OCR Labs wanted to get an unbiased opinion on the Identity Verification industry from all those it touches. In order to facilitate this we reached out to John Marsden, previously of Equifax, iovation, TransUnion and now We Fight Fraud, to interview his industry contacts with no commercial interest to get an honest opinion of how practitioners, consumers and fraudsters see Identity Verification technology and the industry as a whole. In this summary of the series, John explores his findings and highlights his recommendations.
Over to you, John...
In summarising the three blogs produced, from a practitioner’s, a consumer’s and a fraudster’s points of view, my thoughts turn to how vital it is to get the customer experience right. The start of a customer journey is such a critical time as they are exchanging Identity details within a new relationship. To be candid, the interests of the consumer and the practitioner are aligned, but so often mis-practiced. The ‘criminal’ or fraudster is exploiting any weaknesses they may find, often disseminating this across their connected groups, their motives are not aligned, an ever-present threat.
Abandonment of the application process is a measurement that directly affects the profitability and reputation of the service being used. The balance of risk is critical, too harsh and you’ll receive bad reviews and abandonment, too loose and the bad actors will swarm into your processes. It’s very easy to understand the lost monetary value of an abandoned application, but the unrealised costs of fraud only too soon become very real, often after the fact.
Firstly, regarding practitioners, possibly the most notable element uncovered here is the identity technology being used has issues. It may be capable of delivering an exact scientific match, but in the real-world tolerance is required to enable a smooth customer journey. Further to this, a real business need is that you must be careful who you decide to work with. There are so many vendors with various USP statements, it’s important to make your own advised decisions.
The consumer piece was most interesting to me.
Starting from the factor of convenience, it did surprise me that, the process of proving identity visibly is a benefit for the consumer, conveying trust, but equally here, trust can break down quickly and your processes adulterated as consumers seek some comfort in the process. Most notable is the trust that you have with that consumer to bring them to open a facility or account can be easily destroyed by a dis-jointed process. Particularly a change or introduction of a new brand to the relationship.
In the final blog, we understood from the criminal economy the worth of a facility under their control and the many ways that exist to find these facilities. The brazen approaches of some with criminal intent appears to play with the tolerances in tools and automated processes to allow their activities. We can lock this down in traditional ways with modern twists, for example marking faces as potential fraud and sharing this data either with the provider or with industry bodies such as Cifas. This will have an effect, although the scale of the attack surface here is huge. Criminals have a large pot of potential collaborators and a reasonable idea of how to maximise their potential acceptance with environmental challenges (lighting, photo quality etc). Notably, the industry is working hard to match and prove liveness of the applicant, whist the criminals are busy providing coaching videos on how to fake each provider on YouTube. Again, be very careful who is chosen to provide this service to protect your brand.
The drive to be able to prove someone's identity online, the challenges that have risen from the criminals, and to a certain extent the failure of governments to keep pace with the digitisation of society, means that commercial organisations have innovated and developed various technologies to enable consumers to prove who they are often to an accepted regulatory standard. Until now those standards have not focused on the veracity of the solutions. I am pleased that we are now seeing the introduction of standards and official credentials that will provide clear assessments of the value of the solutions. Australia and the US are forging ahead with such schemes. The UK choosing to move a slightly different way with UK’s Digital Trust Framework which is proposed to offer a ‘Trust Mark’, which can be some form of level of attainment for IDV providers. Matt Adams, CTO at OCR Labs does a fantastic summary of what’s happening with regard to standards.
Overall. We are making progress…….