Bala Kumar, Chief Product Officer, Jumio, advises on how best to implement digital identity orchestration.
As Halloween creeps upon us, putting on a mask and becoming a ghoul or a ghost is just what we expect. However, taking on another identity isn’t reserved solely for the month of October when it comes to online fraudsters. Similarly, it’s not just sweet treats at stake. Every day, online fraudsters are using tactics to scam consumers and businesses for personal gain. And with our shift to an online world having only accelerated over the past 18 months, the opportunity to defraud the masses has never been higher.
In fact, according to UK Finance, we’ve seen a 94% surge in “impersonation scams” over the past year, typically conducted online, which have defrauded the public out of over £97 million. Sadly, a scary mask isn’t even required because, behind a screen, it’s already hard enough for businesses to know who a person is. When a fraudster is able to open up an account with a stolen identity, thanks to personal details being largely available due to mass data breaches, or a legitimate account is taken over by a fraudster, for the same reason, the consequences are a true horror. Online identity theft can result in major losses, from reputational damage and the undermining of consumer trust, to chargebacks, fraudulent loans and insurance claims, as well as heavy fines.
As such, the need to prove that an online user is genuine and physically present has never been greater, and especially for organizations dealing with high-risk transactions and sensitive issues. Since stealing credentials has been made easy through various phishing and social engineering tactics, businesses need an advanced solution to face the monsters head-on and authenticate their users before allowing them access to services and products. This means employing a fully connected and orchestrated way of mapping customers’ digital identities.
Tackling ghouls from the start
In the same way that the Ghostbusters are called to capture the supernatural, document-based identity verification (using a government-issued ID and a selfie) is the go-to strategy for sniffing out bad actors at the onboarding stage. By leveraging facial biometrics, organizations can confidently onboard new users remotely and know exactly who and where they are at the time of opening an account.
Traditional verification and authentication checks, including knowledge-based authentication (KBA) and SMS-based two-factor authentication (2FA), are outdated and simply don’t cut it in this ever-evolving online world where information is readily available from a quick social media search or even from the dark web. Indeed, Gartner’s 2020 Market Guide for Identity Proofing and Affirmation predicts that by 2022, 80% of organizations will be using document-centric identity proofing as part of their onboarding workflows, which is an increase from approximately 30% today.
However, this tactic shouldn’t stop at onboarding. This method can be used to continually verify online users to provide even more identity assurance, which is particularly important in higher-risk scenarios. Simply requesting the user take a fresh selfie each time they log in generates a new biometric template that will be compared to the original one captured during the onboarding stage. This enables organizations to continually authenticate users and be safe in the knowledge that they are dealing with the correct person.
Creating an ecosystem of trust
To maintain compliance and onboard good customers faster, businesses should seek to have an end-to-end identity verification platform that can cover multiple jurisdictions and monitor identity-related fraud signals when required. This allows businesses to take a holistic look at all their identity risks and add in whatever verification layers are needed to provide assurance and build trust.
Take organizations operating in the financial services space. They should be looking to leverage platforms that are adaptable and can change to fit the different needs of the business, for example receiving automated database pings, access to government watchlists and PEPs and sanctions to help identify fraud and anti-money laundering (AML) risks faster, as well as ongoing authentication solutions that can help to prevent account takeover (ATO) fraud.
A holistic identity verification platform should intelligently deploy the best combination of tools and data sources to help an organization reach an appropriate decision. It, therefore must always be evolving and improving so organizations can build trust online and consumers from all walks of life can enjoy the benefits of a digital economy.
Casting the identity orchestration spell
Identity proofing, compliance, authentication and fraud detection are all becoming increasingly interconnected, making it difficult for organizations to manage these different capabilities across different vendors. That is why businesses need to rely on a single vendor that can take the hassle away by helping to orchestrate these different workflows, thus preventing them from becoming too disjointed, which could lead to a compromised user experience.
Such solutions can also allow organizations to test and evaluate different workflows and compare different vendors and data sources needed to achieve their identity-proofing objectives. Indeed, Gartner anticipates significant growth in this category: by 2023, 75% of organizations will be using a single vendor with strong identity orchestration capabilities and connections to many other third parties for identity proofing and affirmation, which is an increase from fewer than 15% today.
- Cybersecurity Awareness Month has never been more important
- Cybersecurity: the crucial double check
- 4 key 2022 security trends predictions
- 5 of the most popular cloud security solutions available in the UK
As sophisticated types of digital identity fraud increase, it’s important more than ever that your identity verification solution is sophisticated enough to deal with the attacks. Organizations must therefore take the time to consider their onboarding and KYC processes in an orchestrated way. Otherwise, how else can we catch the fraudulent ghosts and ghouls that are hiding in the shadows?