Managing the Risk of Application Fraud with Behavior-Based Identity Proofing

May. 16, 2018 | by BioCatch

Our security walls aren’t as high as we think they are. There are holes, and cybercriminals know how to slip through them, undetected. Application fraud has become a number one problem for companies across all verticals. In 2016, more than 25% of identity theft fraud involved the use of stolen information to open new accounts.

In order to stay competitive, organizations need to offer new and innovative ways to open accounts online, particularly to younger consumers.

In our latest webinar, BioCatch’s Uri Rivner and Al Pascual from Javelin Strategy and Research took a look at how behavior can be brought to bear to improve identity proofing and remove friction from the user experience. 

Security that manages the latest threats and doesn’t make applicants jump through hoops? It’s possible. Here, we highlight key takeaways from their discussion. You can watch the full webinar on our website.

The Vulnerabilities of Traditional Identity Verification

Traditional identity verification leans heavily on personally identifiable information (PII). As a company, you’re relying on applicants to enter their actual information into a form, a practice that’s inherently risky.

These are four key vulnerabilities of traditional identity proofing:

  1. Anonymity
    Digital account openings rely on the PII of someone you can’t see. This makes the account opening process easy for cybercriminals to manipulate. Armed with the right data, they can open accounts that don’t match with their identity as the applicant. Synthetic identities are thriving, and fraudsters use them to gain legitimacy with credit reporting agencies and take advantage of reliance on credit checks.
  2. Commoditization of consumer data
    Nearly any element of an individual’s identity can be bought or traded for. Criminals have all the data they need, thanks to data breaches. Social security numbers are the most compromised information from a breach, and that’s exactly what fraudsters need for account openings.
  3. Speed
    Digital tools allow criminals to conduct fraud faster than they ever could in the physical world, making them that much more difficult to catch in the act. Fraudsters also use botnets and automated scripts to apply for new accounts at scale.
  4. Weaknesses in supplemental controls
    Solutions that were once effective for stopping fraud are now easily circumvented. Remote access trojan attacks (RATs), for example, let criminals gain access to a customer’s device and initiate account openings.

Behavioral Biometrics at Work to Stop Application Fraud

Behavioral biometrics bases identity proofing on what you are (behavior), not what you know (PII) or what you have (a device or token). The way customers interact with a digital device provides powerful insights for detecting application fraud. Tell-tale behavioral signs, like how a user taps, swipes or enters information, show if someone is a legitimate applicant.

During the application process, behavioral biometrics looks at behavior patterns like:

How familiar is the applicant with the data they’re entering? A person who knows their own personal information like the back of their hand will enter it differently than a criminal working off of a list or using a synthetic ID.

How familiar is the applicant with the application flow? Every form a consumer fills out is a little bit different. If an applicant appears very familiar with the application process, that’s a good sign that they’re a fraudster. Criminals have a method and are expert users.

Behavioral biometrics also take into account good behaviors during the application process, not just ones that raise red flags.

Applying Behavior to Identity Proofing

Behavior-based identity proofing is an evolution of how we think about digital identity. It provides certainty that not only is an identity valid, but also that it belongs to the applicant and not to a fraudster.

With behavioral biometrics involved at each stage of the identity proofing process, companies can detect suspicious application behavior in real-time, rooting out fraud without creating friction — a must for keeping prospective customers.

In the webinar, we laid out a full 6-step framework for applying identity proofing in digital account openings.

Applicant behavior can be applied at all stages of the identity proofing process. From the moment someone starts the account process, behavior forces companies to think about who they’re really doing business with. Even before an applicant submits their information, companies can compare the applicant’s initial behavior with behaviors that are known to be indicative of fraud or automated attacks.

To learn more about stopping application fraud with behavioral biometrics, watch the full webinar here.

Topics: Behavioral Biometrics, Identity Proofing, Continuous Authentication