Fraud & Identity Management

Previously, we discussed the risks of account takeover and how a Defense in Depth strategy can protect your business. Before implementation it’s important to understand the financial benefits of the strategy. There are a few key steps to assessing and quantifying the value of Defense in Depth. Transaction risk assessment: This requires taking inventory of all possible transactions. Session-level risk analysis: With the transactions categorized by risk level, the next step is to review session history based on the highest risk activity within the session. Quantify the cost of a challenge: There are multiple costs associated with challenging a user using step-up authentication. Consider both direct and indirect costs – failure rate, contact center operational cost, and attrition rate following failed challenges (consider lifetime value of account) Quantify the expected challenge rate: This can be done by comparing the Defense in Depth approach to a traditional approach. Below is a calculator that will help determine the cost of the reduced challenges associated with a Defense in Depth strategy versus a traditional strategy. initIframe('5f039d2e4c508b1b0aafa4bd'); In addition to the quantitative benefits, it is important to consider some of the qualitative benefits of this approach: Challenging at moments that matter: Customers appreciate and expect protection in online banking, especially when moving money externally or updating contact information. This is a great way to achieve both convenience and security. Improved fraud management: By staging the risk decision at the transaction level, the business can balance the type of challenge with the transaction risk. There are incremental cost considerations to include in the business case as well. For instance, there is an increase in transaction calls for a risk assessment at the medium/high risk transactions – about 10% in the example above. Generally, the increased transaction cost is more than offset by the reduction in cost of challenges alone. A Defense in Depth strategy can help businesses manage fraud risk and prevent account takeover in online banking without sacrificing user experience. If you are interested in assistance with building your business case and understanding the strategies to implement a successful Defense in Depth strategy, contact us today. Contact us 1Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020

Preventing account takeover (ATO) fraud is paramount in today’s increasingly digital world. In this two-part series, we’ll explore the benefits and considerations of a Defense in Depth strategy for stopping ATO. The challenges with preventing account takeover Historically, managing fraud and identity risk in online banking has been a trade-off between customer experience and the effectiveness of fraud controls. The basic control structure relies on a lock on the front door of online banking front door—login—as the primary authentication control to defend against ATO. Within this structure, there are two choices. The first is tightening the lock, which equals a higher rate of step-up authentication challenges and lower fraud losses. The second is loosening the lock, which results in a lower challenge rate and higher fraud loses. Businesses can layer in more controls to reduce the false positives, but that only allows marginal efficiency increases and usually represents a significant expense in both time and budget to add in new controls. Now is the perfect time for businesses reassess their online banking authentication strategy for a multitude of reasons: ATO is on the rise: According to Javelin Strategy & Research, ATO increased 72% in 2019.1 Users’ identities and credentials are at more risk than ever before: Spear phishing and data breaches are now a fact of life leading to reduced effectiveness of traditional authentication controls. Online banking enrollments are on the rise: According to BioCatch, in the months following initial shelter-in-place orders across the country, banks have seen a massive spike in first time online banking access. Users expect security in online banking: Half of consumers continue to cite security as the most important factor in their online experience. Businesses who reassess the control structure for their online banking will increase the effectiveness of their tools and reduce the number of customers challenged at the same time – giving them Defense in Depth. What is Defense in Depth? Defense in Depth refers to a strategy in which a series of defense mechanisms are layered in order to protect data and information. The basic assumptions underlying the value of a Defense in Depth strategy are: Different types of transactions within online banking have different levels of inherent risk (e.g., external money movement is considerably higher risk compared to viewing recent credit card transactions) At login, the overall transaction risk associated with the session risk is unknown The risk associated with online banking is concentrated in relatively small populations – the vast majority of digital transactions are low risk This is the Pareto principle at play – i.e., about 80% of online banking risk is concentrated within about 20% of sessions. Experian research shows that risk is even more concentrated – closer to >90% of the risk is concentrated in <10% of transactions. This is relatively intuitive, as the most common activities within online banking consist of users checking their balance or reviewing recent transactions. It is much less common for customers to engage in higher risk transaction. The challenge is that businesses cannot know the session risk at the time of challenge, thus their efficiency is destined to be sub-optimal. The benefits of Defense in Depth A Defense in Depth strategy can really change the economics of an online banking security program. Adopting a strategy that continuously assesses the overall session risk as a user navigates through their session allows more efficient risk decisions at moments that matter most to the user. With that increased efficiency, businesses are better set up to prevent fraud without frustrating legitimate users. Defense in Depth allows businesses to intelligently layer security protocols to protect against vulnerability – helping to prevent theft and reputational losses and minimize end-user frustration. In addition to these benefits, a continuous risk-based approach can have lower overall operational costs than a traditional security approach. The second part of this series will explore the cost considerations associated with the Defense in Depth strategy explored above. In the meantime, feel free to reach out to discuss options. Contact us 1Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020

It’s clear that the digital transformation we experienced this year is here to stay. While there are many positives associated with this transformation – innovation, new ways to work, and greater online connectedness – it’s important that we review the risks associated with these trends as well.   In late 2019 and throughout 2020, Experian surveyed consumers and businesses. We asked about online habits, expectations for information security and plans for future spending. Unsurprisingly, about half of consumers think they’ll continue to spend more online in the coming year. Those same consumers now have a higher expectation for their online experience than before the onset of COVID-19.   Hand-in-hand with the online activity trends come increased risks associated with identity theft and fraud as criminals find new chances to steal information. In response to both of these trends, businesses and consumers want a balance between security and convenience.   Our latest trends report dives into the new opportunities 2020 has created for fraud, and the opportunities to prevent identity theft or manipulation and the associated losses while building stronger relationships.   Download the full North America Trends Report for a look into North American trends over the last year and to learn how fraud prevention and positive customer relationships are actually two sides of the same coin. North America Trends Report

Enterprise Security Magazine recently named Experian a Top 10 Fraud and Breach Protection Solutions Provider for 2020.   Accelerating trends in the digital economy--stemming from stay-at-home orders and rapid increases in e-commerce and government funding--have created an attractive environment for fraudsters. At the same time, there’s been an uptick in the amount of personally identifiable information (PII) available on the dark web. This combination makes innovative fraud and breach solutions more crucial than ever.   Enterprise Security Magazine met with Kathleen Peters, Experian’s Chief Innovation Officer, and Michael Bruemmer, Vice President of Global Data Breach and Consumer Protection, to discuss COVID-19 digital trends, the need for robust fraud protection, and how Experian’s end-to-end breach protection services help businesses protect consumers from fraud.   According to the magazine, “With Experian’s best in class analytics, clients can rapidly respond to ever-changing environments by utilizing offerings such as CrossCore® and Sure ProfileTM to identify and prevent fraud.”   In addition to our commitment to develop new products to combat the rising threat of fraud, Experian is focused on helping businesses minimize the consequences of a data breach. The magazine noted that, “To serve as a one-stop-shop for data breach protection, Experian offers a wide range of auxiliary services such as incident management, data breach notification, identity protection, and call center support.”   We are continuously working to create and integrate innovative and robust solutions to prevent and manage different types of data breaches and fraud. Read the full article Contact us

The shift created by the COVID-19 pandemic is still being realized. One thing that we know for sure is that North American consumers’ expectations continue to rise, with a focus on online security and their digital experience.   In mid-September of this year, Experian surveyed 3,000 consumers and 900 businesses worldwide—with 300 consumers and 90 businesses in the U.S.—to explore the shifts in consumer behavior and business strategy pre- and post-COVID-19.   More than half of consumers surveyed continue to expect more security steps when online, including more visible security measures in place on websites and more knowledge about how their data is being protected and stored. However, those same consumers aren’t willing to wait more than 60 seconds to complete an online transaction making it more important than ever to align your security and experience strategies.   While U.S. consumers are optimistic about the economy’s recovery, they are still dealing with financial challenges and their behaviors have changed. Future business plans should take into account consumers’:   High expectations of their online experience Increases in online spending Difficulty paying bills Reduction in discretionary spending   Moving forward, businesses are focusing on use of AI, online security, and digital engagement. They are emphasizing revenue generation while looking into the future of online security. Nearly 70% of businesses also plan to increase their fraud management budgets in the next 6 months.   Download the full North America Insights Report to get all of the insights into North American business and consumer needs and priorities and keep visiting the Insights blog in the coming weeks for a look at how trends have changed from early in the pandemic. North America Insights Report Global Insights Report

In the wake of unprecedented unemployment fraud since the start of COVID-19, Experian announced it was selected as the exclusive partner for identity and fraud verification for the Unemployment Insurance (UI) Integrity Center’s centralized Identity Verification (IDV) capability. IDV is available to state agencies at no cost through UI Integrity Center, which is operated by the National Association of Workforce Agencies (NASWA) in partnership with the U.S. Department of Labor.   With the Federal Bureau of Investigations (FBI) reporting a spike in fraudulent unemployment insurance claims complaints related to COVID-19, it’s more important than ever for state agencies to use innovative solutions to verify identities that are applying for unemployment insurance to protect consumers. If improper unemployment insurance payments are made to fraudsters, the efforts of the CARES Act could be largely wasted.   The IDV capability leverages Experian’s Precise IDTM to provide a centralized identity verification and proofing solution. Precise ID combines identity analytics with advanced fraud risk models to distinguish various types of fraud, which can help state agencies maximize time and resources. When state agencies submit claims, the IDV solution will return ID theft scoring and associated cause codes, enabling them to assess whether a claim may be fraudulent.   “Due to the COVID-19 health crisis, unemployment is high, with over roughly 60 million Americans filing for unemployment since March,” said Robert Boxberger, president of Experian’s Decision Analytics in North America. “At Experian, we’re proud to have a strong culture dedicated to continuous innovation that helps protect consumers’ financial health. We’re taking that same consumer focus and helping make the unemployment insurance application process more efficient and safer for constituents.”   The Integrity Data Hub (IDH) is a robust, multi-state data system that contains a continuously expanding set of sources to provide advanced cross-matching and analytic capabilities to states. It is designed to be easily implemented by any state Unemployment Insurance agency, regardless of claim volume, technology, or access to internal resources. The IDH was designed and built using the latest National Institute of Standards and Technology IT security standards, including the use of asymmetric encryption and other techniques to ensure the security of sensitive data.   “We’re excited to partner with Experian and utilize its Precise ID solution to assist states in mitigating fraud during these unprecedented times,” said Scott Sanders, NASWA Executive Director. “States are finding this to be a very valuable tool and we are pleased that we can offer this solution to states through our partnership with the U.S. Department of Labor.” Read Press Release Learn More About Precise ID

Synthetic identity fraud, otherwise known as SID fraud, is reportedly the fastest-growing type of financial crime. One reason for its rapid growth is the fact that it’s so hard to detect, and thus prevent. This allows the SIDs to embed within business portfolios, building up lines of credit to run up charges or take large loans before “busting out” or disappearing with the funds. In Experian’s recent perspective paper, Preventing synthetic identity fraud, we explore how SID differs from other types of fraud, and the unique steps required to prevent it. The paper also examines the financial risks of SID, including: $15,000 is the average charge-off balance per SID attack Up to 15% of credit card losses are due to SID 18% - the increase in global card losses every year since 2013 SID is unlike any other type of fraud and standard fraud protection isn’t sufficient. Download the paper to learn more about Experian’s new toolset in the fight against SID. Download the paper

The CU Times recently reported on a nationwide synthetic identity fraud ring impacting several major credit unions and banks. Investigators for the Federal and New York governments charged 13 people and three businesses in connection to the nationwide scheme. The members of the crime ring were able to fraudulently obtain more than $1 million in loans and credit cards from 10 credit unions and nine banks. Synthetic Identity Fraud Can’t Be Ignored Fraud was on an upward trend before the pandemic and does not show signs of slowing. Opportunistic criminals have taken advantage of the shift to digital interactions, loosening of some controls in online transactions, and the desire of financial institutions to maintain their portfolios – seeking new ways to perpetrate fraud. At the onset of the COVID-19 pandemic, many financial institutions shifted their attention from existing plans for the year. In some cases they deprioritized plans to review and revise their fraud prevention strategy. Over the last several months, the focus swung to moving processes online, maintaining portfolios, easing customer friction, and dealing with IT resource constraints. While these shifts made sense due to rapidly changing conditions, they may have created a more enticing environment for fraudsters. This recent synthetic identity fraud ring was in place long before COVID-19. That said, it still highlights the need to have a prevention and detection plan in place. Financial institutions want to maintain their portfolios and their customer or member experience. However, they can’t afford to table fraud plans in the meantime. “72% of FI executives surveyed believe synthetic identity fraud to be more challenging than identity theft. This is due to the fact that it is harder to detect—either crime rings nurture accounts for months or years before busting out with six-figure losses, or they are misconstrued as credit losses, and valuable agent time is spent trying to collect from someone who doesn’t exist,” says Julie Conroy, Research Director at Aite Group. Prevention and Detection Putting the fraud strategy discussion on hold—even in the short term—could open up a financial institution to potential risk at time when cost control and portfolio maintenance are watch words. Canny fraudsters are on the lookout for financial institutions with fewer protections. Waiting to implement or update a fraud strategy could open a business up to increased fraud losses. Now is the time to review your synthetic identity fraud prevention and detection strategies, and Experian can help. Our innovative new tool in the fight against synthetic identity fraud helps financial institutions stop fraudsters at the door. Learn more  

In 2015, U.S. card issuers raced to start issuing EMV (Europay, Mastercard, and Visa) payment cards to take advantage of the new fraud prevention technology. Counterfeit credit card fraud rose by nearly 40% from 2014 to 2016, (Aite Group, 2017) fueled by bad actors trying to maximize their return on compromised payment card data. Today, we anticipate a similar tsunami of fraud ahead of the Social Security Administration (SSA) rollout of electronic Consent Based Social Security Number Verification (eCBSV). Synthetic identities, defined as fictitious identities existing only on paper, have been a continual challenge for financial institutions. These identities slip past traditional account opening identity checks and can sit silently in portfolios performing exceptionally well, maximizing credit exposure over time. As synthetic identities mature, they may be used to farm new synthetics through authorized user additions, increasing the overall exposure and potential for financial gain. This cycle continues until the bad actor decides to cash out, often aggressively using entire credit lines and overdrawing deposit accounts, before disappearing without a trace. The ongoing challenges faced by financial institutions have been recognized and the SSA has created an electronic Consent Based Social Security Number Verification process to protect vulnerable populations. This process allows financial institutions to verify that the Social Security number (SSN) being used by an applicant or customer matches the name. This emerging capability to verify SSN issuance will drastically improve the ability to detect synthetic identities. In response, it is expected that bad actors who have spent months, if not years, creating and maturing synthetic identities will look to monetize these efforts in the upcoming months, before eCBSV is more widely adopted. Compounding the anticipated synthetic identity fraud spike resulting from eCBSV, financial institutions’ consumer-friendly responses to COVID-19 may prove to be a lucrative incentive for bad actors to cash out on their existing synthetic identities. A combination of expanded allowances for exceeding credit limits, more generous overdraft policies, loosened payment strategies, and relaxed collection efforts provide the opportunity for more financial gain. Deteriorating performance may be disguised by the anticipation of increased credit risk, allowing these accounts to remain undetected on their path to bust out. While responding to consumers’ requests for assistance and implementing new, consumer-friendly policies and practices to aid in impacts from COVID-19, financial institutions should not overlook opportunities to layer in fraud risk detection and mitigation efforts. Practicing synthetic identity detection and risk mitigation begins in account opening. But it doesn’t stop there. A strong synthetic identity protection plan continues throughout the account life cycle. Portfolio management efforts that include synthetic identity risk evaluation at key control points are critical for detecting accounts that are on the verge of going bad. Financial institutions can protect themselves by incorporating a balance of detection efforts with appropriate risk actions and authentication measures. Understanding their portfolio is a critical first step, allowing them to find patterns of identity evolution, usage, and connections to other consumers that can indicate potential risk of fraud. Once risk tiers are established within the portfolio, existing controls can help catch bad accounts and minimize the resulting losses. For example, including scores designed to determine the risk of synthetic identity, and bust out scores, can identify seemingly good customers who are beginning to display risky tendencies or attempting to farm new synthetic identities. While we continue to see financial institutions focus on customer experience, especially in times of uncertainty, it is paramount that these efforts are not undermined by bad actors looking to exploit assistance programs. Layering in contextual risk assessments throughout the lifecycle of financial accounts will allow organizations to continue to provide excellent service to good customers while reducing the increasing risk of synthetic identity fraud loss. Prevent SID

The COVID-19 pandemic created a global shift in the volume of online activity and experiences over the past several months. Not only are consumers increasing their usage of mobile and digital channels to bank, shop, work and socialize — and anticipating more of the same in the coming months — they’re closely watching how businesses respond to their needs.   Between late June and early July of this year, Experian surveyed 3,000 consumers and 900 businesses to explore the shifts in consumer behavior and business strategy pre- and post-COVID-19.   More than half of businesses surveyed believe their operational processes have mostly or completely recovered since COVID-19 began. However, many consumers fear that a second wave of COVID-19 will further deplete their already strained finances. They are looking to businesses for reassurance as they shift their behaviors by:   Reducing discretionary spending Building up emergency savings Tapping into financial reserves Increasing online spending   Moving forward, businesses are focusing on short-term investments in security, managing credit risk with artificial intelligence, and increasing online customer engagement.   Download the full report to get all of the insights into global business and consumer needs and priorities and keep visiting the Insights blog in the coming weeks for a deeper dive into US-specific findings. Download the report

Experian’s Chris Ryan and Bobbie Paul recently re-joined David Mattei from Aite to discuss how emerging fraud trends and changes in consumer behavior will have long-term impacts on businesses. Chris, Bobbie, and David have combined experience of more than 60 years in the world of fraud prevention. In this discussion, they bring that experience to bear as they review how businesses should revise their long-term fraud strategy in response to COVID-19 and the subsequent economic shifts, including: The requirements to authenticate a digital customer Businesses’ technology challenges Differentiating between first party and third party fraud The importance of businesses’ technology investment How to build a roadmap for the next 90 days and beyond Experian · Make Your Fraud Plan Recession-Ready: Your 90 Day and Beyond Plan

Pre COVID-19, operations functions for retailers and financial institutions had not typically consisted of a remote (stay at home) workforce. Some organizations were better prepared than others, but there is a firm belief that retail and banking have changed for good as a result of the pandemic and resulting economic and workforce shifts. Market trends and implications When stay at home orders were issued, non-essential brick and mortar businesses closed unexpectedly. What were retailers to do with no traffic coming through the doors at their physical locations? The impact on big-box retailers like Best Buy, Dick’s Sporting goods, Sears, JCPenney, Nike, Starbucks, Macy’s, Neiman Marcus, Nordstrom, Kohl’s to name a few, has been unprecedented; some have had to shut their doors for good. Over the past several months global retail has seen e-commerce sales grow over 81% compared to the same period last year, according to Card Not Present. Some sectors have seen triple-digit growth year over year. Most online retailers have been ill-prepared to handle this increase in transactional volume in such a short amount of time, which has resulted in rapid fraud loss increases. A recent white paper from Aite Group reported that prior to COVID-19, a large financial institution forecasted an 8% decrease in fraud for 2020, but has since revised the projection to increase 10-15%. What does this all mean?  Bad actors are taking advantage of the pandemic to exploit the online retail channel. The increased remote channel usage—online, mobile, and contact centers in particular—continues to be an area where retailers are exposed. Account takeover, through phishing and relaxed call center controls, is rising as well. Increases in phishing attacks are leading to compromised and stolen identities and synthetic identity fraud. Account takeover (ATO) fraud has increased 347% since 2019 according to PYMNTS.com. A recent survey found more than a quarter of merchants (27%) admit that they don’t have measures to prevent ATO. 24% of merchants can’t identify an ATO during a purchase. 14% of merchants say they are not even aware that an ATO has occurred unless a customer contacts them. When criminals use these compromised accounts to make fraudulent purchases, the merchant loses revenue and the value of the goods. They can also suffer from damage to brand reputation and a loss of customer confidence. A lack of account security can have lasting effects as 65% of customers surveyed say they would likely stop buying from a merchant if their account was compromised, according to that same Card Not Present study. So how can retailers start to identify bad actors with malicious intent? This will be a constant struggle for retailers. Rather than a one size fits all solution, retailers must move toward a strategy that is nimble and dynamic and can address multiple areas of exposure. A fraudster could easily slip by one verification method—for instance with a stolen credential—only to be foiled by a secondary authentication tactic like device identity. A layered fraud strategy continues to be the industry best practice, where both passive and active authentication methods are leveraged to frustrate fraudsters without applying undue friction to “good” consumers. The layered solution should also utilize device risk, identity verification and fraud analytics, with tailoring to each businesses’ needs, risk tolerance, and customer profiles. Learn more about how to build a layered fraud strategy today. Learn more

Every few months we hear in the news about a fraud ring that has been busted here in the U.S. or in another part of the world. In May, I read about a fraud ring based in Georgia and Louisiana that bought 13,000 stolen identities of children who were on the Louisiana Medicaid program and billed the government for services not rendered. This group defrauded the Medicaid program of more than $500,000.   This is just one of many stories that we hear about fraud rings, and given the rapidly changing economic environment, now is the time for businesses to think about how to protect against fraud rings. There are a number of challenges that organizations may have when it comes to sharing trends and collaborations, understanding the ways to tie fraud rings together, creating treatments for identifying fraud rings and ways to store and catalogue fraud ring experiences so they can be easily recognized.   The trouble with identifying fraud rings   It’s important to understand the challenges that organizations have because they see the fraud rings through their own internal lens. Here are a few of the top things businesses should work on:   Think like a fraudster. This will help businesses become more creative in their approach to fraud prevention. Facilitate internal collaboration. Share with in-organization partners. Sometimes this can be difficult due to organizational structure. Promote external collaboration. Intel-sharing groups are a great way for businesses to network within their industries and learn about the fraud that others are seeing. An organization that I’ve worked with in the past is the National Cyber Forensic and Training Alliance (NCFTA).   Putting the pieces together   How do businesses identify a fraud ring? There are three steps to get started. The first is reviewing and understanding the data. Fraudsters are lazy and want to replicate the process over and over again, and because of this there is always some piece of information that is repeated. It could be a name, an email address, device fingerprint, or similar.   The second step is tying the fraud ring together. This is done by creating rules to help identify the trends. Having rules in place to identify fraud rings allows businesses to easily pull stats together for their leadership.   Lastly, applying an acronym or name to the particular fraud ring and adding comments to the cases associated with a particular ring will help with post-investigation analysis.   Learning from the past   Before I became a consultant, I remember identifying a fraud ring that was submitting events with the same language pack and where the device fingerprint was staying consistent. Those events were being referred out for review and marked with the same note. At a post-mortem review, I was able to talk to the fraud ring we had seen, and it was easy to pull all events associated with this fraud ring because my team had marked the events with the same comments.   Another fraud ring example happened a few years ago. A client called me and said that they were under a fraud attack and this fraud ring was rotating the email handle. I reviewed the data and came up with a rule to catch this activity. Fraud rings will use email handle rotation to help them keep track of accounts that are opened or what emails they used in the past. By coupling the email handle rotation with an email verification service like Emailage, this insight could be very telling. I would assume that when fraud rings use email handle rotation these emails are new and have just been created.   These are just a few of the many fraud rings that I’ve encountered over the course of my career and I’m sure there will be a lot more in the years to come. The best advice I can give to anyone that reads this post is to understand the data that you are reviewing, look for anomalies within the data, ask questions and test your theories by running queries on the data that you’re reviewing. I would love to hear about the different fraud rings that you’ve encountered over your career.   Stay safe.   Contact us

Experian’s own Chris Ryan and Bobbie Paul recently joined David Mattei from Aite to discuss the latest research and insights into emerging fraud schemes and how businesses can combat them in light of COVID-19 and the resulting economic changes. Between them, Chris, Bobbie, and David have more than 60 years of experience in the world of fraud prevention. Listen in as they discuss how businesses can shape their fraud prevention plan in the short term, including: The impacts of the health crisis and physical distancing The rise of e-commerce and consumer digital engagement Changes in criminal activity Fraud attack vectors 2020 fraud loss projections Critical next steps for the 30-60 day time frame Experian · Make Your Fraud Plan Recession-Ready: 2020 Fraud Trends

The COVID-19 pandemic and resulting rush to transition to a remote lifestyle made it clear that many businesses need a refreshed digital authentication and fraud prevention strategy that includes an investment in technology and provides consumer assurance. This is particularly important when it comes to identity, as many of the standard in-person verification methods and tools are currently unavailable. The meaning of identity is growing and shifting Technology trends are intersecting with social trends to create heightened awareness, and a whole new public conversation has emerged around customer trust and privacy. Attitudes and ideas are changing—even to the point of what we mean by “identity.” An identity is no longer just a name, date of birth, and SSN. Now, there are digital manifestations everywhere you look: screen names, email addresses, mobile phone numbers, device identifiers, and the other “exhaust” we leave behind as we travel the internet. This leads to concerns about what an identity is, who owns it, and who manages and protects it. Businesses have to be able to prove to their ability to protect their customers’ identities through investment in technology and a robust fraud strategy. Consumer attitudes are changing Several years ago, consumers were excited by all the new digital capabilities and the speed, ease, and convenience they provided. Last year, Experian found that consumers still wanted those things, with 70% willing to provide more information to businesses if there was a perceived benefit. However, they also wanted more security in the balance. In Experian’s most recent Global Identity and Fraud Report, we found that 74% of consumers say that security is the most important factor when deciding to engage with a business. Consumers are particularly more tolerant of friction during the enrollment process—as a means of building trust. But, when they return to the app or website, they want to be recognized. This means achieving a balance by using layered technologies, some of which are active and visible to the consumer, and some of which are invisibly working in the background to confirm the identity of returning consumers. Consumer attitudes vs. regulatory pressure The drivers behind the business changes are twofold: shifting consumer attitudes and regulatory changes. While regulations are becoming stricter on a national and global level, they’re not keeping pace with technology and social change. The digital world is evolving at a rapid pace, opening up more new ways for companies to collect information about consumers and use it to identify and verify, and also to target goods and services. With all of this data available, it’s important for businesses to use the tools in the market to help protect identity information. Next steps in technology The bottom line is, businesses can’t wait for regulations to dictate how best to protect information. Instead, they should be looking to technologies like physical and behavioral biometrics to help provide identity authentication and protection – layering those solutions with information from the user and from third parties to give a holistic consumer view. Businesses should adopt a platform approach for identity and fraud in order to be able to adapt quickly, whether to incorporate new kinds of technology or to prevent emerging types of fraud. By investing in technology now, even in the midst of the COVID-19 pandemic, businesses can build the flexibility needed to respond to future crises and help offset future fraud losses. In turn, those fraud-loss savings can then be used to help grow the business in the future. Learn more about Experian’s commitment to helping businesses maximize their investment in technology to safeguard against fraud. Learn more