Identity Proofing’s Break With Tradition

Skate to where the payments fraud puck is going – not where it’s been. We’re mixing metaphors here, but the tried and true traditional methods of battling the bad guys need refreshing. David Barnhardt, EVP of product at GIACT explains why it’s long past time to break with identity proofing’s traditional roots.

Tradition is great when it comes to birthdays, weddings and Thanksgiving feasts. The tried and true often evokes simultaneous feelings of nostalgia and anticipation.

It is less stellar when it comes to identity proofing, though, because what is “tried and true” when financial institutions (FIs) try to make sure someone is who he says he is no longer passes muster.

Put another way, and to paraphrase a hockey great: When it comes to identity verification and the technology that comes with it, FIs need to skate where the technology is headed, not where it has been.

In a recent discussion with PYMNTS’ Karen Webster, David Barnhardt, executive vice president of product at service payment and verification solutions provider GIACT, noted such preemptive and proactive mindsets are necessary where customers apply for accounts or transact digitally.

With no face to match to the name and no data beyond the traditional Social Security numbers, dates of birth and passwords, is it any wonder that account security is a tough battle to fight — especially against foes who have leveraged data breaches into literal gold mines?

“You are in the technology business, and you, more than anybody else, should understand that evolution is constant,” Barnhardt said. If that mindset is not embraced, he warned, “you really become a dinosaur very quickly.”

As channels and payment methods change, what was once anathema to customers then becomes adopted. Take, for example, the advent of thumbprint technology a decade ago and the smart devices using such biometrics that were originally deemed untrustworthy by consumers. Those early adopters of technology died pretty quickly. Fast forward to today, though, and people cannot wait to get their hands on biometrics-protected iPhones.

“Technology is a paving mechanism,” Barnhardt said. “It makes us comfortable with new ways of authentication and new ways of verification.”

Data matters in verification, but using the right data matters even more. According to Barnhardt, social media may hold value for applications in which machine learning and artificial intelligence (AI) hold sway. With all the breaches making innumerable headlines, consumers are going to be less inclined to give out their personal information. As such, the questions for GIACT become, “Where do we need to be, where do we need to be planning and what is the next horse to come out of the barn” that will force another technology shift?

At the same time, it is important to recognize that new norms across technology (such as cell phones) and data (with social media as a data mine) can work in tandem as FIs seek more robust authentication efforts in online banking.

The most valuable data, according to Barnhardt, is data that can be seen as assets — the nontraditional items that are not widely available, known only to the individual and perhaps not included in a typical verification effort.

For firms such as GIACT — firms seeking to help other companies reduce payment fraud — other tells can come from the ways people relate to technology. For example, how long has someone been associated with his or her phone number or even email accounts?

Barnhardt noted that an individual enrolling in insurance in the U.K. must take a picture of him or herself via tablet, mobile device or PC, and also upload an image of his or her ID card, allowing the insurance firm to match both images. In that country, then, facial recognition represents a new normal.

Webster asked if facial recognition or biometrics are indeed “ready for primetime,” speculating whether biometrics on its own, such as the thumbprint, is a robust enough conduit for initiating a transaction.

The technology is good for unlocking the phone, Barnhardt said, but is not, in fact, ready for monetary transactions or for signing up for a new service online.

This is the point of enrollment where the rubber meets the proverbial road, and where the bank or financial institution can be confident that a person being onboarded is the real thing. The duo agreed, it is a jumping off point from which a fraudster can be caught and weeded out at the very start of a transaction — before any damage can be done.

Barnhardt and the banks with which GIACT speaks value flexibility beyond single-point solutions, and have learned that friction can be an ally in the anti-fraud fight. Knowledge-based authentication (KBA) protocols can be stepped up in the authentication process with ever-more personalized questions.

In fact, he said, the mantra should be to “be unpredictable…[because] if a fraudster knows a speed bump is coming, [he] can get ready for it.”