Fraud Protection & Compliance
Identity-based fraud takes many forms: application fraud, bust-out fraud, account takeover, synthetic identities and identity theft. In response, many institutions have deployed layered controls to ensure they are interacting with genuine customers and help stop identity fraud. But, taken too far, having too many controls makes for a frustrating experience that can drive customers away.
How can banks deliver unified experiences across multiple channels, with the right amount of friction, to navigate the fine line between fraud reduction and customer experience? I’ve put together five steps to guide your organization through the process.
Step 1: Decrease the Complexity of Identity Proofing
FICO’s recent Customer Identity Management Survey of 172 banks across the globe, including 59 in North America, found that 51% of respondents push customers who are opening DDA accounts using websites and apps to prove their identity offline. Most commonly, customers are asked to mail in copies of identity documents or visit branches with them.
This arrangement is far from optimal. In a separate FICO survey of 1,000 North American consumers, 55% of respondents said the lack of automation in verifying customers’ identities is problematic; not only is manual intervention overly relied upon, but there is also inconsistency in how well a document is checked. Because humans are involved, the thoroughness of document verification varies based on the person performing this manual process.
To offer customers faster and better originations processes, banks need to automate more – without increasing risk. This means embracing technologies that allow new customers to complete the onboarding process, without asking them to move out of channel to prove who they are.
The solution is already in consumers’ hands. With mobile phones a fixture of daily living, customers can use a ‘selfie’ photo plus their phone’s document scan functionality to convey their identities. Meanwhile, the bank can deploy purpose-built artificial intelligence and machine learning solutions to match the customer’s selfie to their document, perform liveness detection to prove they are there in person, and execute data comparison and hologram detection to verify that the identity document is real and untampered with.
Step 2: Enlist the Digital Banking Team as an Ally
Security controls impact both fraud and customer experience, so it’s important to build organizational consensus to be able to enact them. The goals of a successful, comprehensive identity verification program include:
- Increase legitimate bookings of new accounts by reducing friction during the application through risk management tools.
- Increase mobile app usage, since the majority of consumers use both online and mobile together. Less than 10% of Americans use mobile banking exclusively.
- Confirm the true identity of the consumer to make sure no one is taking over the consumer’s identity.
- Build consumer trust in digital identity verification processes.
- Meet compliance requirements.
- Enable easy, safe access to accounts.
These goals should have key performance indicators, giving the cross-functional team tangible targets for increasing top line revenues while mitigating risk and losses.
Banks also need KPIs around how well they protect the customer and enhance the customer experience with security. For example, in a recently completed FICO survey of 1,000 consumers in North America, 8% of respondents reported they would abandon an account opening process, and 14% said they would go to a competitor, because of untenable identity verification processes. About 70% of the consumers surveyed expected to be able to prove their identity digitally – but as noted above, over half of customers are being sent to a branch, or asked to send in paper verifications for some account types.
The bottom line: The fraud team must work in tandem with its business partners within the bank to reach the common goals of increased revenue, high security and a great customer experience.
Step 3: Manage Identity Across the Customer Lifecycle
Checking a customer’s identity is not a one-and-done process; beyond identity proofing at the point of origination, customer authentication occurs throughout the customer lifecycle. Breaking this down further, a number of processes must be seamlessly integrated:
- Identity validation
- Identity verification
- Enrollment for future authentication
- Binding the identity to the account
- Step-up authentication
Sorting through the various steps, banks can frame this initiative as having a twofold goal, to:
- Deliver fully digital identity verification that removes duplication and inefficiency.
- Take an integrated approach to identity proofing with authentication across the customer lifecycle.
Step 4: Keep It Simple, but Not Too Simple
How can banks best use automation to stop identity fraud and improve the customer experience? Let’s look at an existing customer account login as an example.
If a bank forces every single customer to do step-up in authentication, it’s going to annoy customers and might drive them away.
This happened to me recently. One of my banks frustrates me every time I try an online login. I’m approved and my account summary page starts loading. But when I click on a specific account, I am taken back to the login screen. Because a double login is necessary every single time I want to see this account, I tend not to go to this bank anymore when I need to make a quick and easy transaction.
It’s all about balance, of course; at the same time, if security is not increased for anyone, your organization becomes more vulnerable to criminals and thus a target.
Step 5: Gain the Power of Contextual, Risk-Based Decisioning
A risk-based approach is critical, requiring contextual decisions that are integrated across decisioning platforms. For example, understanding if the customer is typing their password as normal, using keystroke behavioral biometrics, should help decide automatically whether to initiate a step up at account login. Or understanding whether a new device is being used when a new payee is added.
The consistency of customer experiences across platforms is also important. Not only because customers want to stay in their preferred channel, but also because consistency facilitates mutual authentication. Banks need to remain familiar to customers through coherent, day-to-day engagements, whether the experience is online or mobile.
Solutions to Balance Customer Experience and Risk
While thwarting account takeover is one of today’s most pressing fraud challenges, the solutions to address it can be the foundation for delivering satisfying, loyalty-building experiences throughout the customer lifecycle. Learn more about FICO® Falcon® Identity Proofing and the FICO® Falcon® Authentication Suite, and follow me on Twitter @LizFightsFraud.