Identity authentication is rapidly becoming an issue of great concern to the banking and other financial service industries. In 2012, more than 12 million Americans had their identities stolen. 2013 was on pace to break this record number when revelations from several prominent retailers detailing the theft of nearly 75 million account records changed things. Preliminary estimates are that nearly 90 million Americans were compromised in 2013.
The ID theft problem has grown exponentially, not only because of the scale of the hacking operations and the number of records stolen each year, but also because of the growing sophistication of organized crime rings, and cooperation among different groups.
For a bank customer, it is bad enough if their name, address and account information is stolen. However, innovation among hacking communities means that data stolen from different, varied sources can now be compiled in one place. “Dark Markets” have arisen where hackers can sell the bulk-data they have stolen. This data is then cross-referenced to other stolen databases and hacked information until a complete file on an individual can be built and sold to prospective identity thieves. In many cases, these marketplaces are able to find diverse data, such as Pin Number, social security number, mother’s maiden name and other passwords, account numbers, historical public records data, and more.
These same marketplaces have broadened their offerings to include forged document services,
allowing the end-user thief to source social security cards, birth certificates, driver licenses and other credentials from professional forgery operations that have honed their skills and are able to produce highly realistic-looking counterfeits.
How can a bank, credit union, finance department or check-cashing service defend themselves against this onslaught of technologically advanced identity thieves?
At FraudFighter, we believe the answer lies in authenticating the credentials presented at the time a transaction occurs. Specifically, the ID document presented by the customer as proof of who they are. Many transactions in the financial services industry are subject to strict regulations requiring the institution to “know your customers”. Nothing could make greater sense. The institution must ensure that they know to whom they are, for example, giving a loan, opening a deposit account for, assisting to wire funds overseas, or selling cashier’s checks or money orders.
The regulations are designed to make money laundering and the illegal movement of funds more difficult. However, these same regulations can have the effect of securing the financial institution and its customers against identity theft. That’s because when the institution “knows its customers”, then they will not allow identity thieves to transact within their customer’s accounts.
FraudFighter’s line of “ID Authentication and Data Capture” devices enables just this exact functionality. When a customer presents an ID, the AssureID software conducts a high-confidence authentication of the document, utilizing a database of known document templates. A fully configurable interface allows the software to simply return a “Pass/Fail” grade, or to provide the user with details of what problems the document may be exhibiting.
A fully customizable software development kit allows a range of expanded functionality. For example, data captured from the ID document off the bar-code, magnetic strip, RFID chip or other storage medium can be made available for export to other applications. Thus, the ability to auto-fill new loan applications, new account forms, wire transfer requests or other forms can be made possible.
Ultimately, the value in conducting ID authentication and data capture lies in the detection of fraudulent ID documents at the point of transaction. The ability to archive the results of the scan makes follow-on investigations of fraudulent events conducted by persons using their genuine ID document possible, since the data, including images of the ID document and the individual’s picture on the ID can be retrieved and provided to internal investigators and/or law enforcement personnel. Finally, time reductions and elimination of data entry errors can be achieved if the user chooses to enable synching of customer data from the ID document to the institutions data entry forms.