“We have connected all of our lives — personal, professional and national — to the Internet. That’s where the bad guys will go because that’s where our lives are, our money, our secrets.” Those were the prophetic words of then-FBI director James Comey, in a 2013 presentation on cyber-security to the Senate Homeland Security Committee, writes Keith Wardell, director of fraud, ID and acquisition at TransUnion Africa.
Six years later, his prediction has proved to be spot on, and it’s created one of the great dilemmas of the modern age. Consumers increasingly want to be online – but so do the bad guys. Consumers want to feel safe against the growing tsunami of fraud threats – but they don’t want their user experience to suffer in the process. In a nutshell: consumers have greater access to digital channels than ever before, but fraud has increased and evolved.
Let’s look at the scope of the problem for a moment. Across the world, more consumers than ever have access to the Internet. In South Africa, that’s an estimated 51%, and growing daily. 95% of that internet access is via a mobile phone, according to the Pew Research Centre. At the same time, TransUnion is seeing fraud evolving and increasing globally. Between 2015 and 2018, through our iovation reputation reports database, we identified a 433% rise in the so-called ‘synthetic identity’, where criminals combine real and fake information to create new identities. A 126% rise in consumer account takeovers. A 146% increase in true consumer identity theft.
Why is this a problem? For one, ensuring a secure, seamless customer experience is fundamental for businesses to effectively grow and thrive in a digital world. But fraud has both a business and a customer cost, and any fraud prevention efforts must be balanced with the impact on the customer experience.
So what do we do? We need a multi-layered approach to manage ever-evolving fraud threats: there is no single ‘silver bullet.’ This approach includes device authentication, robust identity verification and a range of fraud detection tools. You need to know exactly who you are dealing with, and how to protect your genuine customers from fraudulent activities.
It’s also important that you don’t just validate the consumer. You validate the device and even the device network. Device-based authentication is one of the most powerful tools companies can use to fight fraud. If a device can connect to the Internet, you can recognise it without identifying personal information.
That means you can ask questions like: has this device been seen before? Are there any device risk factors present? Have there been any attempts to evade detection? Has this device been used to conduct an unusually large number of transactions in a short time period? Has this device been associated with past fraud?
The bottom line is that in the digital age, identity verification is no longer limited to a set of core documents and a few pieces of personal information. It is about understanding someone’s digital footprint, the devices they use and how they use them. Only by combining personal and digital data, can businesses truly protect their most valuable asset – their customers.
*This article is based on a presentation made at TransUnion’s Financial Services Summit earlier in 2019.