A New Paradigm for Fraud & Identity Management
Posted October 25, 2018
It’s the bane of businesses and governments around the globe—the growing threat from malicious actors that are laser-focused on exploiting an endless sea of stolen identity data to their own nefarious ends.
On the one hand, you have the promise of the Internet. The immense productivity boosts it delivers to businesses and government agencies. The ease and convenience it brings to consumers. And the life-changing benefits of financial inclusion it offers to underserved populations worldwide.
On the other hand? Corruption, crime, and in the worst cases, malevolent forces exposing our weaknesses and fears—from the blight of human trafficking, to attacks on national unity.
Today, modern, digital identity-based approaches to fraud and identity management offer a solution to all of this—but only if we do it right. And we’d better hurry.
The Danger: Harrowing
The incontrovertible fact is that we are all engaged in a form of “identity warfare.”
Thanks to the never-ending stream of corporate data breaches, the world is awash with stolen identity credentials that are now routinely leveraged to hijack bank accounts, take out fraudulent loans, make illegal payments, and worse.
Indeed, in a digital economy where organizations must make split-second decisions about the individuals with whom they transact, the notion of what constitutes “identity” has reached an inflection point. Identity was once defined by the person who stood in front of you, and the documents they could present as proof of who they were. This distinction has irrevocably changed as we increasingly demand identity to be validated through the lens of digital transactions, where fraudsters can impersonate anyone, anywhere, and in previously unimaginable ways.
As it stands now, approximately 3% of all online transactions are fraudulent. As referenced in our Q2 2018 Cybercrime Report, fraudsters—ever the opportunists—continue to find ways to capitalize on the surge in demand for many goods and services; hiding beneath large transaction volumes and exploiting the fact that many merchants are willing to accept a greater degree of risk to approve more orders during peak times. As tech journalist Kara Swisher told audiences at the recent Digital Identity Summit in Los Angeles, it’s about to go from bad to hellish.
Giving Voice to Growing Concerns
It’s no longer just online activity that’s at risk anymore—even traditional channels are being targeted using digital fraud techniques enabled by new technologies.
Ask yourself: What happens when voice technologies meant to help authenticate callers can also be used to replicate anyone’s voice—endangering their accounts instead? If you’ve ever seen how simple text can be turned into someone’s exact voice, it’ll blow your mind. Combine it with identity information from data breaches, and it’s little wonder voice fraud is up 350% since 2013.
And that’s just the start of it. How do you detect and disrupt social engineering tactics that so easily bypass most security controls by enlisting the help of unwitting victims? Today, more than 72% of all data breaches are the result of social engineering scams. What happens when cybercriminal networks deploy artificial intelligence technologies that rival those of the good guys’? As it stands, 74% of security researchers say most AI-driven security solutions are flawed.
As data from ThreatMetrix shows, attack volumes are doubling yearly. You can see a cycle of exploitation with each new data breach, as fraudsters hit hard and hit fast using fresh caches of stolen identity information. With each new day, their armies of AI-based technologies are slipping past far too many defenses.
The fact is, the only way to survive in this progressively hostile threat environment is by standing together to fight back and stop it.
From Fragments to a Fuller View
So, what does it mean to “fight back”? What does it require? For starters, it means we need solutions that provide a way to address identity with context, at every point of customer interaction—opening a new account, at login and when making a payment.
Right now, each one of these steps is often locked within its own silo. A company might use one identity verification solution for new account openings, another for customer authentication. During a payment transaction, authentication may focus on a credit card number.
All of these fragments represent pieces of a fuller, more accurate consumer identity. But while you might think that these fragments are stitched together on the backend, they often remain segmented. The individual fragments are difficult to combine into a resolute, whole and transferable consumer identity.
This fragmented picture of identity is also reflected in business decisions—with channel-based decisions often made in isolation of a true customer view, and with chosen authentication tokens reflecting the demands of a specific channel or silo and not the customer. Authentication can often be focused on the completion of a process rather than ensuring the right level of interdiction, at the right time and with the right message for each individual customer.
So the question becomes, how do you get the full picture you need of each individual customer, and the context for each transaction? How do you gain a resolute view of an identity so that decision analytics can be applied in a holistic way, with the right kind of identity verification and authentication at the moment of truth?
And how do you sharpen this resolution over time, so that you can instantly recognize the fraudulent use of an identity or identity element—and block it? That’s where we come in.
Enter: A Whole New Paradigm
With ThreatMetrix and LexisNexis Risk Solutions joining forces, we’re focused on building the next generation fraud and identity management platform.
Core to our philosophy: Not one silver bullet, but rather a multi-layered defense that provides a common, consistent view of the user at each touchpoint. Not just in digital, but also in-store, on the phone, and everywhere you need to know that the person on the other end of a transaction is really who they claim to be.
In our view, these layers of defense include:
Digital & Identity Intelligence
This layer is about integrating and correlating the complex linkages between users’ online identity credentials, their devices, the true geo-locations, and whether there are any threats that could indicate fraud. Behavioral biometrics can also be analyzed, in order to detect human behavior versus bots.
Information seen at the time of a transaction is assessed in relation to tokenized data from thousands of companies on the ThreatMetrix network—across use cases, industries and geographies, everywhere around the world. This way, we are able to establish trust and confidence in genuine users, from their actions which are built up over time – and differentiate between these trusted users and fraudsters.
The second layer of defense involves the application of advanced link analysis technologies, behavioral analytics and embedded machine learning to evaluate complex datasets at scale and speed. This enables you to make the best possible trust decision in real time for a user’s identity, and for the transaction at hand.
Verification and Authentication
Here, it’s about remediating the risks associated with a customer event, providing a trusted second factor of verification, choosing from an array of customer authentication techniques. This can include offline identity documents on a specific user, or challenge questions and other step-ups at the point of new account origination, at login, and at payment.
Investigation and Review
And then the sharpening of the sword is the investigation and review layer. This provides our customers with the tools to continuously assess how efficiently and effectively they are decisioning; use case management to better manage the day-to-day fraud operations; and assist with any law enforcement and compliance needs.
A World of Difference
Each and every one of these layers of defense are critically important. But they are only as effective as the data they are built upon.
Without a diversity of trusted, accurate and real-time data sources, there’s really no reliable way to gain a truly holistic view of an identity and the risk associated with it. This fact has always formed the underpinnings of the ThreatMetrix Digital Identity Network—and by combining with LexisNexis Risk Solutions, we believe we can take this to the next level.
This next-generation of fraud and identity management is designed to help businesses and government organizations understand a user’s identity and behavior at the point of each transaction, using the most relevant methods of identity verification and authentication.
It’s predicated on the simple belief that whether a user is opening an account, making an in-store purchase, or phoning a call center, we should all have the positive reinforcement we need to validate that each and every user is who they say they are—not a fraudster, not an AI voice bot, and not a socially engineered threat to our businesses, our nations, or our world.
The good news: We can have that kind of assurance—so long as we work together.