We have taken the last several weeks to focus on the problems caused by identity fraud -- and some available solutions to the problem. On May 17th we ran a very informative webinar for our clients that gave background information about identity fraud, discussed how current ID verification practices have contributed to its rise, and proposed a new way forward -- a new paradigm that we believe will much more effectively prevent ID fraud and put vendors and financial institutions in better control, as well as in fuller compliance with the law.
In our last couple of blog posts we have expanded on several key ideas of the webinar, giving a fuller treatment of items we had to omit from the webinar in the interests of time. This is the last post in the series; if you would like to read the past two -- we have organized them in the same order as the webinar -- you can find part one, about recent ID fraud numbers here, and part two, about the inadequacies in current identity verification methods here.
Having discussed the reasons for identity fraud’s pernicious growth despite efforts of the government and regulators, we have come to the most important part: what to do now. If the old methods of ID verification are not working, what new techniques can be implemented that DO work? Fraud Fighter has striven to answer this question: spending the past decade championing a new identity document verification approach centering on a thorough examination of the ID document.
Here is how our preferred approach works in practical situations: once a customer conducts a transaction that requires an identity inspection (e.g. - new account application, wire transfer, alcohol purchase, etc.), their ID can be either “verified” or “authenticated”. “Verification”, in this sense, means conducting a test that verifies one or two expected security features are present on the ID document. “Authentication” implies a much higher standard of confidence in the capacity of the method to definitively determine whether the document in question is genuine or fake. Authentication, as we consider it, actually involves capturing images of the ID document, and reading the data from the document for comparison and validation purposes. Thus, we talk about “ID capture and authentication” solutions, as opposed to simple authentication as a stand-alone process.
Under an ID image capture and authentication process, the customer’s personal data is stored in encrypted format, thus avoiding FTC privacy issues, and making archived records of the ID available for compliance purposes. The personal information from the ID document can be readily converted to XML format and submitted to third-party databases for online verification (OLV) and comparison to industry “known offender” lists as well as various government lists run by police and FBI, the Department of Homeland Security, the Office of Foreign Asset Control, the Financial Crimes Enforcement Network, and the ever-growing No-Fly list. The scanning process also saves enormous time by preventing the need to type and re-type all of this data into the necessary databases.
Starting the ID-verification process by checking the ID document avoids many of the pitfalls associated with the current practice, which fraudsters have been able to exploit for their gains. A skilled identity thief may be able to gather enough personal data about his victim to fool almost any database or background check. However they simply do not have the means to create an ID document with the proper combination of security features and printing techniques such as infrared, ultraviolet, holographic and sealed marks to fool a counterfeit detector.
Of course a tangled problem like identity fraud does not lend itself well to a one-size-fits-all solution, which is why Fraud Fighter™ has developed a “layered” approach to fraud prevention. Just as airports set up layered physical security with metal detectors, luggage scans and gate checks, Fraud Fighter’s clients set up layered fraud security with ultraviolet counterfeit detectors at the point of sale where ID’s should be verified prior to a transaction, and document image scanners where customer identities need to be recorded. For institutions in higher-fraud areas (both geographically and industrially), image capture and authentication devices provide the means to achieve greater security.
The latter two options, in fact, add additional layers of security by going beyond just a single physical feature detection (e.g. ultraviolet features) and look at additional components of IDs, such as infra-red printing, magnetic character recognition, optical character reading, smart chip, RFID , barcode and magnetic strip data reading, and, evidence of tampering. Better still, they work automatically on all sorts of documents -- state IDs and driver’s licenses from all 50 states, the myriad of special government agency-issued IDs, passports and databases are available for international IDs. All of this is done with computerized accuracy, eliminating the potential of human error in matching security features to ID type.
All this still represents just the tip of the iceberg in terms of the potential of such systems. With the right guidance, they can greatly supplement and enhance your current security measures, improving not only your defenses against potential fraud but your overall customer service. Most of the second half of the webinar provides just such guidance, addressing some hypothetical set-ups and their various advantages - worth watching for every enterprise security professional, CIO or anyone looking to go beyond mere ID verification.