Identity fraud is rampant. Just perform a Google search on the term and the evidence to support this statement is clearly visible. You will find dozens of news stories every day. Government websites from all over the globe warning its citizens of the dangers of having their identities stolen. Paid advertisements from companies offering the latest solutions. Wikipedia sites, and more.
In the United States, alone, more than 1,100 different valid forms of ID may be presented as proof of identity. Considering 50 different states, each with multiple designs and types of ID’s, as well as military, police, merchant marine, resident alien, and other forms of ID’s issued by the various government entities.The uncoordinated structure of U.S. citizen credentialing is the most chaotic system on the planet.
It is also a very complex issue that can easily confuse a business manager wondering what he should do to protect his company from losses.
There is a lot of chatter on the topic, but for the most part, the methods for detecting a potential fraudulent use of an individual’s identity in your business can be classified into two categories.
Using Big-Data to Detect Anomalous Behavior
Several companies sell solutions that are designed to utilize “big data”. This is a fancy term – and very trendy right now - but what does it actually mean? Essentially, through the collection of a massive quantity of data points, behavior patterns can be collected and used to extrapolate behavior. When your identity is used, for example, to apply for a consumer loan at a jewelry store, these solutions would determine whether or not such behavior appears to be within the parameters of your historical behavior.
Other factors are considered as well. Where is the transaction occurring? If it is away from your usual radius of activity, are there other signs to indicate that you have travelled to the area? Did you buy plane tickets, or book a hotel? Additional factors might be considered. Were you recently married? Did you buy a home? etc. Operators of these databases pay other data companies for transactional and other data to enable the analysis of many disparate points of data. This huge set of data points can be considered and evaluated in a split second to reach probability grades for every transaction.
These solutions are still relatively early in their lifecycles, and in many ways are only at the fledgling stage of what they may eventually become. Also, they are not cheap. Clients utilizing these services must pay for authentications on a per-transaction basis. Depending on what type of services your specific business use-case may require, these can cost up to several dollars per transaction. Maybe not too expensive if you are underwriting a million dollar mortgage and conduct fewer than a thousand transactions per month. But if your average transaction is only a few hundred dollars, and you typically conduct tens of thousands, or even hundreds of thousands of such transactions monthly, then the costs of “big data” can be prohibitive.
Authenticating Identity Documents at the Time of Transaction
A second strategy for verification of identity is to authenticate a person’s credentials at the time that they transact with you. If a client wishes to conduct a transaction that is dependant upon that person actually being who they say they are, then credentialing the client is a reasonable business case.
Examples of this type of transaction would include:
- Opening a new credit account
- Accessing an existing credit account
- Opening a bank account
- Wiring funds
- Cashing a check
- Using a credit card
- Presenting more than $10,000 cash ( a “covered transaction” under the Bank Secrecy Act)
- Claiming medical benefits
And more. The list of transactions that may require authentication are numerous, and vary greatly by industry.
When it comes to actually conducting the ID Document Authentication, there are a few solutions available. Because Identity Issuing Agencies, such as national and regional governments, have in many cases made great effort to secure their ID documents, it is possible to make use of their efforts by using the built-in authentication designs to your benefit.
Authenticating Identity Documents using Ultraviolet Light
At the low-technology end of the spectrum, it is possible to utilize tools that enhance the built-in security features and enable a human operator to make a determination of authenticity. One class of such devices involves the use of long wave ultraviolet (UV) light to view the document. Security printing on a vast majority of government issued ID documents includes the use of specialty inks that will fluoresce (glow) under the proper wavelength of UV light and give a clear and easy-to-see test result.
FraudFighter has provided just this type of UV Detector for more than 15 years. Banking clients such as Wells Fargo, JP Morgan-Chase, Bank of America and Citizens Bank have found them to be a useful front-line defense against fake-ID fraud. So has the TSA, the US State Department and a large and growing number of retailers, such as Macy’s, Kohl’s, CVS, and more.
Of course, this type of detection is not fool-proof. Although not easy, it is not beyond the scope of quality fake-ID manufacturers to include a fluorescent UV security feature in their fake ID products. For this reason, we recommend UV detection as a frontline “firewall” type defense – not intended to be a catchall for all fraud attacks, but certainly effective at weeding out the basic ID counterfeiter.
Forensic ID Authentication
As the name suggests, forensic examination of documents involves a deeper, more scientific review of the document. In the past, this type of examination may have been conducted by a document specialist at border control locations. Picture someone with a magnifying glass, several different sources of light (including UV) and perhaps even a chemical set designed to test paper substrates. This type of review required the skills of a professional document specialist, and was not really an option for the typical commercial operation.
Now, however, these skills have been digitized and automated. In fact, much of the security added to government-issued ID documents is not intended for a human being to read and recognize. Magnetic printing, barcodes, RFID chips, digital watermarks, microprinting, guilloche printing and other techniques are designed for software to be able to properly decode and evaluate. Forensic devices, then, are designed to look for and evaluate these types of features.
The process requires two-steps. First, the images and data from the ID document must be captured. This typically requires a specialized piece of hardware. Several examples of this type of hardware can be found here. The second step is the parsing and analysis of the data and images. Our software of choice for this is RevealID, a library database that contains detailed information on thousands of documents used around the globe, including national ID cards, driver licenses and passports. This software compares dozens of physical attributes of the ID document to its on-board library and grades the document.
MobilVerify Smart Device Application
Entering Beta testing this month is the new MobilVerify ID authentication application for smart phones and tablets. This new product puts the power of forensic document examination into the hands of any employee with a smart device available. The MobilVerify app is driven by the MorphoTrust Document Library and Comparator™ platform. Utilizing both barcode scanning and deep-pattern matching of the image of the license to the extensive MorphoTrust database, a real time authentication can be obtained using only the video camera function of a device. Custom applications can be designed for any organization, and industry-spcific “out of the box” applications are being developed.
Which One is Best?
The best solution must be determined by your needs. How often must you authenticate identities? What is the potential risk (loss) if you fail to detect the fake ID? Is it hundreds of dollars? Thousands? More? How technologically complex is your operation? Is it possible to add a layer of database analytics to your organization’s IT architecture? Do you have a Windows workstation at each location where ID checking is needed? Do you have a desire to store encrypted records of your authentications? Would you like to “sync” data from ID documents into standard business forms, such as credit applications or new account forms?
On and on. Identifying the best solution means matching the features, costs and capabilities to the needs and budget of each unique client.
If you have questions, we’d be happy to speak to you.