As data breaches become more widespread, the personally identifiable information (PII) and account credentials that individuals use to verify their identities when conducting mobile transactions have been increasingly compromised. So much so that more U.S. identities have been compromised, than those that have not — leaving organizations open to fraud and the hefty price tag that comes with it.
According to Gartner, Inc., the world’s leading information technology research and advisory company, that’s largely why organizations must move away from absolute identity proofing for electronic transactions and learn to live with shades of uncertainty.
Gartner advises organizations to adopt a layered identity assessment approach that relies more on dynamic information and less on static PII that has likely been compromised at some point.
By implementing a layered identity assessment approach, organizations are able to protect themselves from fraud while delivering a mobile user experience that doesn’t annoy good customers who may be applying for new accounts or accessing an existing account.
Since no singular identity assessment method used on its own is sufficient to keep determined fraudsters out or to verify the legitimacy of an individual identity claim, Gartner recommends a four-layered identity assessment approach for mobile, Web and phone transactions:
- Layer 1-Endpoint: The lowest cost method of identity verification, endpoint-centric solutions are implemented that can detect if a transaction is originating from a suspect location or endpoint using mobile or caller ID, device print or voice channel phoneprint.
- Layer 2-Navigation: Uses Web session, in-app navigation behavior analysis and gesture analytics to determine if access appears legitimate or otherwise. For example, these techniques can determine that several new account applications are being filled out exactly at the same speed with the same navigation pattern.
- Layer 3-User Data: Data is verified electronically or spoken over the phone by the user whose identity is being assessed. Relies on identity document verification that requires users to transmit documents like drivers’ licenses or passports using mobile cameras or printer scanners to open accounts, verify age, make payments and complete many other transactions.
- Layer 4-Linkages and Metadata: Uses vendor’s data pool to verify history and reputation information on a particular attribute or to identify good or suspicious behavior and transactions.
When implementing the four-layered approach, organizations should favor vendors that combine multiple identity assessment layers and provide plentiful identity data and intelligence. Gartner notes that there are no single vendors that cover all four layers, although there are several that offer multiple layers of identity assessment for different use cases or channels.
To deter customer abandonment for mobile and Web, organizations can narrow down identity assessment transactions that require follow-up investigation or interaction with users based on risk tolerance and available resources. To manage these expectations, Gartner recommends slowing transactions down, electronic validation of identity documents, “liveness” tests and biometric modes for enrolled users.
With the overwhelming majority of consumers preferring to apply for accounts via mobile or Web channels, it’s clear organizations must evolve their processes to allow them to do so, while minimizing fraud risk.
# # #
To learn more about the role of identity document verification in ID proofing, read Fraud Practice's whitepaper: Effective Methods for Using Identity Verification to Increase Conversion