In walking the exhibit floor and talking to many companies showcasing their solutions, it was evident to me that identity was the main theme of the event. A large majority of the fraud and security vendors were touting how their identity solutions address the user authentication challenge for financial institutions and merchants.

This continues a general industry trend observed over the past few years where new tools coming to market are targeting how to protect companies and consumers across various stages of the customer digital life cycle: new account openings, online applications, and authenticating returning users as they log in to existing online accounts.

I am reminded of an insightful comment made by a fraud executive back in September 2022 at Aite-Novarica Group’s Financial Crime Forum. He said, “I am no longer fighting the fraud battle; I will not win it. I am now fighting the identity battle, which I think I have a better chance of winning. And if I win the identity battle, then my fraud losses will decline.”

Tools to Fight the Identity Battle

Money 20/20 exhibitors showcased a wide variety of solutions to help companies in the identity battle. These included solutions such as synthetic identity, 3-D Secure, Know Your Customer (KYC), biometrics in many forms (location, facial, fingerprint, eye, and behavioral to name a few), document identification and verification, and others.

Solution providers are prepared for the digital world in which we live, along with its growing use of mobile devices for banking and e-commerce. There were solutions specific to mobile phones, leveraging data from mobile network operators (MNOs) to validate identity as well as using mobile devices as an authentication mechanism. There were also firms that leverage the fraudsters’ domain—the dark web—to harness data to fight identity and authentication attacks.

No one tool will solve all identity problems all the time. Fighting identity risks usually takes a multipronged approach. A number of exhibitors touted orchestration solutions whereby, via a single API, a company can code once and gain access to a suite of solutions. This is enticing as it provides a level of future-proofing one’s technology stack by eliminating the need to integrate multiple point solutions in house. And as the orchestration provider adds new capabilities to its solution suite, users of that provider can easily tap into those new capabilities with minimal to no IT effort.

Change on the Horizon

On Sunday afternoon, Money 20/20 held a Fraud Summit, where I gave the keynote to kick off the event. The presentation included findings from a recent survey conducted by Aite-Novarica Group of over 2,200 consumers in the U.S., U.K., and Singapore about their authentication practices and preferences. Unsurprisingly, consumers are really bad when it comes to passwords: Nearly 80% reported some level of password reuse among various online sites.

However, 74% of consumers expressed a willingness to migrate from username/passwords to a more secure authentication method. This is encouraging news, particularly for the exhibitors with passwordless solutions. These solutions are beginning to mature, and consumers may be at a point where they will embrace them.

In speaking with a fraud executive, I likened today’s environment to financial services firms all standing around a pool waiting to see which one jumps into the passwordless pool first. Firms are hesitant to be the first, but they know they need to move off of passwords. Look for waves to be made when the first few firms jump in.

The 2022 version of Money 20/20 was a wonderful opportunity to see many former colleagues, meet new companies, and see what solutions are emerging in the fraud-fighting landscape. Based on the vendors I spoke with, the exhibit floor should be quite full in 2023.

How is your firm fighting the identity battle? Are you planning changes to your identity control framework? If so, I’d like to speak with you about it. Contact me at dmattei@datos-insights.com.

The post Insights From Money 20/20: The Identity Battle Is Evolving appeared first on Datos Insights.

Hidden threats lurk behind every corner. The attack vectors are growing in size, complexity, and diversity—bots, stolen usernames/passwords, unsuspecting users who fall prey to scams, anonymity on the internet allowing criminals to masquerade as someone else, synthetic identities, and more. The list goes on and on. If that wasn’t bad enough, fraudsters have become more clever and cunning, finding new ways around existing defenses.

Key Access Points for Fraudsters

The two most vulnerable points in the online consumer journey are new account creation and account login. At account creation, companies need to verify that the person wanting to open an account is truly the person they claim to be. And at account login, companies must be able to authenticate the person logging into the account is in fact the person who created and owns the account.

Sounds simple, right? The complexities inherent within identity authentication and verification are countless and tricky. And the consequences for getting it wrong can be quite detrimental—not only for the company but for the individual customer as well.

There is no single anti-fraud tool that will protect both areas. The best fraud defense is a multi-prong, layered approach. Casting a wide net detects and prevents as much fraud as possible. But at the same time, companies must provide a great online experience for good customers with zero to minimal unnecessary friction. Talk about a delicate balancing act!

A Multi-Pronged Approach

When deploying multiple fraud tools, companies must make a fundamental decision: Either buy different point solutions and integrate them themselves or buy a multi-pronged, integrated solution. Integrating different point solutions from different vendors in a cohesive and fully functioning ecosystem is no small effort. It requires significant resources to design and implement as well as ongoing IT maintenance, both of which can be prohibitive for most firms. For instance, one vendor may have a new software release that causes the entire ecosystem to break, making it time to call in IT.

This has given rise to a new class of solutions in the market called orchestration platforms, which offer an integrated, cohesive, and modularized suite of multiple fraud tools from a single provider. The flexibility they provide is an especially attractive feature for organizations. With one up-front integration, a company can deploy one fraud tool today and add others later. The tools are pre-integrated so they work together out of the box and share data to provide a higher level of performance on the front end and greater efficiency on the back end.

Aite-Novarica Group conducted a study across 110 fintech firms in Q3 2021 asking about the level of effort to manage account opening and account login fraud. These fintech firms were divided into two camps: those whose fraud tools were integrated and those that were not. Those fintech firms leveraging integrated solutions were twice as likely to report that managing fraud was very or somewhat easy as compared to those whose fraud tools were not integrated.

In today’s increasingly complex world of managing online fraud, companies must attempt to tip the scale in their favor and get a leg up on fraudsters. Orchestration platforms provide a more agile, yet simpler way to do that. If you are responsible for protecting the digital channel for your company, look into orchestration platforms. It is time to make the fraudster’s job harder, and yours easier.

You can learn more about the power of orchestration in this webinar.

The post The Power of Orchestration appeared first on Datos Insights.

I needed a medallion signature guarantee on some financial documents. I called my local credit union to ask if the branch close to me had someone who could do this. I received an automated reply about heavy call volume, offering me a returned phone call so I didn’t have to wait on the phone for a representative. Great! I thought that would make things easy, so I opted in.

When I received my return phone call, the representative asked for my account number, Social Security number, or member number. Then I was asked to provide my full name. Then I was asked if I had any recurring deposits and, if so, who the deposits are from. At this point, after three authentication questions, I was starting to get annoyed. Then the representative asked yet another question, at which point I said, “All I want to know is if there is someone at my local branch who can provide a medallion signature guarantee.” This was a simple yes or no question with no financial risk. Yet I was being put through the gauntlet.

The representative said that she needed to ask these questions since I may have to make an appointment with someone at the local branch. Well, after providing my Social Security number and name, she should have had all the information she needed to service my request. Have I mentioned that I called with a yes or no question?

At this point, my frustration meter maxed out, and I refused to answer her fourth question. The level of personally identifiable information I had to provide to get a yes or no answer (and maybe an appointment) was too much. I told her that I was done and hung up.

When a process is so complicated that it is easier and faster to drive to the nearest branch than to make a phone call, the process is broken.

Friction is not one-size-fits-all. It needs to be dynamic and based on risk. Processes need to be flexible and inject friction if and when needed.

If I am asking to transfer thousands of dollars out of my account, then bring on the questions. Really authenticate me. I will appreciate the fact that the institution is protecting my interests. If I have a basic banking question that only requires a yes or no response, save the consumer the hassle of all the questions and save the institution some money by handling the call faster and cheaper.

The branch representative was great, and I got my appointment without all the questions. Now that was a good, friction-appropriate process.

Do you measure or monitor user friction in your online, call center, and other customer channels? If so, I would like to hear how you manage it. Reach out to me at dmattei@datos-insights.com.

The post Friction: Is It Really That Hard to Get It Right? appeared first on Datos Insights.