Technological arms race against identity fraud

Understanding identity is crucial to any business or personal interaction. In the digital age, it’s a necessity to being able to consume a service or complete a transaction. But when the key information typically required to verify an identity – name, date of birth and address –  can be easily obtained, consumers are highly vulnerable to fraud.

The threat of identity theft has driven greater customer demands for more privacy and security when it comes to their personal data. High-profile data breaches have fuelled a fear among consumers about how their information will be used and driven a desire for more control.

While the internet has opened up a multitude of new ways for fraudsters to steal information, identity requirements in the UK have been slow to evolve in line. Many companies still just ask for that trio of identity markers, which are also the standard information required to sign a contract, to obtain someone’s sensitive details.

“We’re so reliant on those pieces of information to define who we are that it has put us in a situation where your name, date of birth and address become very valuable for someone to steal,” says Paul Weathersby, senior director of product management at LexisNexis Risk Solutions UK. “This has driven the rise in the theft of information online. If you rely only on that information, it’s self-fulfilling in terms of the problems it causes.”

Part of the challenge relates to consumers who don’t perceive their identity as having any value. Most people expect the identity verification aspect of accessing services to happen in the background and certainly don’t think it’s something they should pay for. To that extent, identity has become something of a commodity, yet one under constant threat.

More than nine billion consumer identities were stolen in the last five years and identity fraud represents half of all consumer fraud, according to LexisNexis Risk Solutions.

While new regulations, such as the European Union’s eIDAS set of standards for assurance checks related to electronic transactions, are beginning to recognise that identity needs to evolve for the online world, they still don’t allow different signifiers to identify a human being outside of name, data of birth and address. It’s clear this needs to change.

The route to success is providing added security and identity assurance without harming the user experience

Internal processes at companies must evolve too. Before the internet transformed commerce and vital services such as banking, requesting name, date of birth and address was sufficient in preventing identity theft because they were very difficult to guess. Nowadays, however, obtaining that information is simply too easy for fraudsters, through either the details people willingly share online or from prior data breaches.

“The data breaches that have occurred have almost allowed the bad people to know that information,” says Mr Weathersby, “and it allows them to go and commit other frauds. Because data has been breached, and digital services and information are easier to pass between two people, companies need to do more than just check that those pieces of information are real. They need to ensure who they’re transacting with is that same person.”

“Banks are already doing this, but because everyone isn’t meeting a high standard, names, date of births and addresses are still valuable to fraudsters. We’ll still experience other data breaches or fraudsters trying to obtain that information until everyone is ensuring it is not just correct, but also belongs to the person they’re engaging with.”

Stephen Topliss, vice president of product strategy at LexisNexis Risk Solutions, says: “There is so much of our data in the public domain, and the digital age provides such easy access to services and products, which are still generally relying on you validating basic identity information – name, address, date or birth – or other personal information. That means identity data is available and very useful, which is why the threat is so prevalent.”

The greatest challenge companies face is balancing this need for secure identity verification and control over personal data with consumer expectations for a faster and more convenient digital experience. Simply adding barriers to authentication will do nothing to enhance the user journey at a time when customers are more likely than ever to abandon a transaction and buy somewhere else if their expectations aren’t met.

This creates a very difficult situation for organisations and a hesitancy to implement additional security and assurance checks, for fear of jeopardising sales and product adoption. Consumers expect their data to be kept secure and they won’t accept a slower or more complicated service to ensure that. The route to success is providing added security and identity assurance without harming the user experience.

“The journey of digital transformation that’s occurring across businesses really needs to touch all parts of the organisation,” says Dr Topliss. “If a new website is being launched, new services are being created online or a new app has been developed, they need to take the opportunity to embrace all the latest digital fraud prevention technologies as well.”

LexisNexis Risk Solutions is a leading provider of such innovation, harnessing the power of data and advanced analytics to provide insights that help organisations reduce risk and prevent fraud. It advocates a layered approach, through a broad range of protection, acknowledging that no single method can stop identity fraud.

By implementing complex combinations of technology, including biometrics and passive authentication, companies such as LexisNexis Risk Solutions could make identity fraud nearly impossible. Those who do find a way will be deterred by the complexity, while consumers continue to enjoy speed and convenience because the technology is invisible to them.

The company’s ThreatMetrix solution, in particular, looks at the digital identity of a person, including the device they’re using, the location they connect from and the information they pass, such as user name and email addresses, enabling companies to perform both physical and digital identity verification. If the physical and digital identity don’t match, organisations can quickly and easily identify suspicious activity that could be fraud.

Digital intelligence and the concept of digital identities in particular, is still relatively unknown among the general public. Without the knowledge to understand how this technology works and what the benefits can be, some consumers are suspicious of the process.

“We have a responsibility to educate consumers and make them aware of the threats online,” says Dr Topliss. “A lot of the tension over the last couple of years has been placed on marketing companies using digital data to track consumers to learn their spending habits online and then generate targeted adverts for them. This has influenced public opinion negatively around the use of digital data.”

“It’s important for consumers to realise a combination of this digital data, together with traditional identity data, can also be used effectively to combat identity fraud in the digital space and that their favourite shopping sites, services and social media networks are often making use of this type of fraud prevention services. This can help customers make a more informed decision around what data to share, or permissions to allow to a website, to help provide a safer and more secure online environment to transact in.”

For more information please visit risk.lexisnexis.co.uk