Identity Fraud Prevention in Today’s Digital Economy
January 26, 2017
With cyber criminals becoming increasingly sophisticated and hackers making headlines regularly, it is imperative that businesses employ advanced security technology. Identity proofing is a term for identity verification that is being adopted by analysts such as Gartner. From Gartner’s study1:
Identity proofing, a process that demonstrates with sufficient confidence that the user is who he claims he is, helps to establish and maintain trust in the identity throughout the relationship.
Collecting and verifying information about a person, provides businesses with another layer of assurance. Financial institutions can use identity proofing to prevent financial fraud and money laundering, while ecommerce companies can rely on it to combat card-not-present fraud. And with today’s technology, businesses can ensure that their processes are user-friendly, adopting technology that users are familiar with (i.e. fingerprints and selfies for facial recognition).
According to research by Aite Group, card-not-present (CNP) fraud in the U.S. is expected to reach $7.2 billion per year by 2020. Government agencies need sophisticated identity proofing for security clearances. Identity proofing also helps organizations in the healthcare industry prevent HIPAA violations. As identity fraud becomes a concern across industries, identity proofing solutions are needed to establish trust in digital relationships.
Organizations that need to proof identities are turning to third-parties to build solutions. According to the Gartner study1, third-party solutions have come up with various options for companies to use to verify identities, including:
- Knowledge-based verification: In this approach, the user is asked a series of questions that they would need to know the answer to in order to confirm their identity. Examples of these questions include past mailing addresses, mortgage amounts, and lender names. Knowledge-based questions aren’t entirely secure, though, since the answers to these questions can be obtained through a hack. Back in 2015, scammers were able to steal tax refunds by figuring out the answers to these questions.
- Secondary passwords: ID proofing services can issue temporary one-time-use passwords to verify identities. Users are sent a one-time password via an “address,” like a home address or email address. They then have to enter the one-time password to verify their identities. Organizations may ask users to bind themselves to an identity associated with a known trusted online account, like their social media accounts. The risk with these other accounts is that social media profiles and email addresses can be hacked.
- Biometrics: In countries with fingerprint registries, organizations can require fingerprint scans to verify identities. However, some users may take issue with this method if they are concerned about privacy. Organizations can also use voice recognition and facial recognition to verify identities, although facial characteristics change throughout life. As biometric technology becomes more commonplace in the business environment and more accepted by consumers, industries can leverage it to ensure stronger identity security.
Proofing identities in other countries can be challenging since different countries use varying forms of government-issued IDs. According to the Gartner report1, some of the problems global companies can run into are:
- Social Security Numbers Create Vulnerabilities: In the U.S., citizens are often identified by their Social Security Numbers, but this method of identification doesn’t translate over into countries. Some countries also do not have official national IDs. Instead, these countries will issue out IDs for specific purposes like access to healthcare or tax collection, which may not be considered sufficient for identity proofing.
- Different Global Standards: Privacy and data protection legislation vary between countries, which limits the information identity proofing services can capture, gather, and store. This legislation can even block companies from sharing data across borders.
- Technology Verifications Often Falls Short: Technology limitations and regulations can prevent identity proofing providers from being able to conveniently verify information against government lists like registries of births, marriages, and legal permits.
Although fraud is an increasing concern for global companies, the good news is that options for solutions are also increasing with a wide range of identity proofing services that can be adjusted to fit different industries.
1Source Gartner Identity Proofing Is the Cornerstone of Trust in a Digital Relationship, October 2016