In 2015, 13 million Americans lost more than $15 billion dollars at the hands of identity thieves. Those are staggering figures, and the news gets worse for Financial Technology (FinTech) companies. Fraudsters, thwarted by new smart credit and debit cards that authenticate transactions at the cash register, are increasingly targeting online FinTech alternatives. With the accelerated growth of FinTech in recent years many companies find themselves unprepared for the new challenges that come with supporting online financial services. Ensuring that only legitimate customers and businesses are on-boarded requires implementing best practices that include multi-factor identity verification, the ability to monitor all transactions, and complete auditing and reporting capabilities. At the same time, the on-boarding process cannot become frustrating and time-consuming for customers. Otherwise, they won't become new customers.
Although the attackers do not discriminate, FinTech and e-commerce companies are among their favorite targets. According to Javelin Strategy & Research, the Payment Card Industry’s decision to issue EMV “smart” cards is raising the online fraud risk. Javelin reports fraudsters are moving away from existing card fraud to focus on new account fraud. The result is a 113 percent increase in new account fraud, which now accounts for 20 percent of all fraud losses. Still, tech-savvy FinTech alternatives continue to disrupt and dominate the banking market. Global consulting firm Accenture points to today’s low-growth, low-return environment as the key driver behind institutions’ decisions to expand their online services.
The Accenture 2015 Global Risk Management Study, based on the company’s survey of more than 450 senior risk-management executives in the banking, capital markets and insurance industries, reports that:
"The rapid adoption of new technologies and business models creates a need for more innovative risk management solutions"
• 43 percent of financial services firms have a higher risk appetite for developing new products than they had two years ago.
• More than one-third (36 percent) have a greater appetite for taking on major digital initiatives.
Not surprisingly, the survey also found that 86 percent of respondents said their organizations plan to increase their investment in risk-management capabilities in the next two years.
Improving ID Verification
Despite this emphasis on improving risk management, the process of verifying online customers has become especially difficult. Experienced risk managers and compliance officers try to apply their offline customer onboarding best practices, only to discover that these practices aren’t as effective online.
Overcoming this challenge requires developing and implementing a new set of best practices that combine ID verification and fraud prevention services within an operational framework. This will enable FinTech companies to more accurately verify and validate new customers.
To keep pace with the rapid evolution in digital identity, verification systemsmust collect information from many sources and across different parameters so individuals can be identified using an evolving and adaptive (eDNA) ‘electronic DNA’ and trust can be established non-intrusively and commerce can remain frictionless.
From a business perspective these systems need to capture user demographics, (particularly for the under-banked and unbanked which are largely unaddressed by the financial system, but represent new markets. These data include information only the applicant can provide as well as inputs from third-party data and technology providers. Examining ‘old’ identity information linked to physical documents, such as SSNs or credit scores, is no longer adequate and creates a false sense of security. Incorporating ‘new’ sources, such as email addresses, ship-to and bill-to addresses, IP geolocation, device fingerprint, social media accounts and cellphone carrier data, fills the gap between the traditional financial ecosystem and digital commerce.
Now, validating and verifying identity data presented at onboarding is just part of the battle. It is important to understand how that identity data is related to other identities and market data. For example, is your new client associated with sanctioned groups? Are they part of fraud rings or money laundering rings? Are they associated with terrorist organizations? Is their data commonly available in the dark web? This goes beyond the identity validation concept into the trust concept. Once you have validated the identity, the question becomes is this someone that you should be doing business with?
Knowing whether to trust an identity or not has profound performance and regulatory implications. For the FinTech world it is not just enough to validate the identity, especially with the proliferation of stolen identities.
There are many additional benefits to trusting an identity. The system can expedite a trusted customer's application, and also delay the process to request additional information from new accounts with high-risk profiles. Making the onboarding process more adaptable will ensure the validation of more good customers and the rejection of fraudulent account originators.
The last part of the battle is tracking and monitoring accounts over time. For example, anti-money laundering transaction monitoring can analyze and record all transfers and payments to ensure the application of appropriate policies and report any suspicious activity. Identities’ relationships and associations change over time, uncovering risky behavior after onboarding is important. Geofencing technology blocks users from restricted states or countries based on information from mobile devices, a business or home, or even IP geolocation.
A well-educated customer base can make the best fraud prevention system better. FinTech firms should develop and implement on-going education programs to help their customers better protect themselves. Teach them basic security measures such as the need for strong user IDs and passwords, and why it’s so important to update the security software protecting their PCs, laptops and mobile devices. They should be able to check their statements in real-time, receive alerts about any suspicious activities, and even freeze their accounts if necessary without having to call customer service.
Preventing fraud must be top of mind for FinTech companies attempting to navigate the complicated landscape of online services. Verifying digital identities makes it easy to recognize stolen identities, cards and repeated bad actors, and just as importantly, recognize trusted customers and correct information. This strikes the necessary balance between hardening the company’s security posture and providing a simple on-boarding process for new customers.
As more consumers turn to FinTech services and offerings to improve their financial well being, fraudsters are also eager to turn their attention to the growing industry. The rapid adoption of new technologies and business models creates a need for more innovative risk management solutions. In the rapidly evolving world of financial technology the goal must be to proactively combat fraud before you onboard a new customer, rather than try to mitigate risk after the fact.