Identity verification, the process by which financial institutions confirm your identity, has evolved over the years due to technological advancements, as well as our dependency on and the convenience of digital devices. Traditionally, this verification process depended on in-person interactions with bank staff and the presentation of physical documents, such as passports, driver’s licenses and utility bills. However, these documents can be susceptible to forgery and theft. While digital devices are improving the customer experience, they also have introduced new ways for criminals to apply different fraud tactics.
Financial institutions are continually looking for ways to make it more convenient for their customers to do business with them. Today, customers can access their accounts using web browsers, banking apps, smartphones, tablets, mobile devices or smartwatches. While these options have greatly improved user convenience, they also have introduced new vulnerabilities and opportunities for criminals to exploit.
Malicious actors continue to evolve their tactics, looking for ways to take advantage of vulnerabilities with banking access points (such as online, mobile apps or call centers). Fraud attack approaches may include creating synthetic identities to exploit account opening susceptibilities, targeting vulnerable legacy systems, attacking weaker identity verification capabilities or taking advantage of inadequate anomaly detection techniques. Account takeover (ATO) attacks on customers (e.g., stealing personally identifiable information or using stolen account credentials) can be a challenge if there is not a verified associated device that can receive a message warning the account holder of an attempted account access from a new device or location. This can cause both financial and brand challenges to financial institutions while eroding customers’ trust.
The Building Blocks of Digital-Based Identity Verification
The introduction of digital channels has led to the development of digital identity verification processes. These newer verification processes link customers’ identities with their devices. This can be accomplished through the use of single or a combination of biometric technology or via facial recognition, fingerprint verification or voice recognition. By linking the customer and the device, the bank can verify the person using that device is the authorized account holder and that the device is secure. For example, if a new or unrecognized device attempts to access the account, the bank can step up authentication and request additional information before allowing access, as this appears to be a higher-risk event. However, if a customer is using a known verified device, the bank may not require extra authentication. These processes help financial institutions improve customer convenience while endeavoring to keep the accounts protected.
Identity verification of customers by financial institutions has evolved from relying on in-person physical identities to digital onboarding.
MFA’s Effectiveness Hinges on a Solid Identity Verification Process
By integrating digital identity verification and device-based risk signals, financial institutions are more likely to maintain the delicate balance between security and user convenience. This can be achieved by validating personal identity details with analytics and advanced biometric technologies, such as camera “liveness detection” (confirming the presence of the user in front of the camera), voice authentication and behavioral biometrics (e.g., the unique way individuals interact with their devices), significantly hindering criminals from impersonating genuine users. Multi-factor authentication (MFA), which requires two or more verification methods, such as an associated phone/mobile device and a biometric factor, ensures that even if one authentication factor is compromised, additional barriers protect the account. This layered security approach reduces the risk of unauthorized access and has become a common practice in the financial services industry.
Digital Identity: Security Through Innovation
Fraud detection solutions will continue to advance and adapt in response to criminals seeking weaknesses in financial institutions’ detection and fraud control systems. Using internal risk signals gathered from prior customer interactions to detect unusual activity and external signals gathered from legitimate third-party sources may be important to further improve identity verification processes. Combining this with layering of multiple risk detection methods can improve fraud detection rates. Adding more external signals to fraud detection may prove successful in further identifying fraud trends and attack types. For example, fraud information sharing among financial institutions can help them understand other perspectives, amplify risk signals and improve internal fraud mitigation processes.
As financial institutions’ fraud detection technology continues to advance and the digital landscape evolves, the importance of robust and innovative identity verification methods will continue to grow. Financial institutions must remain vigilant, continually adapting to new threats and leveraging the latest technologies to protect their customers and maintain trust. By embracing an improving identity verification approach, incorporating both traditional and cutting-edge techniques, the financial sector can stay ahead of criminals and enable a secure, seamless experience for all users.
Stay Connected
Keep informed about the Fed’s efforts to support payment security and mitigate fraud by joining the FedPayments Improvement Community.