Top Trends in Online Lending and Its Digital Identity Imperative

Posted April 9, 2019

Top Trends in Online Lending and Its Digital Identity Imperative

To get a sense of the dynamism and pressures facing online lending, and the importance of digital identity to this rapidly-evolving sector, look no further than the late-March introduction of Apple Card.

Sure, there have been moves from Amazon and Facebook to get into online banking. But Apple’s new entry may instantly reshape customer expectations for fintechs and incumbents alike.

While its 3% cashback offer may be lackluster and certainly isn’t much of a differentiator, the instant and friction-free signup process more than makes up for the run of the mill cashback rate. And privacy and security come baked into even the physical card, which features no account number, no CCV, no expiration date, and no signature—instead, there’s a dynamically generated security code, initiated through biometric authentication.

But as it happens, the launch comes amid an important moment for a sector that is suddenly experiencing an explosion of growth—and more than its share of challenges. Including the kind of cybercriminal activity that even the most advanced new services may inadvertently foster and even empower.

Growth in the Balance

The growth in this space is off the charts. According to Financial Brand, fintech lenders today account for 40% of the unsecured personal loan market in the US., up from just 5% in 2013. And it pays: Loan balances are up 150% in that time, to $138 billion. But incumbents are working to turn their considerable reach into a competitive advantage by partnering with, or acquiring, fintechs—or driving innovations on their own.

Apple is hardly alone in the launch department. TD Bank recently announced it has partnered with fintech Amount to offer up to $35,000 in installment loans via its mobile and online lending platform. Approved customers can receive funds in as soon as one day. Meanwhile, Citi is launching a mobile and online lending and payments service that enables consumers to pay for rent and school fees using the app.

Globally, these and other new online and mobile lending services are also helping boost financial inclusion for unbanked and underbanked populations around the world. Along with alternative options such as peer-to-peer lending, student loan refinancing, alternative mortgage lending and more, the fintech revolution is proving as transformative as it is lucrative. Which means it hasn’t gone unnoticed by cybercriminals…follow the money, right?

Account Openings Fueling Fraud

Fueled by an endless supply of identity credentials stolen through breaches and misconfigured databases, cybercriminal attacks on the financial services industry exceeds all others, at an average $18 million in losses per firm (compared to $12 million for firms across all industries), according to Forbes.

In fact, lenders lost $6.4 billion to credit card fraud and $4 billion to account takeovers in 2018, according to Javelin Strategy and Research. Though these figures are actually lower than 2016, they’re still painful—as are the rising levels of account creation fraud, which cost the industry $3.4 billion last year.

With half of all loan applications now submitted online, traditional authentication practices are incapable of meeting the real-time demands and are proving equally challenged in verifying the identity of the person filling out the application. Even snazzy security features like those of Apple Card may prove no match for cybercriminals using stolen or synthetic identities to open new accounts—and registering their own devices and biometrics. The ploy: run up bills they never plan to repay as fast as they can and then go away…a proven and lucrative fraud liquidity model! Just look at the fastest growing forms of identity-fueled fraud: mortgage, auto and Home Equity Lines of Credit (HELOCs).

The Networked Effect: A Cybercrime Multiplier

To add insult to injury, our own data shows a growing, highly-networked pattern to fraud, with the same identity credentials being used to attack numerous lenders. In the face of investments in cybersecurity on the part of FIs, fraudsters are also perpetrating crimes against businesses in multiple industries, testing credentials across banking, retail, travel, and more.

Among other things, this allows them to engage in loan stacking, using pre-vetted identity credentials to take out multiple loans from different lenders at the same time, before the lenders recognize the deception.

Factor in social engineering scams that fool unsuspecting customers to unwittingly commit the crime for the cyberthieves, and it’s clear anti-fraud efforts are growing exponentially more complicated. That’s especially true without a modern, digital identity-based approach to user verification and assessment that leverages machine learning, behavioral analytics, and global, shared identity intelligence to recognize both legitimate and fraudulent users beginning at the point of account creation.

As Javelin head of fraud and security Al Pascual tells Forbes, as lenders modernize their account opening processes, “it is paramount that they incorporate tools like document scanning, behavioral risk assessments, and digital identity to streamline the process for applying online or on mobile devices while challenging fraudsters.”

Customers (and Sometimes Regulators) Are Always Right

Make no mistake. Even in the face of sophisticated and accelerating fraud attempts, streamlining is key with customers and prospects, for whom the lender with the fastest “yes” always wins. Their expectation is that the lender will protect them and their identity information from abuse. But it had better not create any friction, either.

Of course, online lenders also face increased scrutiny pertaining to security and privacy. Tightened rules in China, for instance, shrunk the P2P lending market by 50% in 2018. The EU’s revised payment services directive (PSD2) has stringent strong customer authentication and privacy requirements as well, and goes into full enforcement this September.

The good news: There are signs that the same approaches to digital identity that are proving so effective in fighting new account creation, account takeover, and other forms of cybercrime, may also give online lenders the ability to meet and document compliance mandates. Online lenders that have deployed such digital identity solutions, for instance, report they’ve been able to maintain or accelerate new loan application processes and boost regulatory compliance, even while significantly reducing fraud.

Digital Identity: The Gift that Keeps on Giving

That sounds encouraging, especially when 55% of organizations globally have reported an increase in fraud related losses over the last 12 months, according to Experian’s Global Identity and Fraud Report. Which means that for online lenders contending with cybercrime, growing customer expectations, increased competition and countless compliance mandates, a digital identity-based approach to user verification and assessment continues to be the first and smartest place to start.

Learn how digital identity-based solutions can help fight cybercrime, speed processes and more, check out this case study about online lender Kabbage.

ThreatMetrix Team

ThreatMetrix Team

close btn