Tag: Know Your Customer

In a financial world that's increasingly connected and complex, monitoring transactions is not just good business practice — it's a regulatory necessity. Anti-money laundering (AML) transaction monitoring stands as a crucial barrier against financial crimes, which ensures the integrity of financial systems worldwide. For financial institutions, the challenges of AML compliance and the tools to meet them continue to evolve. In this blog post, we'll walk through the basics, best practices, and future of AML transaction monitoring. What is AML transaction monitoring? AML transaction monitoring refers to the systems and processes financial institutions use to detect and report potentially suspicious transactions to the Financial Crimes Enforcement Network (FinCEN) under the United States Department of Treasury, which spearheads the efforts to track financial crimes — money laundering and financing of criminal or terrorist activities. By continuously monitoring customer transactions and establishing patterns of behavior, suspicious activities can be identified for further investigation. The role of AML transaction monitoring AML transaction monitoring identifies potential criminal activities and helps maintain a clean and efficient financial ecosystem. By being proactive in preventing the misuse of services, organizations can protect their reputation, strengthen customer trust, and uphold regulatory requirements. The challenge of false positives However, AML compliance is not without challenges. The systems in place often produce many 'false positives', transactions identified as potentially suspicious that, after investigation, turn out to be mundane. These false alarms can overwhelm compliance departments, leading to inefficiency and potentially missing real red flags. Why is AML transaction monitoring important? Understanding the importance of AML transaction monitoring requires a broader look at the implications of financial crimes. Money laundering often supports other serious crimes such as drug trafficking, fraud, and even terrorism. The ability to interrupt the flow of illicit funds also disrupts these additional criminal networks. Furthermore, for organizations, the cost of non-compliance can be substantial — financially and reputationally. Penalties for inadequate AML controls can be hefty, signaling the need for robust monitoring systems. Specifics on compliance Compliance with AML regulations is not a choice but a must. Financial institutions are required to comply with AML laws and regulations to protect their businesses and the industry as a whole. This includes understanding and adhering to regulation changes, which can be complex and have significant operational impacts. How does AML transaction monitoring work? There are two main approaches to transaction monitoring: Rule-based systems: These rely on pre-defined rules that flag transactions exceeding certain thresholds, originating from high-risk countries, or involving specific types of activities. Scenario-based systems: These use more sophisticated algorithms to analyze transaction patterns and identify anomalies that might not be captured by simple rules. This can include analyzing customer behavior, source of funds, and the purpose of transactions. Most organizations use a combination of both approaches. Transaction monitoring software is a valuable tool, but it's important to remember that it's not a foolproof solution. Human analysis is still essential to investigate flagged transactions and determine if they are truly suspicious. Implementing AML transaction monitoring solutions Implementing a robust AML transaction monitoring system requires the right technology and the right strategy. Beyond the software, it's about embedding a culture of compliance within the organization. Choosing the right AML solution The right AML solution should be based on the specific needs of the institution, the complexity of its operations, and the sophistication of the fraud landscape it faces. It's imperative to pick a solution that is agile, scalable, and integrates seamlessly with existing systems. Leveraging KYC and CIP programs Know your customer (KYC) and customer identification program (CIP) are deeply connected to transaction monitoring. Implementing a robust KYC program helps to establish a strong customer identity, whereas a solid CIP ensures that essential customer information is verified at the time of account opening. Automation and AI in AML compliance Automation and AI are revolutionizing AML compliance, especially in transaction monitoring. AI systems, with their ability to learn and evolve, can significantly reduce false positives, making the compliance process more efficient and effective. Advanced AML solutions and the future Technological advancements are constantly reshaping the AML landscape, including solutions incorporating big data analysis and machine learning. Utilizing big data for better insights: Big data analytics provides an unprecedented ability to spot potential money laundering by analyzing vast amounts of transactional data, allowing for better contextual understanding and the ability to identify patterns of suspicious activity. Machine learning and predictive analytics: Machine learning technologies have the potential to refine transaction monitoring by continuously learning new behaviors and adapting to evolving threats. Predictive analytics can help in identifying potential risks well in advance and taking pre-emptive actions. The human element in AML Despite the advancing technology, the human element remains crucial. AML systems are only as good as the people who operate them. Organizations must invest in: Continuous training and skill development: Continuous training ensures that employees remain updated on regulations, compliance techniques, and the latest tools. Developing a team with AML expertise is an investment in the institution's security and success. Cultivating a compliance culture: Cultivating a corporate culture that values compliance is vital. From the highest levels of management to front-line staff, a mindset that embraces the duty to protect against financial crime is a powerful asset in maintaining an effective AML program. How we can help As a leader in fraud prevention and identity verification, Experian’s AML solutions can help you increase the effectiveness of your AML program to efficiently comply with federal and international AML regulations while safeguarding your organization from financial crime. We provide data, models, and automated systems and processes to monitor, detect, investigate, document and report potential money laundering activities across the entire customer lifecycle. Learn more about Experian’s AML solutions *This article includes content created by an AI language model and is intended to provide general information.

Finding a reliable, customer-friendly way to protect your business against new account fraud is vital to surviving in today's digital-driven economy. Not only can ignoring the problem cause you to lose valuable money and client goodwill, but implementing the wrong solutions can lead to onboarding issues that drive away potential customers. The Experian® 2023 Identity and Fraud Report revealed that nearly 70 percent of businesses reported fraud loss in recent years, with many of these involving new account fraud. At the same time, problems with onboarding caused 37 percent of consumers to drop off and take their business elsewhere. In other words, your customers want protection, but they aren't willing to compromise their digital experience to get it. You need to find a way to meet both these needs when combating new account fraud. What is new account fraud? New account fraud occurs any time a bad actor creates an account in your system utilizing a fake or stolen identity. This process is referred to by different names, such as account takeover fraud, account creation fraud, or account opening fraud. Examples of some of the more common types of new account fraud include: Synthetic identity (ID) fraud: This type of fraud occurs when the scammer uses a real, stolen credential combined with fake credentials. For example, they might use someone's real Social Security number combined with a fake email. Identity theft: In this case, the fraudster uses personal information they stole to create a new scam account. Fake identity: With this type of fraud, scammers create an account with wholly fake credentials that haven't been stolen from any particular person. New account fraud may target individuals, but the repercussions spill over to impact entire organizations. In fact, many scammers utilize bots to attempt to steal information or create fake accounts en masse, upping the stakes even more. How does new account fraud work? New account fraud begins at a single weak security point, such as: Data breaches: The Bureau of Justice reported that in 2021 alone, 12 percent of people ages 16 or older received notifications that their personal information was involved in a data breach.1 Phishing scams: The fraudster creates an email or social media account that pretends to be from a legitimate organization or person to gain confidential information.2 Skimmers: These are put on ATMs or fuel pumps to steal credit or debit card information.2 Bot scrapers: These tools scrape information posted publicly on social media or on websites.2 Synthetic ID fraud: 80 percent of new account fraud is linked to synthetic ID fraud.3 The scammer just needs one piece of legitimate information. If they have a real Social Security number, they might combine it with a fake name and birth date (or vice versa.) After the information is stolen, the rest of the fraud takes place in steps. The fake or stolen identity might first be used to open a new account, like a credit card or a demand deposit account. Over time, the account establishes a credit history until it can be used for higher-value targets, like loans and bank withdrawals. How can organizations prevent new account fraud? Some traditional methods used to combat new account fraud include: Completely Automated Public Turing Tests (CAPTCHAs): These tests help reduce bot attacks that lead to data breaches and ensure that individuals logging into your system are actual people. Multifactor authentication (MFA): MFA bolsters users' password protection and helps guard against account takeover. If a scammer tries to take over an account, they won't be able to complete the process. Password protection: Robust password managers can help ensure that one stolen password doesn't lead to multiple breaches. Knowledge-based authentication: Knowledge-based authentication can be combined with MFA solutions, providing an additional layer of identity verification. Know-your-customer (KYC) solutions: Businesses may utilize KYC to verify customers via government IDs, background checks, ongoing monitoring, and the like. Additional protective measures may involve more robust identity verification behind the scenes. Examples include biometric verification, government ID authentication, public records analysis, and more. Unfortunately, these traditional protective measures may not be enough, for many reasons: New account fraud is frequently being perpetrated by bots, which can be tougher to keep up with and might overwhelm systems. Institutions might use multiple security solutions that aren't built to work together, leading to overlap and inefficiency. Security measures may create so much friction in the account creation process that potential new customers are turned away. How we can help Experian's fraud management services provide a multi-layered approach that lets businesses customize solutions to their particular needs. Advanced machine learning analytics utilizes extensive, proprietary data to provide a unique experience that not only protects your company, but it also protects your customers' experience. Customer identification program (CIP) Experian's KYC solutions allow you to confidently identify your customers via a low-friction experience. The tools start with onboarding, but continue throughout the customer journey, including portfolio management. The tools also help your company comply with relevant KYC regulations. Cross-industry analysis of identity behavior Experian has created an identity graph that aggregates consumer information in a way that gives companies access to a cross-industry view of identity behavior as it changes over time. This means that when a new account is opened, your company can determine behind the scenes if any part of the identity is connected to instances of fraud or presents actions not normally associated with the customer's identity. It's essentially a new paradigm that works faster behind the scenes and is part of Experian's Ascend Fraud Platform™. Multifactor authentication solutions Experian's MFA solutions utilize low-friction techniques like two-factor authentication, knowledge-based authentication, and unique one-time password authentication during remote transactions to guard against hacking. Synthetic ID fraud protection Experian's fraud management solutions include robust protection against synthetic ID fraud. Our groundbreaking technology detects and predicts synthetic identities throughout the customer lifecycle, utilizing advanced analytics capabilities. CrossCore® CrossCore combines risk-based authentication, identity proofing, and fraud detection into one cloud platform, allowing for real-time decisions to be made with flexible decisioning workflows and advanced analytics. Interactive infographic: Building a multilayered fraud and identity strategy Precise ID® The Precise ID platform lets customers choose the combination of fraud analytics, identification verification, and workflows that best meet their business needs. This includes machine-learned fraud risk models, robust consumer data assets, one-time passwords (OTPs), knowledge-based authentication (KBAs), and powerful insights via the Identity Element Network®. Account takeover fraud represents a significant threat to your business that you can't ignore. But with Experian's broad range of solutions, you can keep your systems secure while not sacrificing customer experience. Experian can keep your business secure from new account fraud Experian's innovative approach can streamline your new account fraud protection. Learn more about how our fraud management solutions can help you. Learn more References 1. Harrell, Erika. "Just the Stats: Data Breach Notifications and Identity Theft, 2021." Bureau of Justice Statistics, January 2024. https://bjs.ojp.gov/data-breach-notifications-and-identity-theft-2021 2. "Identity Theft." USA.gov, December 6, 2023. https://www.usa.gov/identity-theft 3. Purcell, Michael. "Synthetic Identity Fraud: What is It and How to Combat It." Thomson Reuters, April 28, 2023. https://legal.thomsonreuters.com/blog/synthetic-identity-fraud-what-is-it-and-how-to-combat-it/

Meeting Know Your Customer (KYC) regulations and staying compliant is paramount to running your business with ensured confidence in who your customers are, the level of risk they pose, and maintained customer trust. What is KYC?KYC is the mandatory process to identify and verify the identity of clients of financial institutions, as required by the Financial Conduct Authority (FCA). KYC services go beyond simply standing up a customer identification program (CIP), though that is a key component. It involves fraud risk assessments in new and existing customer accounts. Financial institutions are required to incorporate risk-based procedures to monitor customer transactions and detect potential financial crimes or fraud risk. KYC policies help determine when suspicious activity reports (SAR) must be filed with the Department of Treasury’s FinCEN organization. According to the Federal Financial Institutions Examinations Council (FFIEC), a comprehensive KYC program should include:• Customer Identification Program (CIP): Identifies processes for verifying identities and establishing a reasonable belief that the identity is valid.• Customer due diligence: Verifying customer identities and assessing the associated risk of doing business.• Enhanced customer due diligence: Significant and comprehensive review of high-risk or high transactions and implementation of a suspicious activity-monitoring system to reduce risk to the institution. The following organizations have KYC oversight: Federal Financial Institutions Examinations Council (FFIEC), Federal Reserve Board, Federal Deposit Insurance Corporation (FDIC), national Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB). How to get started on building your Know Your Customer checklist 1. Define your Customer Identification Program (CIP) The CIP outlines the process for gathering necessary information about your customers. To start building your KYC checklist, you need to define your CIP procedure. This may include the documentation you require from customers, the sources of information you may use for verification and the procedures for customer due diligence. Your CIP procedure should align with your organization’s risk appetite and be comply with regulations such as the Patriot Act or Anti-money laundering laws. 2. Identify the customer's information Identifying the information you need to gather on your customer is key in building an effective KYC checklist. Typically, this can include their first and last name, date of birth, address, phone number, email address, Social Security Number or any government-issued identification number. When gathering sensitive information, ensure that you have privacy and security controls such as encryption, and that customer data is not shared with unauthorized personnel. 3. Determine the verification method There are various methods to verify a customer's identity. Some common identity verification methods include document verification, facial recognition, voice recognition, knowledge-based authentication, biometrics or database checks. When selecting an identity verification method, consider the accuracy, speed, cost and reliability. Choose a provider that is highly secure and offers compliance with current regulations. 4. Review your checklist regularly Your KYC checklist is not a one and done process. Instead, it’s an ongoing process that requires periodic review, updates and testing. You need to periodically review your checklist to ensure your processes are up to date with the latest regulations and your business needs. Reviewing your checklist will help your business to identify gaps or outdated practices in your KYC process. Make changes as needed and keep management informed of any changes. 5. Final stage: quality control As a final step, you should perform a quality control assessment of the processes you’ve incorporated to ensure they’ve been carried out effectively. This includes checking if all necessary customer information has been collected, whether the right identity verification method was implemented, if your checklist matches your CIP and whether the results were recorded correctly. KYC is a vital process for your organization in today's digital age. Building an effective KYC checklist is essential to ensure compliance with regulations and mitigate risk factors associated with fraudulent activities. Building a solid checklist requires a clear understanding of your business needs, a comprehensive definition of your CIP, selection of the right verification method, and periodic reviews to ensure that the process is up to date. Remember, your customers' trust and privacy are at stake, so iensuring that your security processes and your KYC checklist are in place is essential. By following these guidelines, you can create a well-designed KYC checklist that reduces risk and satisfies your regulatory needs. Taking the next step Experian offers identity verification solutions as well as fully integrated, digital identity and fraud platforms. Experian’s CrossCore & Precise ID offering enables financial institutions to connect, access and orchestrate decisions that leverage multiple data sources and services. By combining risk-based authentication, identity proofing and fraud detection into a single, cloud-based platform with flexible orchestration and advanced analytics, Precise ID provides flexibility and solves for some of financial institutions’ biggest business challenges, including identity and fraud as it relates to digital onboarding and account take over; transaction monitoring and KYC/AML compliance and more, without adding undue friction. Learn more *This article includes content created by an AI language model and is intended to provide general information.

Today’s digital-first world is more interconnected than ever. Financial transactions take place across borders and through various channels, leaving financial institutions and their customers at increasing risk from evolving threats like identity theft, fraud and others from sophisticated crime rings. And consumers are feeling that pressure. A recent Experian study found that over half of consumers feel like they are more of a target for online fraud than a year ago. Likewise, more than 40% of businesses reported increased fraud losses in recent years. It’s not only critical that organizations ensure the security and trustworthiness of digital transactions and online account activity to reduce risk and losses but what consumers expect. In the same Experian study, more than 85% of consumers said they expect businesses to respond to their fraud concerns, an expectation that has increased over the last several years.   Businesses and financial institutions most successful at mitigating fraud and reducing risk have adopted a layered, interconnected approach to identity confirmation and fraud prevention. One vital tool in this process is identity document verification. This crucial step not only safeguards the integrity of financial systems but also protects individuals and organizations from fraud, money laundering and other illicit activities. In this blog, we will delve into the significance of identity document verification in financial services and explore how it strengthens the overall security landscape.  Preventing identity theft and fraud Identity document verification plays a vital role in thwarting identity theft and fraudulent activities. By verifying the authenticity of identification documents, financial institutions can ensure that the individuals accessing their services are who they claim to be. Sophisticated verification processes, including biometric identification and document validation, help detect counterfeit documents, stolen identities and impersonation attempts. By mitigating these risks, financial institutions can protect their customers from unauthorized access to accounts, fraudulent transactions and potential financial ruin. Compliance with regulatory requirements Financial institutions operate in an environment governed by stringent regulatory frameworks designed to combat money laundering, terrorist financing and other financial crimes. Identity document verification is a key component of these regulatory requirements. By conducting thorough verification checks, financial service providers can adhere to Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. Compliance safeguards the institution's reputation and helps combat illicit financial activities that can have far-reaching consequences for national security and stability. Mitigating risk and enhancing trust Effective identity document verification mitigates risks associated with financial services. By verifying the identity of customers, financial institutions can reduce the likelihood of fraudulent activities, such as account takeovers, unauthorized transactions and loan fraud. This verification process bolsters the overall security of the financial system and creates a more trustworthy environment for stakeholders. Trust is fundamental in establishing long-lasting customer relationships and attracting new clients to financial institutions.   Facilitating digital onboarding and seamless customer experience As financial services embrace digital transformation, identity document verification becomes essential for smooth onboarding processes. Automated identity verification solutions enable customers to open accounts and access services remotely, eliminating the need for in-person visits or cumbersome paperwork. By streamlining the customer experience and minimizing the time and effort required for account setup, financial institutions can attract tech-savvy individuals and enhance customer satisfaction.  Combating money laundering and terrorist financing Proper document verification is a key component of combating money laundering and terrorist financing activities. By verifying customer identities, financial institutions can establish the source of funds and detect suspicious transactions that may be linked to illicit activities. This proactive approach helps protect the integrity of the financial system, supports national security efforts, and contributes to the global fight against organized crime and terrorism. Identity document verification is a vital component in the layered, interconnected approach to mitigating and preventing fraud in modern financial services. By leveraging advanced technologies and robust verification processes, financial institutions can ensure the authenticity of customer identities, comply with regulatory requirements, mitigate risk and enhance trust.  As financial services continue evolving in an increasingly digital landscape, identity document verification will remain a crucial tool for safeguarding the security and integrity of the global financial system.  For more information on how Experian can help you reduce fraud while delivering a seamless customer experience, visit our fraud management solutions hub.   Learn more

What Is Identity Proofing? Identity proofing, authentication and management are becoming increasingly complex and essential aspects of running a successful enterprise. Organizations need to get identity right if they want to comply with regulatory requirements and combat fraud. It's also becoming table stakes for making your customers feel safe and recognized. 63 percent of consumers expect businesses to recognize them online, and 48 percent say they're more trusting of businesses when they demonstrate signs of security. Identify proofing is the process organizations use to collect, validate and verify information about someone. There are two goals — to confirm that the identity is real (i.e., it's not a synthetic identity) and to confirm that the person presenting the identity is its true owner. The identity proofing process also relates to and may overlap with other aspects of identity management. Identity proofing vs identity authentication Identity proofing generally takes place during the acquisition or origination stages of the customer lifecycle — before someone creates an account or signs up for a service. Identity authentication is the ongoing process of re-checking someone's identity or verifying that they have the authorization to make a request, such as when they're logging into an account or trying to make a large transaction. How does identity proofing work? Identity proofing typically involves three steps: resolution, validation, and verification. Resolution: The goal of the first step is to accurately identify the single, unique individual that the identity represents. Resolution is relatively easy when detailed identity information is provided. In the real world, collecting detailed data conflicts with the need to provide a good customer experience. Resolution still has to occur, but organizations have to resolve identities with the minimum amount of information. Validation: The validation step involves verifying that the person's information and documentation are legitimate, accurate and up to date. It potentially involves requesting additional evidence based on the level of assurance you need. Verification: The final step confirms that the claimed identity actually belongs to the person submitting the information. It may involve comparing physical documents or biometric data and liveness tests, such as a comparison of the driver's license to a selfie that the person uploads. Different levels of identity proofing may require various combinations of these steps, with higher-risk scenarios calling for additional checks such as biometric or address verification. Service providers can implement a range of methods based on their specific needs, including document verification, database validation, or knowledge-based authentication. Building an effective identity proofing strategy By requiring identity proofing before account opening, organizations can help detect and deter identity fraud and other crimes. You can use different online identity verification methods to implement an effective digital identity proofing and management system. These may include: Document verification plus biometric data: The consumer uploads a copy of an identification document, such as a driver's license, and takes a selfie or records a live video of their face. Database validations: The proofing solution verifies the shared identifying information, such as a name, date of birth, address and Social Security number against trusted databases, including credit bureau and government agency data. Knowledge-based authentication (KBA): The consumer answers knowledge-based questions, such as account information, to confirm their identity. It can be a helpful additional step, but they offer a low level of assurance, partially because data breaches have exposed many people's personal information. In part, the processes you'll use may depend on business policies, associated risks and industry regulations, such as know your customer (KYC) and anti-money laundering (AML) requirements. But organizations also have to balance security and ease of use. Each additional check or requirement you add to the identity proofing flow can help detect and prevent fraud, but the added friction they bring to your onboarding process can also leave customers frustrated — and even lead to customers abandoning the process altogether. Finding the right amount of friction can require a layered, risk-based approach. And running different checks during identity proofing can help you gauge the risk involved. For example, comparing information about a device, such as its location and IP address, to the information on an application. Or sending a one-time password (OTP) to a mobile device and checking whether the phone number is registered to the applicant's name. With the proper systems in place, you can use high-risk signals to dynamically adjust the proofing flow and require additional identity documents and checks. At the same time, if you already have a high level of assurance about the person's identity, you can allow them to quickly move through a low-friction flow. Experian goes beyond identity proofing Experian builds on its decades of experience with identity management and access to multidimensional data sources to help organizations onboard, authenticate and manage customer identities. Our identity proofing solutions are compliant with National Institute of Standards and Technology (NIST) and enable agencies to confidently verify user identities prior to or during account opening, biometric enrollment or while signing up for services. Learn more   This article includes content created by an AI language model and is intended to provide general information.

Since 2002, lenders have been aware of the importance of Know Your Customer (KYC) and the associated Customer Identification Program (CIP) requirements. As COVID-19 has changed procedures and priorities for businesses and consumers across the board, it’s more important than ever for institutions to ensure their CIP process includes ongoing monitoring of identity risk.   What is CIP?   Standard KYC programs include a Customer Identification Program to verify and validate identities along with due diligence to assess the risks associated with each identity.   CIP defines the process by which a business collects data to establish a reasonable belief that the identity is valid, and that the individual is eligible to participate in our financial system. While this process works in conjunction with other fraud mitigation tactics, they serve different purposes. A good CIP program emphasizes the customer experience, regulatory compliance, cost control, and smart growth. Fraud mitigation focuses on ensuring that an eligible identity is being presented by its true owner, rather than as part of a scheme to acquire goods and services with intent to default on repayment obligations.   Businesses who focus on solely on fraud mitigation rather than complying with KYC and CIP regulations run the risk of potential harm to business reputation, and of course, financial penalties. Fenergo found that as of the end of 2019, global penalties for AML and KYC non-compliance totaled $36 billion.   CIP vs. Fraud Mitigation Many financial institutions equate a CIP program with efforts to mitigate fraud. It’s understandable, as both processes include emphasis on the accuracy of an identity as it’s presented by a consumer. It is assumed that only the true owner of the identity would possess the detailed information necessary to meet CIP requirements and therefore would not likely be committing fraud.   There was a time—prior to large scale thefts of stored information, personal details shared through social media and other behavior changes that made personal information very public—when this would have been true. Unfortunately, those days have passed and even an amateur criminal with limited experience and resources could find current, accurate identity information for sale online, information good enough to pass the CIP test and be considered a legitimate consumer.   The real challenge is that when they go through CIP, many real consumers may inadvertently provide true information that doesn’t meet the verification standard. This is a result of consumer lifestyle changes outpacing the sources of data used to verify the information they’ve provided. It makes sense; in most years roughly 13% of American adults change their address. New homes, job changes and changes in marital status impact a large number of people every day. Adding to the confusion—it’s life’s changes that prompt people to borrow and purchase. The result is that many of the people that are more likely to fail CIP verification are the very people trying to legitimately access financial services.   The result is that CIP verification often isn’t a challenge for those intending to commit fraud, but it can be for genuine consumers.   The challenges of CIP In a recent internal study, Experian reviewed the ability to pass a standard CIP strategy that assessed the accuracy of the name, current address, date of birth and Social Security number provided by a large sample of consumers. We then compared legitimate consumers to those later confirmed to have been identity thieves impersonating a victim. Consistently, the identity thieves were at least as proficient at passing CIP as their true-consumer counterparts.   In a second step, we applied a fraud score that looked for identity theft by assessing the past uses of the identities, their consistency, velocity and many other characteristics unrelated to the accuracy of the data. The difference between CIP verification and a fraud risk assessment was striking. Across the entire range of fraud risk, the percentage of records that passed CIP verification remained the same.   That said, CIP still plays a very important role in risk mitigation. In fact, CIP and fraud prevention are inextricable in financial services. Just as a CIP verified identity can still be fraud, a record that may appear to be low fraud risk may not pass CIP. Since both processes have existed side by side for nearly two decades, each presumes that the other is in place and both are necessary to detect and prevent fraud.   Striking a balance   CIP verification and fraud mitigation strategies are both necessary and important to protecting assets and the broader financial system from fraud. It’s important to leverage a layered approach where both eligibility and risk are assessed, and next steps for verification include resolution of identity discrepancies alongside verification that ensures an identity is not being misused for fraud.   Experian can help you confidently verify customer identities, understand and anticipate customer activities, and implement ongoing monitoring. If you’d like to set up a review of your current strategy or learn more about how we can help you with CIP and fraud mitigation to strengthen your ability to know your customer compliantly, let us know. Contact us

Sometimes, the best offense is a good defense. That’s certainly true when it comes to detecting synthetic identities, which by their very nature become harder to find the longer they’ve been around. To launch an offense against synthetic identity fraud, you need to defend yourself from it at the top of your new customer funnel. Once fraudsters embed their fake identity into your portfolio, they become nearly impossible to detect. The Challenge Synthetic identity fraud is the fastest-growing type of financial crime in the United States. The cost to businesses is hard to determine because it’s not always caught or reported, but the amounts are staggering. According to the Aite Group, it was estimated to total at least $820 million in 2017 and grow to $1.2 billion by 2020. This type of theft begins when individual thieves and large-scale crime rings use a combination of compromised personal information—like unused social security numbers—and fabricated data to stitch together increasingly sophisticated personas. These well-crafted synthetic identities are hard to differentiate from the real deal. They often pass Know Your Customer, Customer Identification Program and other onboarding checks both in person and online. This puts the burden on you to develop new defense strategies or pay the price. Additionally, increasing pressure to grow deposits and expand loan portfolios may coincide with the relaxation of new customer criteria, allowing even more fraudsters to slip through the cracks. Because fraudsters nurture their fake identities by making payments on time and don’t exhibit other risk factors as their credit limits increase, detecting synthetic identities becomes nearly impossible, as does defending against them. How This Impacts Your Bottom Line Synthetic identity theft is sometimes viewed as a victimless crime, since no single individual has their entire identity compromised. But it’s not victimless. When undetected fraudsters finally max out their credit lines before vanishing, the financial institution is usually stuck footing the bill. These same fraudsters know that many financial institutions will automatically settle fraud claims below a specific threshold. They capitalize on this by disputing transactions just below it, keeping the goods or services they purchased without paying. Fraudsters can double-dip on a single identity bust-out by claiming identity theft to have charges removed or by using fake checks to pay off balances before maxing out the credit again and defaulting. The cost of not detecting synthetic identities doesn’t stop at the initial loss. It flows outward like ripples, including: Damage to your reputation as a trusted organization Fines for noncompliance with Know Your Customer Account opening and maintenance costs that are not recouped as they would be with a legitimate customer Mistakenly classifying fraudsters as bad debt write offs Monetary loss from fraudsters’ unpaid balances Rising collections costs as you try to track down people who don’t exist Less advantageous rates for customers in the future as your margins grow thinner These losses add up, continuing to impact your bottom line over and over again. Defensive Strategies So what can you do? Tools like eCBSV that will assist with detecting synthetic identities are coming but they’re not here yet. And once they’re in place, they won’t be an instant fix. Implementing an overly cautious fraud detection strategy on your own will cause a high number of false positives, meaning you miss out on revenue from genuine customers. Your best defense requires finding a partner to help you implement a multi-layered fraud detection strategy throughout the customer lifecycle. Detecting synthetic identities entails looking at more than a single factor (like length of credit history). You need to aggregate multiple data sets and connect multiple customer characteristics to effectively defend against synthetic identity fraud. Experian’s synthetic identity prevention tools include Synthetic Identity High Risk Score to incorporate the history and past relationships between individuals to detect anomalies. Additionally, our digital device intelligence tools perform link analyses to connect identities that seem otherwise separate. We help our partners pinpoint false identities not associated with an actual person and decrease charge offs, protecting your bottom line and helping you let good customers in while keeping false personas out. Find out how to get your synthetic identity defense in place today.

What do movie actors Adam Sandler and Hugh Grant, jazz singer Michael Bublé, Russian literary giant Leo Tolstoy, and Colonel Sanders, the founder of KFC, have in common? Hint, it’s not a Nobel Prize for Literature, a Golden Globe, a Grammy Award, a trademark goatee, or a “finger-lickin’ good” bucket of chicken. Instead, they were all born on September 9, the most common birth date in the U.S. Baby Boom According to real birth data compiled from 20 years of American births, September is the most popular month to give birth to a child in America – and December, the most popular time to make one. With nine of the top 10 days to give birth falling between September 9 and September 20, one may wonder why the birth month is so common. Here are some theories: Those who get to choose their child’s birthday due to induced and elective births tend to stay away from the hospital during understaffed holiday periods and may plan their birth date around the start of the school year. Several of the most common birth dates in September correspond with average conception periods around the holidays, where couples likely have more time to spend together. Some studies within the scientific community suggest that our bodies may actually be biologically disposed to winter conceptions. While you may not be feeling that special if you were born in September, the actual differences in birth numbers between common and less common birthdays are often within just a few thousand babies. For example, September 10, the fifth most common birthday of the year, has an average birth rate of 12,143 babies. Meanwhile, April 20, the 328th most common birthday, has an average birth rate of 10,714 newborns. Surprisingly, the least common birthdays fall on Christmas Eve, Christmas Day and New Year’s Day, with Thanksgiving and Independence Day also ranking low on the list. Time to Celebrate – but Watch out! Statistically, there’s a pretty good chance that someone reading this article will soon be celebrating their birthday. And while you should be getting ready to party, you should also be on the lookout for fraudsters attempting to ruin your big day. It’s a well-known fact that cybercriminals can use your birth date as a piece of the puzzle to capture your identity and commit identity theft – which becomes a lot easier when it’s being advertised all over social media. It’s also important for employers to safeguard their organization from fraudsters who may use this information to break into corporate accounts. While sharing your birthday with a lot of people could be a good or bad thing depending on how much undivided attention you enjoy – you’re in great company! Not only can you plan a joint party with Michelle Williams, Afrojack, Cam from Modern Family, four people I went to high school with on Facebook and a handful of YouTube stars that I’m too old to know anything about, but there will be more people ringing in your birthday than any other day of the year! And that’s pretty cool.

Legitimate address discrepancies are common, which surprises most people. And handling every address discrepancy as a high fraud risk is operationally expensive and inhibits the customer experience. You can avoid this type of fraud by employing these best practices: Use a distinct Know Your Customer and underlying Customer Identification Program process. Avoid verifications based on self-reported data. Maintain hotlist addresses. Fraud always will find the path of least resistance, and organized criminals will test you daily to isolate the weakest link. Be sure to regularly revisit your own policies and procedures for handling this type of fraud. Address manipulation fraud