Why and How Should I Verify Identity Documents?

Loss prevention is a many-faceted practice these days.  Gone are the times when cameras on the warehouse doors, stringent counts of the cash-register, and steps to secure assets from shoplifting were the main focus of the professionals charged with protecting their company’s profits from shrinking due to fraud and theft.

Today, the L.P. department must be as focused on data security, insurance fraud and counterfeiting as they are on preventing armed robberies, employee theft and shoplifting.

Why, then, do we at FraudFighter focus so much on the task of authenticating ID documents? Well, to be perfectly frank, we focus on the solutions that we offer. This is because it’s what we know, and also happens to be what we are most passionate about. It is no mistake that we offer the products that we do.  With over 15 years of expeirence, and nearly 800,000 units sold into Fortune 500 clients such as Bank of America, Wells Fargo, Citizens Bank, Macys, Kohls, Sears and T-Mobile, we think our thoughts on the subject have been validated. 

The truth is, the simple step of conducting ID document authentication provides a host of very clear – and very important – benefits to any organization that must conduct public-facing transactions with people they don’t really know by sight.

That pretty much means everybody.  Restaurants, retail stores, banks, hotels, casinos, liquor stores, bars, nightclubs…. The list could go on and on.  Essentially, almost all organizations, at one time or another, are put in a position where they must accept an ID document as proof that the person presenting in front of them is who they say they are.

Think ID Theft is a problem?  Just wait `till next year!

It’s a terrifying world out there for those of us “on the inside” who get to talk with law enforcement, private sector and other professionals in the identity protection business on a daily basis. This problem is, as I write, blowing up tremendously.  The number of news stories featuring search-phrases like “identity theft” or “identity data” and esoteric terms like “synthetic identities” and “Identity fulls” has grown exponentially just in the last 12 months.   

There is an old bit of common wisdom that says once the main-stream media starts reporting an issue, then that issue has already become widespread and ubiquitous.  And so it is with Identity Theft.  By the time 60 Minutes ran their in-depth piece on the dangers posed by the data hacks that seem to be occurring on a weekly basis these days, the data on those tens of millions of U.S. citizens victimized in the hacks featured in the story had already been collated, data-crunched, packaged, sold and distributed to organized crime rings around the world.

And the fact is – it is only going to get MUCH, MUCH WORSE before it gets better. (Sorry for yelling there.)  It’s going to be worse because the volume of data being stolen is increasing at shocking rates, and the sophistication of the dark markets dealing in the bulk sales of the data have grown equally fast.

But this doesn’t answer the question posed above.  Why should I, as a business manager, loss prevention manager or other person responsible for the health and well-being of my organization be making the effort to validate identities of people that we do business with?

A Short List of How Identity Thieves Might victimize your Organization

In the most simple of statements, identity thieves will seek access to something that does not belong to them.  How this is defined or achieved in your organization will vary according to what type of organization you are, and how you conduct transactions.

Government Agency ID Fraud

The various government agencies in the U.S., combined, are the largest de facto transacting entity in the world.  The federal government has oversight of the massive revenue-generating Internal Revenue Service, which is prone to fraud as detailed in this article. In fact, tax-return-fraud is one of the most lucrative forms of ID fraud.  But, the Federal government’s exposure does not end there.  The fed also oversees massive social benefit programs, such as Social Security, Medicare and Veteran’s Affairs, which dole out hundreds of billions of dollars of benefits every month to recipients who identify themselves by presenting a government issued ID document.  

At state and local levels, the smaller state and county versions of the Federal programs can be found. Usually, county and city agencies administer the “on the ground” distribution of housing, food and health programs that are typically distributed on the basis of individual identity documents. Individuals presenting false ID documents can lay claim to benefits that do not belong to them.

In addition, record keeping (property records, criminal records, birth records) are accessed using identity documenst.  Thus, certain private records may be acessed and capitalized upon by criminals presenting fake ID's at such locations.  

The state and counties are responsible for credentialing of citizens (i.e. accepting passport applications and issuing driver licenses or replacement birth certificates). Such processes are highly prone to false identification, enabling fraudsters to obtain genuine credentials under the identies of other people.  Such illicitly obtained credentials then form the basis for the creation of a criminal enterprise designed to extract as much value from the stolen identity as possible. 

Retail Store Identity Fraud

Retail stores are driven by several imperatives to conduct ID authentication.  On one side lies the general concept of “compliance”. That is, ensuring that their sales of controlled products comply with state and federal legislation. For example, public-safety and national security legislation direct the sellers of firearms, certain pharmaceutical chemicals, electronic components (such as those potentially used in the nuclear power industry) and a wide range of other items to require the formal registration of the buyer.  This registration can only be effective if the ID documents presented by the buyer are authenticated.

Secondary to this is the sale of “restricted” products, such as liquor, tobacco and pseudo-ephedrine products (e.g. – cough syrup).  In these instances, non-compliance can lead to fines, loss of licenses to sell, and even jail time for the retailer.

The other side of ID authentication for the retailer is in the area of “loss prevention”. These are instances where the retailer can be defrauded by an identity thief and a financial loss is experienced. The opportunities for an ID thief to victimize a retailer are many.  Following is a brief summary:

•          Stolen Credit Card – presented with matching fake ID
•          Buy Online, Pickup In-Store – again fake identity is presented at pickup
•          Paying with a Personal Check – still as much as 20% or more of transactions in some  industries
•          Applying for in-store Credit – A huge and growing area of fraud
•          Merchandise Return Fraud – a $12Billion issue in 2014

Financial Service Identity Fraud

We have written much about the exposure the financial services industry has to identity fraud.  Regardless of what level of the industry an organization may occupy, financial service providers are, by definition, in the identity verification business.  From check-cashers and payday loan companies, to auto finance companies, credit unions and banks, the fundamental truth is this: customers present themselves in your locations and produce ID documents which allow them to access products and services offered by your organization – or, more worrisome – to access the assets held by your organization on behalf of your customers.

As with the retail industry, there are two drivers for the desire to authenticate identities. And, again as with the retail industry, those drivers are a) compliance and; b) loss prevention.  For financial service companies, there are a slew of regulations, laws, legislative orders and other rules that affect their industry.  Compliance can be generally defined as the desire of regulators and law enforcement agencies to create a clear paper-trail of money-movement among individuals and corporations.  The desire stems from the imperative to prevent money-laundering and the attendant criminal activities associated with it.

The desire to avoid costs stemming from fraudulent behavior drives the financial services industry in its loss prevention efforts.  Identity-theft losses will typically be manifested by the attempt of an identity thief to access a victim’s assets. The assets accessed may be an FI customer’s depository accounts, but may also be their credit rating and good-standing with the bank which may allow a thief to apply for and receive credit from the financial institute in their victim’s name.

How to Authenticate Identity Documents

Identity document authentication, then, becomes the centerpiece for loss prevention at the transaction location.  Regardless of whether it is a retail store, a government office, a bank, a casino, a hotel, or any number of other situations, at that moment a transaction occurs, the capacity to authenticate the identity document can both deter and detect potentially fraudulent transactions from occurring.

There are many ways to conduct an ID authentication.  Google the term “identity verification” (or similar), and literally hundreds of solutions will come up.

•          “Public records based” question-answer solutions purport to authenticate an individual based on their ability to answer a series of database questions culled from public records sources. Providers like LexisNexis and Veritad specialize in this area.   
•          Biometric authentication requires that the organization have an enrollment or “onboarding” process designed to capture the customer’s biometric signature in order to be able to conduct future authentications of the individual.  We believe that this is where the future of ID authentication lies, but it is not quite ready for widespread adaptation to the marketplace, yet.  If you want to learn more, click here to download our whitepaper on the topic.
•          Simple verification of ID document.  This can be conducted using a tool, such as an ultraviolet light, in order to validate fundamental security features on the ID document.  Click here to view a video on this topic.
•          Higher-end forensic document scanners that read digital data, capture high-resolution document images, and cross-validate multiple data and design points on the document.  The ID-150 and Penta Scan products are examples of these products.

Not all solutions are appropriate for all situations.  For example, it is not likely that a person applying for a $300 store-credit account would be agreeable to answering numerous questions about their personal histories.  However, the person applying for a $40,000 auto loan might be.  Biometric enrollment is appropriate for financial institutions interested in creating a permanent identity credential for their clients, but not for a store trying to prevent buy online, pickup in-store fraud. 

The answer then, as we have advocated for more than 15 years, is to match the appropriate level of security to the situation, adding additional layers of complex solution on an as-needed basis.