overly simplistic verification and validation checks can be outsmarted by intelligent fraudsters. Conversely, those same static rules must also have built-in mechanisms to accommodate true-name users who initially may not meet that criteria for identity proofing. Vast and diverse user populations, more arduous — and arguably more difficult to achieve — digital identity guidelines put forth by the National Institute of Standards and Technology, and operational constraints all pose significant challenges for government. But there are ways for government to modernize identity proofing successfully. Modern fraud and identity strategies There are many emerging trends and best practices for modern fraud and identity strategies, including: Applying right-sized fraud and identity proofing solutions. To reduce user friction or service disruption and manage fraud risk appropriately, agencies need to apply fraud mitigation strategies. Such strategies reflect the cost, measured risk and level of confidence, as well as compliance needed, for each interaction. This is called right-sizing the fraud solution. For example, agencies can cater a fraud solution that ensures a seamless experience when a citizen is calling a service center, versus an online interaction, versus a face-to-face one. Maintaining a universal view of the user. Achieved by employing a diverse breadth and depth of data assets and applied analytics, this tactic is the core of modern fraud mitigation and identity management. Knowing the individual user extends beyond a traditional 360-degree view. It means having knowledge of a person’s offline and online behavior, not only with your agency, but also with other agencies with which that user has a relationship. Expanding user view through a blended ecosystem. Increasingly, agencies are participating in a blended ecosystem — working with vendors, peer agencies and partners. There exists a collaborative culture in identity and fraud management that doesn’t exist in more competitive commercial environments. Fraudsters easily share information with one another, so those combatting it need to share information as well. Achieving agility and scale using service-based models. More agencies are adopting service-based models that provide greater agility and response to dynamic fraud threats, diverse population changes, and evolving compliance requirements or guidance. Service-based identity proofing provides government agencies the benefit of regularly updated data assets, analytics and expertise in strategy design. These assets are designed to respond to fraud or identity intelligence observed across various markets and industries, often protecting proactively rather than reactively. Future-proofing fraud solution choices. Technical and operational resources are always in relatively short supply compared to demand. Agencies need the ability to “code once” in order to expand and evolve their fraud strategies with ease. Future-proofing solutions must also be combined with an ever-changing set of identity proofing requirements and best practices, powered by a robust and innovative marketplace of service providers. The future of identity proofing in the public sector is more than just verifying individual identities. New standards in digital identity proofing are a responsive result of mass data compromise and failures in legacy techniques. Achieving compliant and confident identity assurance requires a layered approach, flexibly designed and orchestrated to accommodate diverse identity assertions, evidence, and contextual invocation of technologies and data assets. Government must now use risk-based approaches and mitigation strategies to identity threats quickly and determine the type of fraud before damage is done. Download our recent report in which we discuss the primary challenges of identity proofing in the public sector and what modernization of identity proofing looks like.

Earlier this week, Javelin Strategy & Research announced its inaugural edition of the 2017 Identity Proofing Platform Awards. We were honored to see CrossCore as the leader – taking the award for the best overall identity proofing platform. According to the report, “Experian’s identity proofing platform is a strong performer in every category of Javelin’s FIT model. It is functional. It is innovative. And, most important, it is tailored toward the advisory’s expectations. The comprehensive nature of CrossCore makes it the market-leading solution for identity proofing.” It’s harder than ever to confidently identify your customers in today’s digital economy. You have lots of vendor solutions to choose from in the identity proofing space. And, now Javelin has made it much easier for you to select the partner that is right for your needs. Javelin’s newly minted Identity Proofing Platform Scorecard assesses current capabilities in the market to help you make that decision. And they have done a lot of the heavy lifting, looking across 23 vendors and scoring them based on three categories of their FIT model – functional, innovative, and tailored. Protecting customers is a priority for you – and for us. Here at Experian, we have a range of capabilities to help businesses manage identity proofing, and our CrossCore platform brings them all together. We launched CrossCore last year, with the goal of making the industry’s fraud and identity solutions work better for everyone. CrossCore delivers a future-proof way to modify strategies quickly, catch fraud faster, improve compliance and enhance the customer experience. We’re proud of the work we’ve done so far, integrating our products as well as adding more than 10 partners to the program. We’re pleased to see so many of our partners included in Javelin’s report. We’re working closely with our clients to pull in more partner capabilities, and further enhance our own platform to create a layered approach that supports a risk-based, adaptable strategy. As highlighted in the Javelin report, a reliance on traditional identity verification approaches are no longer sufficient or appropriate for digital channels. With CrossCore, our clients can choose the capabilities they want, when they want them, to dial in the right confidence level for each and every transaction. This is because CrossCore supports a layered approach to managing risk, allowing companies to connect multiple disparate services through a common access point. We are committed to making it easier for you to protect consumers against fraud. CrossCore is helping us all do just that.

Reinventing Identity for the Digital Age Electronic Signature & Records Association (ESRA) conference I recently had the opportunity to speak at the Electronic Signature & Records Association (ESRA) conference in Washington D.C.  I was part of a fantastic panel delving into the topic, ‘Reinventing Identity for the Digital Age.’  While certainly hard to do in just an hour, we gave it a go and the dialogue was engaging, healthy in debate, and a conversation that will continue on for years to come.  The entirety of the discussion could be summarized as: An attempt to directionally define a digital identity today The future of ownership and potential monetization of trusted identities And the management of identities as they reside behind credentials or the foundations of block chain Again, big questions deserving of big answers. What I will suggest, however, is a definition of a digital identity to debate, embrace, or even deride.  Digital identities, at a minimum, should now be considered as a triad of 1) verified personally identifiable information, 2) the collective set of devices through which that identity transacts, and 3) the transactional (monetary or non-monetary) history of that identity. Understanding all three components of an identity can allow institutions to engage with their customers with a more holistic view that will enable the establishment of omni-channel communications and accounts, trusted access credentials, and customer vs. account-level risk assessment and decisioning. In tandem with advances in credentialing and transactional authorization such as biometrics, block chain, and e-signatures, focus should also remain on what we at Experian consider the three pillars of identity relationship management: Identity proofing (verification that the person is who they claim to be at a specific point in time) Authentication (ongoing verification of a person’s identity) Identity management (ongoing monitoring of a person’s identity) As stronger credentialing facilitates more trust and open functionality in non-face-to-face transactions, more risk is inherently added to those credentials.  Therefore, it becomes vital that a single snapshot approach to traditionally transaction-based authentication is replaced with a notion of identity relationship management that drives more contextual authentication.  The context thus expands to triangulate previous identity proofing results, current transactional characteristics (risk and reward), and any updated risk attributes associated with the identity that can be gleaned. The bottom line is that identity risk changes over time.  Some identities become more trustworthy … some become less so.  Better credentials and more secure transactional rails improve our experiences as consumers and better protect our personal information.  They cannot, however, replace the need to know what’s going on with the real person who owns those credentials or transacts on those rails.  Consumers will continue to become more owners of their digital identity as they grant access to it across multiple applications.  Institutions are already engaged in strategies to monetize trusted and shareable identities across markets.  Realizing the dynamic nature of identity risk, and implementing methods to measure that risk over time, will better enable those two initiatives. Click here to read more about Identity Relationship Management.