4 identity verification rules that should be broken


The consistent changes in financial transactions mixed with the development of fraudulent activity are something that is surpassing these traditional approaches. They are also creating a barrier to online commerce.

For more than a decade we have seen very little development in digital identity verification. It often relies on static data that is held by the major credit bureaus, the majority of which has been stolen on many occasions and is readily available to many fraudsters on the black market. The accuracy delivered from these traditional approaches is often poor and, in many cases, forces businesses to manually review up to half of their digital new account opening applications. In some circumstances, all applications may be reviewed.

In the meantime, legitimate customers are continuous, incorrectly denied, while false applications are constantly approved. This furthers people’s frustrations. Full digital customer acquisition and onboarding is a promise that cannot be kept thanks to antiquated identity information models.

If we want this cycle to be broken, then perhaps we should consider breaking the rules. By rules, we mean a common procedure that is followed for verifying identities that are inhibiting performance and stifling innovation. Here are the four rules that should be broken

The more rules to follow, the better

It is common IT knowledge that traditional rules-based models are struggling to keep up with digital workflows. It is also impossible for humans to keep up, given that nearly 2.5 quintillion bytes of data are produced each day. This is particularly the case for online identity verification. Rules created by humans do not work well in this scenario. Human knowledge, bias and capability are limited.

It is difficult to select subtle patterns and differences through thousands of interactions for the purpose of accurately identifying fraudulence. Despite the respectful measure of fraud detected by rules-based systems, a large percentage is also missed. What’s more, legitimate transactions are viewed as fraudulent. This results in a costly manual review, which causes disruption to the customer experience.

In order to improve the performance of rules engines built by humans, a continuous large number of complex rules must be written, resulting in an endless cycle. Humans struggle to keep up, but robots do not. Artificial intelligence and machine learning techniques can be applied to sift through large data sets. This can uncover patterns in which the human eye cannot see. Due to this, we need to remove humans from the equation and trust the data. Doing so will set us in the right direction to greater accuracy.

Static data sources are sufficient

In a world of digital, static sources such as credit bureau databases have become far too limited to achieve any form of meaningful accuracy for identity verification. The level of personally identifiable information (PII) is consistently being exposed in the weekly stream of corporate breaches. Due to this, it is obvious that we can no longer rely on what is essentially stolen data for identity verification. We cannot expect the data used to verify identities to work if it is exactly the same as the data being used by criminals to impersonate identities.

It would be better to combine the common static data elements with other sources, whether it be online, offline or social media. It is rarely enough to identify someone based on one type of data. By webbing many data elements together, however, it can create a more holistic image of identity.

One consequence of digitalisation by-products is that most people are continuously mapping out their digital footprint on a daily basis. Whether it be web browsing or social networks, each trail made is unique to the individual, making it virtually impossible to fake. Online and social identity information can provide extremely accurate results for identity verification. For example, a fraudster could easily purchase stolen PII on the dark web. Recreating someone’s entire social network, however, would be much more complex.

Identifying first-time users requires manual review

It can be quite difficult to verify someone’s identity if they have never done business with an organisation in the past. There are many technologies available that are highly effective in authenticating returning users. However, traditional validation approaches for new customers can come with its issues. In fact, they can lead to high annual review rates, with significant false positives and false negatives.

Many companies now turn to their online channels for acquiring new customers. However, they still use traditional identity verification mechanisms, risking score applications, which in effect sabotages these efforts. Low accuracy rates result in good customers being rejected. In the meantime, prospects will abandon the application process of increasing acceptance rates as they can create too much friction. The way to reverse this cycle is to simply break these previous rules.

The rules cannot be broken

It’s never easy to break away from traditional rules. This is particularly the case with those related to risk management and fraud prevention, even when they are quite clearly outdated. Identity verification is not exempt. Be aware that digital transformation has an effect on all systems and business processes that rely on identity. It does not make sense to build a modern performance piece of machinery while powering it with an outdated motor. Neither does it make sense to keep following these rules.

Join us for IDM Europe

Join us in September at IDM to network and learn from hundreds of IDM thought leaders and innovators across Europe. Listen as they discuss and shape the future of secure, risk-driven and business-centric Identity and Access Management (IAM). Join our keynote speakers as they share the best practice, map the latest trends and technologies, seek out new opportunities and discuss how to transform IAM into actional and critical business resource.