Falling victim to identity theft is a distressing event that can happen to anyone, even the most digitally literate financial services professional.
Its consequences range from mildly irritating to devastating. While some experience a small impact in credit availability, others can lose their homes, financial wellbeing and access to important accounts. Making matters worse, the path to resolution is often an incredibly lengthy burden involving complex calls to many organizations.
What if we could create global authenticated software that prevents identity fraud at the point of transaction while continuing to provide a more frictionless banking and payment experience?
Identity fraud – A global issue
The stats are bleak: The pandemic has accelerated the transition to online activity, which has been followed closely by increases in cybercrime. Global cybercrime damages are predicted to rise to $10.5 trillion annually by 2025 (Cybersecurity Ventures) with dramatic uptick in 2020 and 2021. According to the Federal Trade Commission, the U.S. experienced a 311% increase in victims, and 33% of all Americans have experienced identity fraud. CIFAS, the United Kingdom’s counter-fraud organization, reported a national 11% increase in identity fraud in just the first half of 2021, with Experian reporting over 29% of all U.K. citizens impacted.
Identity theft – Attacks on individuals
Despite significant efforts to educate consumers to exercise greater caution with their personal data, the nature of traditional identity checks still expose consumers to an unacceptable level of risk. Unsurprisingly, a significant amount of identity fraud occurs via mobile device applications that are effectively credit accounts that can be opened with just a name, address and date of birth. Accordingly, anyone with access to this information can open an account under someone else’s identity. This basic personal information is relatively simple to find, through data leaks, cyberattacks or individual naivete.
Identity theft – Corporate attacks
In addition to attacks on individuals, identity fraud and email impersonation is on the rise, against even sophisticated businesses. Business email compromise (BEC) scams result in losses of over $1.78 billion annually, comprising more than half of all cybercrime losses logged by the FBI in 2019. BEC scams happen when fraudsters impersonate a known source to make a request that appears legitimate, such as a vendor your company regularly deals with sending an invoice with fraudulent banking information, a CEO asking her employee to make purchases and even a homebuyer receiving instructions on wiring a down payment from a title company.
Identity authentication factors
Today, consumers have grown accustomed to identity authentication factors such as passwords and one-time passcodes. While these were once trustworthy, they have their weaknesses and have not stood up against the rise of identity fraud. Adding a third factor, while at the same time limiting the information we hold and request, is critical to increasing security and improving trust:
What FIS and our partners are doing
With no national boundaries in identity fraud or cybercrime, this global challenge needs to protect consumers at the point of transactional activity and where credit is sought. A strong identity (ID) solution should solve for ID theft and synthetic ID detection via globally accessible, secure and trusted identity, while ensuring privacy for the individual. The solution should employ multiple authentication factors, including those things that you are, without the risk of storing sensitive data, interfering with the frictionless payment experience, or creating “false positive” identifications to not exclude legitimate users or exclude marginalized identities.
FIS is working with a set of partners examining the creation of a global identification solution. One of our partners, Trust Stamp, has led the way in biometric verification and authentication, using irreversible tokenization and facial biometric technology to secure accounts while protecting data and consumer privacy. These tokens can integrate with existing identity verification and authentication processes and enable financial institutions to improve verification accuracy without the risk of storing images, biometrics or other personally identifying information.
Tokenized biometrics add a secure authentication factor to confidently answer the question, “Who is actually holding the device?” With these tokens, consumers are protected against fraudulent accounts being opened in their names. Each identity is verified using multiple authentication factors, ensuring that the person applying for an account is who they claim to be.
“The Trust Stamp and FIS partnership means secure, low-friction transactions for customers through tokenized biometrics," said Kinny Chan, Trust Stamp’s chief commercial officer. "These tokens protect payments, combat imposter fraud in peer-to-peer money transfers and authenticate crypto wallet ownership seamlessly.”
Another example is Arcanum Technology, the 2018 MVP of our FIS Fintech Accelerator Program. Arcanum offers a highly innovative patented knowledge-based authentication process with expanded character set and dynamic virtual keypad. This allows a four-character passcode – that never has to be changed – to be more secure than the eight- to 16-character passwords in use today. Coupled with their tokenization algorithm, this generates a four-phase series of tokenized values to completely fortify the passcode system.FIS’s sophisticated global know your customer (KYC) solution answers the ultimate authentication question: Is the person really who they say they are? By using the Trust Stamp biometric verification and tokenization, the solution enables FIS clients to onboard customers in a safe, secure and simple manner. The process starts with a picture of the front and back of an acceptable identification card, and then the customer takes a secure video selfie. Global KYC then validates the authenticity of the document, and Trust Stamp’s anti-spoofing algorithms ensures the person in the selfie is a live person and matches the face in the ID to the face in the selfie. The biometric token is generated, which can be used to reveal a mismatch and flagged as a potential fraudulent duplicate or to match identical tokens for user authentication. Biometric tokenization is the first step in the push towards a secure global ID that can protect the individual.
It’s clear that a modern set of security tools – including biometrics, digital identity, secure elements and geolocation – can help you ensure new and existing customers are who they say they are and make better account decisions. Learn more today.