Loading...

Less is not always more.

Published: March 12, 2009 by Keir Breitenfeld

Red Flags Rule
I've heard more than one institution claim that they may limit and even reduce the identity elements (perhaps down to just name and address) that are captured during consumer applications or other transactions. Their rationale is that the fewer identity elements they request or require during these processes, the less information they will need to authenticate as part of their Red Flags Identity Theft Prevention Program. While this argument seems logical on the surface, I would suggest that if securely gathered/stored and appropriate to the nature of your business, additional data elements such as Social Security Number (SSN), date of birth and phone number can actually allow you to accomplish a few things to your benefit.

1. Analysis of our consumer authentication products shows that contributing SSN, date of birth, and phone (in addition to name and address) to an authentication process, will actually improve your ability to positively authenticate a consumer via an overall risk-based strategy.

2. The use of additional data elements, such as the phone number, can unlock additional data sources for use in verifying not only that phone number, but the inquiry name and address as well.

3. Just because you don't capture certain identity elements, doesn't mean the risk goes away. In providing additional identity elements for authentication, you can gain a more holistic view of a consumer – be that good, bad or ugly. It’s better to figure this out up front versus down the road when bills go unpaid and the bad guys scatter.