What is Identity Proofing?
Identity proofing is the process an organization uses to collect and verify information about a person for the purpose of an account opening or issuing credentials to that person.
The top reasons for incorporating online identity verification processes are for regulatory compliance, enhancing fraud prevention and improving business efficiencies.
Identity Proofing Challenges
Today's identity proofing processes rely on database searches using information entered into online applications to initiate a new insurance policy, open a bank account or register with an e-commerce site. However, with significant amounts of personal data available on the dark web and the growing threat of social engineering, traditional fraud prevention techniques fall short and credentials end up in the wrong hands. In fact, according to Javelin, there were more than 1.5 million new account fraud victims in 2015 that accounted for losses of $2.8 billion. This number increased by 40 percent in 2016 and shows no signs of abating.
New Account Fraud is a Growing Problem
New account fraud is a concern to any business processing transactions online. Fraudsters use multiple techniques to commit new account fraud, including taking over existing identities or creating fake identities, resulting in millions of dollars lost for retailers. Unfortunately, existing prevention measures can create friction in the payment process — harming processors, credit card issuers and e-retailers alike.
Red Flags that New Account Fraud Might Be an Issue
With every data breach, fraudsters obtain more data to use in committing new account fraud, such as social security numbers, emails, addresses, phone numbers, and device and network attributes. This information is used to set up fake accounts that exploit weaknesses in an application. This is an issue for all organizations doing business online, and frustratingly, fraudulent applications are usually detected weeks after an initial account opening. As a result, new account fraud is costing companies billions of dollars. If review rates are soaring and fraud detection solutions are not keeping up, a new strategy for detecting account fraud is in order.
Currently banks rely on customer service agents to be the first line of defense in detecting behaviors that could indicate new account fraud. For instance, the Association of Certified Fraud Examiners provides 15 red flags that a new account opening could be fraudulent including the use of newly created social security numbers, using a small cash deposit for the opening balance, mismatched names and addresses, and being overly friendly. But financial institutions don’t have to limit themselves to manual, human-driven processes to detect fraudulent account openings.
New Ways to Detect Fraudulent Account Openings
Banks can detect new account fraud by analyzing behaviors to distinguish between real users and imposters accessing an online account. The BioCatch platform detects new account fraud by differentiating criminal behavior from behaviors of normal users. From the initiation process through the banking and payment process, our system is able to expose new account fraud in real time and prevent down the line losses by stopping fraud before it even becomes an issue. In addition, BioCatch detects specific identifiers of systemic fraud attacks.
How BioCatch Analyzes Behaviors
Applying more than 2,000 unique metrics to analyze the application process, BioCatch can distinguish between normal, criminal, and non-human users. Our platform identifies, in real-time, behaviors such as:
- Application fluency — Fraudsters repeatedly using compromised or synthetic identities demonstrate a high level of familiarity with the new account opening process.
- Expert users — Cybercriminals practice a proficiency with keyboard shortcuts and function keys not typically seen with real users.
- Low data familiarity — Those entering stolen personal information are more likely to cut and paste data that would be intuitive to the legitimate user.
- Machine/bot activity — Spot criminal behaviors in the application flow, even if the access is from a new device/IP, and reduce manual reviews without deterring legitimate new customers.