Since the pandemic upended the way consumers do, well, everything, some of them are conducting transactions online for the first time, and the rest are expanding their digital activity significantly, whether that means opening bank accounts or conducting other kinds of high-value transactions. In the current digital landscape, efficient transacting and identity are inseparable. Knowing who’s on either end of the transaction is the key to a secure, trustworthy online commerce ecosystem.
Individuals are increasingly at risk of identity fraud. According to Carey O’Connor Kolaja, CEO of global identity verification firm AU10TIX, fraudsters are collecting the bits of “digital dust” that consumers leave behind with every point and click of a mouse – and are cobbling together identities used to ply their dark trade. And along the way, and perhaps predictably, we’ve seen a massive tailwind for ID fraud, said O’Connor Kolaja.
“Not just for synthetic fraud, but for all types of identity fraud,” she told PYMNTS CEO Karen Webster. “Consumers are authenticating themselves every day, as they access financial and governmental services, or apply for jobs, or perhaps even do their jobs.” Since COVID-19 emerged, she said, there’s been a 300 percent increase in fraud compared to levels seen before the pandemic. Many individuals are increasingly concerned about how their personal information is being used – in fact, they’re more concerned about cyberattacks than physical terrorist attacks, noted O’Connor Kolaja.
That information-sharing is unavoidable, even against a backdrop where one in 10 adults has been victimized by identity theft. Drilling down a bit, one subset of fraud that has been gaining traction is synthetic fraud. No matter the type of attack that’s underway, O’Connor Kolaja said it’s become apparent, now more than ever, that “identity literacy” must be fostered among businesses and consumers. “There needs to be education for consumers, for businesses, for nonprofits and for governments – all types of public and private institutions – about what it means when you share a little piece of information about yourself,” she said. “We have to build a consortium. We have to build a group that can fight fraud together.”
O’Connor Kolaja pointed to AU10TIX’s own INSTINCT platform, which detects criminal attempts to craft multiple accounts using fraudulent ID credentials, as an example of that collaborative approach. “We already have tens of millions of transactions over just the past few months,” she said, adding that “some of the insights that we’re able to glean are a bit staggering. In a single day, we might find a ‘template’ to take real and fake information and combine it, and then create ‘mutants’ or clones of that information to try and penetrate systems and services anywhere from five to 5,000 times.”
‘Digital Dust’
Identity verification is about the small bits of information that individuals and entities leave across the web every time there is an online interaction. It’s an unavoidable fact of life lived digitally. As O’Connor Kolaja explained, the fraudsters collect those bits of “dust” and assemble the bits until they’re able to construct an online identity that purports to be someone else. The battle against the resourcefulness of online fraudsters in our increasingly mobile world has been waged through what O’Connor Kolaja termed “cross-device verification mechanisms.”
“We’re moving – because we have to – beyond password verification and one-time PINs, and toward omnichannel efforts for authentication of online identities,” O’Connor Kolaja said. “Picture, then, the individual who wants to move cryptos, sending the digital currencies in a transaction initiated on a laptop to a digital wallet housed on a mobile device. Verification would take place on both devices.”
To get there, and to get the omnichannel defenses into place, there’s a constant balance of compliance and risk management within the consumer experience itself (and the friction inherent in that experience). As the connected economy takes shape with wearables and the Internet of Things (IoT), verification is no static event. In the past, a one-time event such as opening up a bank account online might have been marked by labor-intensive and time-consuming processes.
“You had to provide a lot of information in order to open up a bank account or book a vacation,” O’Connor Kolaja said. “But now, we’re seeing broad adoption of ‘progressive identity verification,’ which is an approach for capturing only the information that is required, at that instance, in order to complete a transaction or gain access to a service.” She noted that larger transactions would typically require higher levels of authentication (and, perhaps, useful friction that makes sure individuals/entities want to proceed). It’s a form of continuous authentication at all points of contact across devices – from booking a trip online to picking up the rental car key to checking into the hotel.
“Verification is no longer just bound to one device,” said O’Connor Kolaja. “It is ubiquitous.”
Education, Step By Step
The battle against fraudsters is eternal, and the bad guys go toward the path of least resistance in getting the data that is used in synthetic ID fraud. That means targeting industries other than financial services, said O’Connor Kolaja – where, for example, distance learning might yield recordings or other data related to youngsters that can, in turn, be used for ID fraud.
“You may ask, ‘why would any fraudster want to actually penetrate or take advantage of or defraud a middle school?’ Well, because they have access to personally identifiable information,” explained O’Connor Kolaja.
The consortium approach can help consumers feel more confident about sharing data and exercising control over that data. And companies across all verticals can learn how to shepherd that data responsibly and introduce the right amount of friction into the mix. “We’re moving into a world [of ID verification] where people recognize that there can’t be just an answer of ‘one,’” said O’Connor Kolaja. “It has to be an answer of ‘many.’”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More