Security & Fraud

The Layered Approach To Consumer Authentication


This particularly dynamic area of financial services, FinTech and payments is transforming how everyone across the greater financial ecosystem thinks and acts when it comes to security, fraud and protecting identities.

And at the crossroads of the authentication conversations are the challenges financial institutions face when addressing consumer authentication and how to implement the best practices in order to provide merchants and FIs with sufficient protection against potential fraud.

What executives in those particular sectors are discovering is that traditional methods of consumer authentication aren't quite pulling the weight that they once did. In fact, the average loss of a single fraudulent “new” online bank account in the U.S. is approaching a couple thousand dollars, and each incident of eCommerce fraud is costing merchants several hundred dollars.

That's why the smartest organizations are taking a layered approach to consumer decisioning, by separating identity verification from credit determination. And they're doing so by using authentication processing that relies on the rapidly growing available spectrum of big data: AKA the “digital fingerprint” of a consumer. This data blends together trusted online and social media intelligence with conventional offline data for hyper-informed decisions, in a way that doesn't cut corners on the best security practices.

Challenges Of Consumer Authentication

Karen Webster recently caught up with Ken Allen, SVP of Operations at Socure, to get into the nitty-gritty of authentication — a topic, Webster pointed out, that has become a critically important conversation in the ecosystem today.

Authentication depends upon access to data, usage of data and acting on that data in real time. But when it comes to embracing the concept of "big data" in a very big way, Webster asks: How are FIs using data tactically to improve the dynamics with their customer?

"In a nutshell, FIs are making better decisions because they have more data. That's one facet of it," Allen explained. "But they are making the customer interactions better."

For example, when providing customers with more details about the financial transactions, FIs are now giving the details necessary to understand their own data and make better decisions as a result of the data that is now available for the FIs to provide. For example, Allen pointed to bank statements are one specific example.

"Not only are they making the experience with the consumer better. They are actually enabling that type of data layer that they didn't used to have underneath all the decisions behind the scenes that most the consumers don't even see," he said.

Which, in the end, is all about improving the customer relationship, but also opening up access to data in a way that makes customer service and products better for both sides of the equation. Historically, Allen said, it was about getting people through the door. Now, in the digital era, it's all about using data to keep those customers engaged and informed.

"Those data boundaries are starting to shift, because that same type of data can actually be used from the time you spent opening an account through making the transaction smoother and easier and not stopping you along the way," Allen explained. "It really is a customer experience benefit, yet with a tighter control to make sure you are doing business with the right consumer. Because all financial institutions are risk-governed organizations, so they are doing risk-governed decisions."

The Evolution Of Authentication

Today, making risk-governed decisions is becoming a much more popular trend, of course, as concepts like machine learning make that data more actionable. Nowadays, machines are given the intelligence to actually drive decisions without human interaction, Webster points out, asking Allen about what trends he is seeing in regards to how FIs are applying this tech to their everyday customer interactions.

To start, the new technology in the market has made it easier to put new data in to see where new connections exist. This fundamental shift, Allen says, is coming with pin points, which is more about data science and less about the old modeling and stats. It's now turned into a combo of programming and stats to maximize that data's impact.

"As the infrastructure of financial organizations change, there's a couple of key components when you start using machine learning versus more relational databases from what it used to be," Allen said. "With machine learning you can actually infer and actually allow it to determine some of those relations and pockets of connections, even if you haven't defined it."

One problem that often comes with all that "big data" is the fact that there are so many pockets of data, particularly in the retail sector. And oftentimes, those data silos are collected into their own individual silos. This same problem, however, seems to translate the same within the banking infrastructure ecosystem.

The problem?

"Connecting that data doesn't mean the decisions are being made holistically," Allen explains. "Different distinct businesses have different risk-governance. Not everything is blending together, but the true consumer experience is crossing boundaries. ... The risk-governed organizations haven't allowed those silos to completely break down. I don't know that regulators will either, but it's trending that way."

And while there's a lot moving "under the hood," as Webster puts it, to ensuring infrastructures are being connected in the right way, there’s also plenty being upgraded across all dimensions, which is where data management and streamlining access to that data can sometimes get complicated.

Which, traditionally, isn't cheap either. But the cloud is making it more accessible, Allen said.

"It's much easier to ingest new APIs that allow you to plug in new data sources and see the value much faster than it used to be having some of the secure tunnels. A big effort is in the info-sect side to be able to get the infrastructure or the environment ready to be able to be usable downstream," he noted.

And while the cloud hurdles that issue, there's still one major problem FIs and regulators worry about: breach risks and data risks of having information stored in the cloud versus their own environment.

"Every entry point into a data set is a risk. I think you've got to come down to how comfortable the diligence in process you're going through," Allen said, pointing out one major factor in the authentication equation.

"Culturally it's hard to change to FIs," he said. "It's a continued fear as breaches occur everyday."

But what is changing that culture, he noted, is more and more individuals — and companies — thinking outside the box. This is a change, he says, that's happening from the top down and it's changing the way everyone in financial services thinks about how they can innovate and keep up with the latest trends, particularly when it comes to consumer authentication.

Which comes back to how data is being managed.

Managing Big Data

As Webster noted in their conversation, data needs to be consistent across all channels or divisions of an organization, because no organization wants to have to authenticate a consumer each and every time they come into the organization — regardless of the channel or product line they are using to access the banks.

"One of the main concerns is customer conversion. Any process you have to stop to do some form of verification, it's problematic. You lose good guys and you catch some of the bad. The active verification has its challenges," Allen said.

But better data and access to that data is easing those challenges.

"Technology is making it easier to do a transaction. I think we've all experienced that. The data environment — the ability to enhance data —  is enabling you to prove better the real people you want to continue into that flow, and continue to make that process seamless," Allen said. "It's focusing more toward enabling more good guys to get through almost more than it is catching the bad guys because you want the revenue side of things that will allow you to take some of the acceptable risk."

Determining the right risk tolerance is also key when talking authentication, which opens up an entirely new set of challenges.

And those are challenges that won't go away anytime soon, which is why FIs and merchants must determine how to make the best decision with the information (data) you have. More data is better, he says, but more can often be an overload. That's why managing that data, and solving for the consumer authentication equation, really matters. Which is something that's at the heart of what Socure does.

"You have to have the right pieces put together that solve your challenges. Individual institutions and banks always know there is never going to be a black and white decision on every transaction — it's a shade of grey."

As are most things in the payments ecosystem.


On Tuesday, June 7, at 1 p.m. EST, Karen Webster will be joined by Ken Allen, SVP of Operations at Socure, to discuss the best practices for institutions that are facing the challenges of consumer authentication.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment