Fraud Prevention Blog

New Account BSA Identity Theft Prevention Compliance

Posted by Sean Trundy on Mon, Sep 19, 2011 @ 11:22 AM

Scenario:  A financial institution is opening a new branch, and is starting a major local PR blitz for new customer acquisition.  Great incentives are being offered for new account holders, and a large response is anticipated.  How does the bank process a flurry of new applications, yet conduct thorough “trust” identification verifications in a timely manner to prevent identity theft? 

New accounts deskThe process of ID validation and establishing trusted transaction relationships carries even more relevance in an era of post-9/11 bank compliance regulations. 

While customers must tolerate the ID verification process, most have scant patience when it comes to turn-around, and being able to access and utilize their new accounts.  In the scenario described above, the potential for landing the account decreases proportionately to the perceived level of invasiveness, and the time required validating identification documents. 

ID verification is more than just a bank compliance issue with existing bank compliance regulations, though.  Accurately performed ID screening is a “must have” process from a loss prevention perspective. 

Customer Satisfaction –vs- Risk Avoidance

So, how does a financial institution juggle the need for maintaining regulatory bank compliance with speed of customer acquisition and service?  It’s a tough balance to strike.   An American Bankers Association report concluded that check and debit card fraud losses reached nearly $2 Billion in 2009.  The Federal Bureau of Investigation reports that upwards of $47 billion in business losses occur annually due to identity theft.  Can these losses be mitigated by a more diligent upfront identification validation process?

Clearly, instances of financial fraud via identify theft have a significant impact on the bottom line of any organization.  The problem is magnified at financial institutions because access to so much money is at stake, and the wide acceptance of electronic transactions only makes that access easier. 

Every financial institution has processes, procedures, and access to technologies to ensure bank compliance regarding ID verification, and to manage risk.  No validation system is 100% bullet proof, though, and despite any claims to the contrary, the strategies that identity thieves utilize to challenge these systems evolve almost as rapidly as the technology.  This leaves targeted financial institutions with the time consuming tasks of both bank compliance and keeping up with the bad guys.

Fraudsters Evolve

The good news: bank compliance regulations have, over the past ten years, made the presentation of fake or forged documentation much more difficult for a fraudster.  Almost every class of government issued ID (driver’s licenses, passports, birth certificates, etc.) has been upgraded in terms of style, presentation, and inherent security embeds.

The bad news: with the relatively easy access to and availability of personal information online, it’s increasingly easy for identity thieves to mine personal information, and apply for real documents in an unsuspecting person’s name.  Plus, with each advance in document security, a well-financed criminal organization can actually reproduce fraudulent documents that can pass a casual – and even electronic - sniff test for legitimacy.

Sophistication in forging identities and/or documents requires increasingly complex administrative and technology solutions for flagging false credentials.  The earlier in the process of establishing a new customer account that any irregularities can be identified, the better the chance that the financial institution can avoid being victimized by a fraudulent transaction from the new account in the future.

Layering the Identity Verification Process

Fraud prevention and identity verification is a multi-layered bank compliance process that starts the moment a potential customer walks through the door of a financial institution, whether that door is store-front or virtual.  In many instances, the layers of bank compliance authentication are proportional to the level of financial risk involved with the transaction types available to a specific account.  For example, a high value account transaction will typically have increasing layers of validation in order to complete the transaction, as opposed to a standard checking account.

Many banks and other financial institutions provide the convenience of online account enrollment.  In these cases, identity information such as driver’s license and social security numbers must be presented that can be validated for bank compliance purposes through online databases and credit reporting agencies.  Information match algorithms can then be utilized to assure bank compliance, and with some level of confidence, that the person establishing the account is legitimate.  Access to deposited funds and the conduct of transactions is then typically limited until full identity verification is complete (perhaps a day or two, or even more if exceptions are flagged in the verification process).

In-person authentication of a potential customer’s identification documents can pose challenges as well.  There are many variations of standard government issued IDs that are acceptable from a bank compliance standpoint.  So, an adequate authentication process must allow for quick, technology-enabled verification, yet provide prompt escalation of exception resolution and adjudication for bank compliance purposes. 

To summarize, the identity verification process may include:

  • Front office administrative procedures for account establishment
  • Technology assisted verification of credentials presented
  • Data retention / imaging of credentials
  • Third party verification
  • Production of institution-specific credentials (biometric records, swipe cards, etc.) for high worth accounts

Technology Enablers

The in-person bank compliance identity verification process doesn’t have to be an arduous, costly, or time consuming process in order to establish an account for the vast majority of new banking customers.  For bank compliance purposes, every customer establishing a new account must be able to provide government issued documents that attest to the customer’s identity.  The reasons for this requirement are easily understood by nearly anyone applying for a new account.

Technology solutions such as L-1 Identity Solutions B5000 Document Authenticator can be an integral, and cost effective, piece of an in-person document verification process.  The presented document(s) is scanned, and physical attributes of the document are assessed to determine the validity of the document.  Data is collected from the document, and entered into appropriate databases, which ensures accuracy of the data, eliminating the need for manual entry of the data, and satisfying bank compliance regulations.  This data can then be cross-checked through constantly updated and centralized databases to ensure data consistency.

A high resolution image of the document is retained to satisfy bank compliance retention requirements. This additionally eliminates the need for photocopying of the document and retaining a hard file copy of the document.  

Verification of the scan results are returned to the processor in a matter of seconds.  If an exception is flagged, administrative procedures would require escalation and resolution of the exception in order to satisfy bank compliance regulations prior to activation of the account.

So how to precent identity theft? The bottom line is that this type of technology can play a key role in assuring any financial institution that a person applying for an account is who they say they are, significantly reduce the risk of fraud, and provide a very cost effective means of quickly verifying identity.

Topics: identity theft, regulatory compliance, red flag rules, verification of ID, anti-money laundering, bank secrecy act, authenticating driver's licenses, counterfeit ID, fraud prevention

Discussions