5 Best Practices for Digital Identity Verification

Attacks on the financial sector have increased steadily for two decades, and the volume of reported attempts surged in just the last few years.

In fact, 68% of financial services providers reported an increase in fraud attempts compared to the prior year. Fraud in the account opening processes is endemic; in response, institutions are using multi-layered verification to locate, approve and onboard legitimate customers with low friction while deterring fraud and maintaining compliance. A robust identity verification program allows platforms to capitalize on digital adoption while delivering a seamless customer experience. Fifty-three percent of Americans report that being prompted to take extra steps to verify their identity makes them trust that company more. And those who report being less trusting are less likely to engage in desirable downstream business practices.

A lack of trust creates a drag on profits while compromising the end-user experience. But institutions can use several best practices to locate and approve new legitimate customers, significantly lessening friction or fraud and streamlining the customer journey.

1. Analyze Multiple Layers of Data
Forty-five percent of organizations say they perceive multiple layers of identity attributes as a best practice. As fraudsters increasingly add sophistication to their schemes, additional layers, or “blankets,” of attributes that work together are the key to a seamless customer experience and fraud mitigation. Solutions that orchestrate multiple dynamic data sets not only detect and deter fraud — especially synthetic identity fraud — but don’t add friction because the solution is predicated on data collection practices that are easy to explain and defend.

Multiple layers at the heart of the identity verification process identifies legitimate customers more quickly and accurately, and uses additional verification methods only when absolutely necessary.

2. Layer Machine Learning with Human Fraud Expertise
Financial service providers can balance user experience with identity verification standards by combining  increasingly adopted technologies with human fraud expertise. Financial institutions have the power to analyze massive amounts of digital transaction data by applying supervised machine learning (ML) to the identity verification process, creating efficiencies by recognizing patterns that can improve decision-making.

Coupling this with human expertise and intuition gives institutions the best of both worlds: enhanced anti-fraud protocols and new, more usable data sets that improve identity verification efforts going forward. Machines are great at detecting trends that have already been identified as suspicious, but have a blind spot of detecting novel forms of fraud. It’s critical that providers layer human fraud expertise on top of machine learning.

3. Embrace Data and Decision Transparency
Many ML-based solutions provide a pass or fail score that is as opaque as it is simple. Without visibility into decisioning data, institutions are left to depend on restrictive and hazy score-based identity proofing models. These “black box” solutions don’t offer data intelligence visibility; instead, they apply common engine logic across multiple customers and industries.

An effective identity verification solution should provide a continuous data feedback loop so institutions can understand and explain to regulators and consumers why they made certain decisions. This allows financial institutions to better assess their risk and fine-tune the identity verification processes to best fit their needs. This is nearly impossible to do with a system that relies on “black box” algorithms and little governance of modifications from one company to another.

4. Implement Customized Identity Verification Workflows
The ability to customize identity verification settings to meet specific customer needs is quickly becoming mission-critical. Every organization is different; every financial institution has different verification protocols that reflect these unique needs. This includes the ability to tweak and tune identity verification settings in real time, without the help of IT. Every institution needs the ability to act quickly as they anticipate attacks, adapt to changes in human behavior and respond to the emergence of new customer segments, profiles and needs.

At the same time, institutions need to empower decision-makers to collect less sensitive information or enact pre-qualification formats for certain applications, streamlining customer onboarding without compromising identity verification standards.

5. Cross-Industry Fraud Intelligence
It’s common for fraudsters to jump from industry to industry as they carry out their plans, which means that effectively fighting fraud is a group effort. With the right identity verification solution in place, financial institutions will have visibility into serial, multi-industry fraud schemes and trends and data across industries and channels.

As the financial sector moves towards a post-pandemic reality, fraud attempts are likely to grow alongside customer expectations. Identity verification will be an operational necessity and a moral imperative, keeping financial institutions and consumers safe in a challenging digital environment.

For Fraud Claims, Not All Call Back Procedures Are the Same

We are seeing more and more funds transfer and social engineering — also known as impersonation fraud — claims, and coverage for these claim scenarios vary from carrier to carrier. While there are several differentiating factors that could cause one carrier to approve a claim and another to deny, the most common is how they structure their call back requirements.

In 2021, we watched nine different carriers respond to similar funds transfer claim scenarios. Challenges to a claim were almost always based on the bank’s perceived failure to meet the listed call back requirement. As we compare and contrast all nine, here are several key differences that should be reviewed prior to the next claim.

Social Engineering Versus Funds Transfer Fraud:
Many fidelity bond policies offer the social engineering coverage with a sub-limit versus the full limit for the funds transfer fraud coverage. As such, it is helpful to know as early as possible in the claims process which of the two coverages will be referenced. The easiest way to contrast that is that social engineering usually relates to the loss or theft of the entities own funds, whereas funds transfer fraud usually relate to loss or theft of a customer’s funds. While we have seen social engineering sub-limits as low as $50,000, the most common sub-limits are $250,000, $500,000 or $1,000,000. They are often based on the overall limits: for example, a $10 million bond is much more likely to have a $1 million social engineering sub-limit than a $2 million bond.

When Is a Call Back Required?
There is usually a dollar threshold; all transfers greater than that dollar amount require some form of call back. The larger the threshold, the better. The most common threshold matches the bond deducible, otherwise they usually range between $25,000 to $50,000.

Call Back Requirement Ranges

  • No Call Back Requirements: For some cyber policies, which may extend to covering funds transfer frauds or other social engineering coverage grants, there are no call back requirements. While this does exist, it is becoming less and less available as claims increase.
  • Underwriting Approved: Some bond policies include generic language that states any call back type can be accepted, as long as that type of verification was first approved by an underwriter. If your policy includes that, we suggest your bank coordinates a call with its bond underwriter to share the bank’s current call back process and procedure for their confirmation of acceptance.
  • Simple Call Back: Sometimes the only requirement is a confirmed call back to a pre-determined number.
  • “Or” Beats “And:” One carrier states that acceptable call back verification can be done by valid test key or call back to the person who initiated the instructions, or digital signature or use of username and password/PIN, or biometric authentication or any other recognized two-factor e-authentication.
  • Singular Call Back Requirement:
    • Only acceptable call back is the existence of some form of valid test key, which has been mutually agreed upon by customer and the insured.
    • Some form of out of band (median difference from original request) verification (voice, email or text) to predetermined location requiring affirmative reply.
    • One carrier states that the commercial customer coverage only applies if the transmittal method by which the institution received the fraudulent transfer request matched the method authorized by the commercial customer in the funds transfer agreement.
  • More Stringent Multiple Requirements:
    • We have seen requirements for out of band verification that must be recorded for coverage to be afforded.
    • Two-factor authentication, typically representing some form of user ID, PIN, token or dual authorization, and the existence of a written agreement.
    • A call back to a predetermined number set forth in written agreement and the institution preserving a recording of the call back/verification.
    • Sender verified instruction with a password, PIN or code and a call back to predetermined telephone number, documented in written agreement, with verification preserved.
  • Lastly, the requirement that is perceived to be the highest hurdle to get over is the requirement of some type of handwritten signature verification from two separate employees, within their authority. Note this level of stringent requirement often goes hand-in-hand with a much greater social engineering limit, including up to the full limit.

In summary, we see significant variations to call back requirements. We recommend banks review the policy language in place prior to any claim scenario to have as good a chance as possible to realize claims coverage.

Fix Your Leaky Onboarding Funnel


onboarding-1-16-19.pngCustomer acquisition is top of mind for most banks and their boards.

This usually translates into new, slick marketing campaigns. These campaigns mean enlisting your advertising agency to cut through the clutter, which is increasingly difficult to do. Or you could look to mine more near-term customers right from your own website and the online account opening process.

More and more banks are onboarding new customers by enrolling them through their website. This process is rife with opportunity. According to The Financial Brand, 40 percent of online bank account applications were abandoned due to a long or complicated enrollment process.

Think about that. Only six out of 10 prospects who arrive at your site—with the intention of creating a bank account—complete the journey. That’s tragic. It makes more sense to fix that leaky funnel than to spend big on another advertising campaign in the hopes of driving significantly more website or branch traffic.

We know that there are a few places in the online account creation process where banks fall down. Let’s dissect some of these pitfalls.

Identity verification. Thanks to Know Your Customer and anti-money-laundering regulations, banks and credit unions need to impose more rigor to ensure the person creating the account is genuinely that person. Thanks to a steady barrage of data breaches and advanced malware, traditional methods of authentication, such as knowledge-based authentication and two-factor authentication, are no longer in vogue. Increasingly, banks are turning to online identity-verification solutions that require a government-issued ID and a selfie to more reliably verify digital prospects. These solutions can be pretty fast and are capable of completing the online verification process within a minute.

Simple messaging. Banks that provide simple, clear instructions, written in plain English, experience much higher conversion rates. This includes providing a clear rationale for why you’re asking online customers for their ID documents and selfie, and what you intend to do with that information.

Fewer screens. Obviously, the more hurdles you put in front of your customers, the less likely they will make it all the way through the account-opening process. So, if you can reduce the number of screens to identify a new customer from seven to four, that will have a material impact on conversion rates.

Go omnichannel. When it comes to establishing identity online, you want to open up the experience to as many channels as possible. Many identity verification solutions only offer a mobile experience, not allowing potential customers to use their webcams on their laptops or desktop computers. By disabling this channel, you’re eliminating a large swath of potential customers who either don’t have a smartphone or would prefer to complete the process from their laptop.
Being omnichannel also means supporting API-based mobile web and native mobile implementations. For companies looking to cast the widest possible customer acquisition net, including some older generations who may not be comfortable with newer technology, it just makes sense for your identity-verification solution to offer the broadest number of channels to your prospective customers.

No more maybes. Another cause of online abandonment are the longer wait caused by manual reviews. Several online identity-verification solution providers return a “caution” decision when they can’t easily confirm that the customer is who they claim to be.

Every “caution” or “maybe” requires manual review by a team of analysts. There are real costs to manual review. Jumio offers an online calculator to illustrate these expenses. These are real costs to your business, and they create real frustration for your customers.

So, if customer acquisition is job No. 1 for 2019, maybe it’s time to fix your sales funnel and plug the leaks with an efficient onboarding experience—one that optimizes and simplifies the identity-verification experience.

You can do the math. Spend big on advertising with iffy results. Or, create a great online experience that is designed for conversion. You’ll end up with happier customers—and a lot more of them.

Combating Identity Fraud Through Biometrics


biometric.png

The Know Your Customer (KYC) process, which is the identification and verification of a bank’s clients in order to understand and better manage risks, is a central requirement of the federal anti-money laundering regulations. Today, technologies such as mobile and biometrics have a strong impact on the redesign and digitization of the registration process, significantly improving operational efficiency and customer satisfaction.

A range of financial institutions have been exploring opportunities through biometrics in one capacity or another, but in most cases employ biometrics for identification and authentication purposes for existing accounts, aimed at making passwords obsolete once and all. With increasing multipurpose adoption, by 2021 the market will reach a value of $30 billion with its primary revenues shifting from the government sector to banking and consumer electronics.

Experts from M2SYS, a biometric identity management technology provider, suggest that as more banks and financial institutions begin to augment their customer identification security policies, the evaluation of using biometrics for KYC management will increase rapidly.

The use of biometric identification management technology for accurate customer identity verification has proven to deliver efficiency and convenience for organizations that have adopted it. The technology also helps comply with government regulations to prevent identity theft and money laundering. Due to inefficient KYC management, nearly 9 million Americans are victimized each year, costing consumers $5 billion, and banks and corporations $56 billion, annually.

Industry expert David Benini, vice president of marketing at Aware, a biometric software developer, wrote recently that “More than just —something we are,’ biometrics allow us to permanently bind ourselves physically to digital information; a powerful capability that enables us to not only biometrically authenticate, but also to biometrically deduplicate.” The idea behind biometric KYC management is quite simple–instead of the customer being required to present official identifying documents in person upon application, a biometric-based search can eliminate the need for a lengthy check with additional tapping into public and private records to ensure the absence of copy records.

Biometrics allow banks to be sure that a particular person does not exist in the database with different data. Benini emphasizes that the power of the idea behind biometric identity proofing rests in the ability to combat identity theft at its source by ensuring the integrity of identity data at the point of enrollment.

Given its unique properties, biometric-based KYC management in the financial services industry enables institutions to speed up the customer verification process without compromising the accuracy. Implementation of biometric KYC management solutions can ensure higher accuracy and efficiency, eliminating the risk of financial fraud and its legal and financial consequences for consumers and organizations.

The critical benefits of transitioning to biometric KYC management include:

Enhanced Operational Efficiency
KYC management has traditionally been a resource-consuming process requiring time and manpower (hence, substantial financial expenditure) to verify a person’s identity, since KYC compliance involves a tedious process of verifying the customer’s original documents of proof of identity and proof of address in person, among other things. Biometric KYC cuts corners without compromising accuracy and security, as biometrics carry unique and arguably impossible-to-forge information and are permanently tied to one’s records.

Improved Cost-efficiency
There are a couple of ways biometric KYC management saves money for financial institutions: reduced time to verify information about the person, and as a result of increased accuracy, reduced expenses on fixing issues that appear as a result of inefficient KYC procedures. It takes an average of $1,173 and 175 hours to clean up one’s credit report and associated complications, and when you multiply that times the vast customer base of a medium-sized bank (not to mention much larger banks), it’s obvious that biometric KYC can become a real cost saver, facilitating a better allocation of resources.

Greater Security
Today, biometric-focused technology and software has reached a level of sophistication where providers can ensure higher levels of protection against identity fraud and all compliance consequences because of it. Behaviometrics are the last word in secure identity verification, bringing together machine learning and continuous tracking of user behavior. A separate class of companies is delivering biometric-focused anti-fraud solutions, including NuData Security, BioCatch, BehavioSec and AimBrain.

Gains in Convenience and Customer Satisfaction
The speed of identity verification affects overall customer satisfaction and is more convenient since it ensures an easier and more efficient user experience. And an enhanced customer experience translates into a better reputation and higher customer retention.

Organizations that aim to keep up with the latest technological advancements for efficient KYC management cannot miss out on the application of biometric-based solutions. Today, there is no lack in technology companies powering biometric KYC management through sophisticated software and biometrics screening technology. Recognized leaders include Daon, EyeVerify Qualcomm, with such companies as BioConnect, M2SYS, HooYu, Aware, Hoyos Labs, ID Global, Socure, physiSECURE and many more comprising an expanding list.