Today, there’s a major gap in market between the data that relying parties have to verify consumer identity and what is needed to authenticate them with certainty. And for that reason, credit bureaus, financial institutions and even eCommerce sites find they must look elsewhere for verifiable data or risk overlooking good but “thin-filed” consumers, including millennials.
Consider that roughly 63 percent of millennials don’t have credit cards, and some have no plans anytime soon to embark on major life purchases, such as buying a home or car.
This leaves many without the “creditworthy” data that makes “thin files” thick.
“[Millennials’] consuming behavior is altering the types of data that credit bureaus traditionally had much earlier in your life — they’re not getting [it] until they’re 35–40 years old,” Johnny Ayers, cofounder and SVP of business development at Socure, told Karen Webster, referencing the fact that buying cars and houses and making other major purchases are deferred by a decade or even more for many millennials.
That, Ayers said, also makes reliance on traditional identifiable data, such as dates of birth, Social Security numbers (SSNs) and even addresses, not as useful for identifying millennials.
Sure, he said, a person’s date of birth and SSN are dependable sources of identifiable data, but due to major data breaches, they are not only highly compromised but may not be as useful to identify millennials who have not used them consistently in building up their credit histories.
For example, Ayers said, it’s possible that a millennial’s phone number and email address, both pieces of data that people typically hang onto for many years, could be as important as anything else to identify and verify consumers who may not have a rich credit history but who are presenting themselves to be “authenticated” for a purchase.
“Is the phone number the future SSN?” Ayers asked.
The New Age Of Data Attributes
Data elements, Ayers said, such as a Gmail account someone has had for over 10 years or the same phone number they’ve had since adolescence, are central to that person’s identity — and much more reliable than anything else that a person can present as proof of identity.
But, Webster questioned, can a longstanding phone number really play the same verification role as an SSN? People give out their mobile numbers right and left, so everyone knows it. Not the case with an SSN or even date of birth — two closely guarded pieces of information that are not readily known. So, she asked, isn’t relying on mobile phone numbers as identifiers pretty risky?
“This is the conundrum,” Ayers admitted. “If I can, as a fraudster, go buy a consumer’s SSN online fairly easily or purchase hundreds of thousands of them, is that any different than looking at a phone book for a phone number?”
Clearly, Ayers said, it’s a difficult problem to assess in these world of ever-expanding digital channels — if using a name, address, date of birth and SSN still makes sense in verification.
Ayers explained that newer data attributes, such as phone number, email and social networking information, can serve as pieces to a bigger verification puzzle.
For example, a device could be a piece of the puzzle, assuming that said device is tied to a person’s phone number, email or address.
“Looking at any one of these individually isn’t necessarily me saying, ‘I am who I say I am,’” he explained.
But gathering and utilizing data from all of these different data sources to build the right kind of decisioning models can be the next step to more accurately verifying identity.
“There’s an evolution that’s taking place here with the types of data that people are using to make decisions and to service this $30 trillion in wealth transfer that’s occurring with millennials,” Ayers stated. “We’re seeing FinTech banks and eCommerce sites rethinking the tools and types of data that they’re using to make better risk decisions.”
The $30 trillion refers to the transfer of wealth from baby boomer parents when they die to millennial offspring — provided they don’t spend it all first.
Ayers’ point is that, if the information is empirical, can be proven, backed by data and then verified across more elements, then it should be used to paint a more real picture of who that consumer is.
Outsmarting The Fraud
Ayers said that fraud will continue to evolve as cybercrooks continue to perfect their craft to stay one step ahead of the tools that the ecosystem creates to keep them at bay.
Even with new data attributes being used, there’s an assumption that fraudsters will quickly catch on and create new tools that can age email addresses 20 years.
But would they pay cell phone bills that are personally in their name for 20 years just for the sake of spoofing an identity? Ayers’ guess is probably not.
Aging social media accounts in a normal and natural way is also an unlikely avenue since it’s very obvious when connections and networks have developed over a person’s lifetime versus the last two weeks.
Everyday actions across digital channels — such as the frequency of posting Instagram pics, tagging friends in Facebook posts, being tweeted by those same friends, logging in from an IP address, not coming from new devices — are all things that Ayers said constitute normal, natural behavior that is hard to replicate.
“The goal, whether it’s compliance requirements or fraud risk requirements, is to collectively look at this whole graph and be really valuable and prescriptive about how you look at who this consumer is across their whole identity,” he noted.
Then, machine learning can be applied, trained and fine-tuned toward whatever a company is trying to predict.
“That’s where I think the future is going, to where you have this kind of dynamic decisioning. You want to use models to be as predictive as possible to get as many of the good people through programmatically as possible,” Ayers said.