How do you know who is registering an online account with your business? The answer is complicated by the rise of ‘Frankenstein fraud,’ also known as synthetic identity fraud, which combines stolen data belonging to a real person with fake information to create a new, fraudulent identity. For example, the criminal might use a stolen Social Security Number (SSN), the victim’s real name and date of birth (DoB) along with a fake address plus a phone number that’s in their control.
By using some real identity data, they’re more likely to appear legitimate and evade detection by legacy and DIY data validation methods. In some cases, they’ll use their own phone number to receive one-time passcodes during the account creation or authentication process. It’s unlikely this phone is tied to their identity, however. Instead, they use prepaid phones, virtual phone numbers (voice over internet protocol) or spoofed phone numbers so they can’t be linked to the illegal activity.
With high-quality fake IDs (easily purchased online), they present ‘proof’ of their synthetic identities to slip past initial screenings. Once enrolled, bad actors can use fraudulent accounts to make purchases with stolen credit cards, open new lines of credit, launder money or conduct other financial schemes.
So back to the initial question, how do you know the person onboarding with your business is a real, legitimate customer? In a world of Frankensteins, companies need a layered approach to identity verification and data validation, which can be further enhanced by orchestration and fraud detection that continually adapts to today’s complex and evolving tactics. In this article, we’ll explain what’s needed and why.
If you’ve read recent Gartner reports on identity proofing (ID and selfie analysis) and identity affirmation (also called data validation), you already know the importance of a layered approach to properly verify identities during the onboarding process. This combination also ensures the best user experience (UX) possible. So let’s cover the basics of what these solutions do.
Identity verification, aka identity proofing, analyzes the user’s ID document and selfie in order to quickly verify:
A few of the many challenges when verifying identities:
Data validation, aka identity affirmation, runs in the background to instantly verify:
A few of the challenges when validating data:
When you understand the capabilities and challenges of identity verification and data validation on top of the complexity of the fraud landscape, it becomes clear why you need both solutions to secure onboarding.
The adage ‘better together’ may be trite, but it’s never more true. Identity verification and data validation complement each other and can work seamlessly together if natively built within the same platform.
The majority of legitimate customers will satisfy the risk tolerance or threshold with data validation alone. In these cases, you’ll passively validate the identity without adding friction; customers simply follow a typical enrollment flow, entering their personal information. In the event data validation returns mixed or negative results, you can then invoke identity verification for ID and selfie analysis, giving the user a second chance to prove their identity.
In some industries, however, KYC regulatory compliance requires document-based ID verification as well as background checks and data validation. Financial institutions or any business that conducts high-risk transactions typically need both identity verification and data validation — even if data validation determines the personal information is valid and strongly associated with the identity.
Businesses must assess how much confidence they need in the user’s identity and balance that with the UX they want to provide, which will vary, depending on the industry and use case. Gartner suggests asking yourself what level of assurance you need for your business and the specific context. This will rarely lead you to an either/or answer, but instead, you’ll want to use both identity verification and data validation to secure onboarding without unnecessary friction.
Not only do you need both solutions to work in concert, but you need highly advanced identity verification and aggregated data validation services that are smart enough to assess every small but significant detail. That’s exactly what you get with Transmit Security Identity Verification and Data Validation Services.
Transmit Security is the only vendor offering platform-native identity proofing and data validation within a complete CIAM platform — delivering full platform synergies.
Transmit Security Identity Verification – AI-driven identity and document verification determine if the individual and their ID are legitimate with a high level of confidence. This automated service is smart enough to catch high-quality fake IDs, leveraging advanced capabilities:
Transmit Security Data Validation – prevents account opening fraud by assessing the validity of data users submit when they enroll. It’s automated and instant — to stop fraud before it begins. For trusted customers, you’ll secure and expedite onboarding with an easy, welcoming experience.
Start improving your customer’s experience and prevent synthetic fraud that’s designed to circumvent security measures. Leading-edge Identity Verification and Data Validation Services deliver a better together defense against today’s most deceptive Frankenstein fraud and fake IDs.