Consumers increasingly expect that digital banking capabilities will replicate everything that can be done in a branch because it’s far more convenient to use a smartphone or tablet than to make a personal visit. There’s no waiting, no “open during” hours, no travel and presumably, no bother.
This is especially true for the 19.4% of Americans, ages 18–29, who currently represent 38.6% of all mobile banking users according to the Federal Reserve Board’s 2013 Consumers and Mobile Banking Services report. As younger generations grow into the primary consumers of banking products, banks that fail to meet their instant/online expectations will have a problem.
We’ve all seen the various reports and statistics — there’s a rapid acceleration of consumers migrating to digital banking channels (the good news). However, the incidence of fraud during the online/mobile account opening process is also increasing (the bad news). Increases in fraud in online and mobile channels will be further driven by fraudsters shifting their focus from card counterfeiting to other targets like online account opening as the looming EMV change-over occurs. According to Aite Group, one UK bank saw their online fraud rate jump 800% in the first year following EMV implementation. Is your bank ready for that?
Online application risk management is tricky because it needs to cover a lot of ground, with threats coming from hacked devices, breached identities, organized crime rings, synthetic and manipulated identities, spoofed IP addresses, etc. Additionally, it needs to evolve continuously against a backdrop of resource constraints, limited IT budgets, competing corporate priorities, regulatory concerns, and data privacy issues (not to mention the competition).
Many banks will need to restructure their online onboarding processes to handle the expected increase in fraud through digital channels, especially as those become the primary ways in which consumers choose to interact with their banks, or even the primary way they choose their bank.
A big part of restructuring these processes is ensuring that you can make accurate fraud risk decisions during new account opening without adversely affecting the consumer experience. This means using the right data and analytics during the account opening process to reduce the number of false positives that are getting pulled out of the automated process for manual review—which ruins the instant account opening experience that consumers now expect and can send them off to a better-equipped competitor.
In response to these new fraud threats and consumer expectations, sophisticated banks are starting to combine identity and device risk assessments into a single fraud check to instantly obtain a more comprehensive fraud analysis for each online application.
By combining identity and device risk assessments, banks can leverage previously unknown correlations and make more informed decisions about an applicant’s fraud risk. For example, an applicant may assert a home address that in the identity check doesn’t indicate a high fraud risk, but when device information is assessed it may reveal that the device is being deliberately cloaked in an attempt to match the physical address, but is really a transaction coming from a foreign country. The detected mis-match results in a high risk score returned immediately along with explanatory attributes and reason codes.
By using a single risk score spanning identity and device insights, banks can eliminate the drawn-out application and identity verification processes that lead to abandoned applications. It also helps banks reduce excessive reviews of low-risk applications and focus risk mitigation strategies on the highest risk applications associated with suspicious devices and suspicious identities.
Multichannel onboarding will continue to expand and is clearly shifting toward mobile and online applications, but your fraud problems don’t have to increase as a result. Low-risk consumers using “clean” devices can be processed quickly through your app processes, without consumer impact using this next generation of analytics which combines extensive data intelligence with billions of device identities. Questionable identities and devices, however, will become instantly visible arming you with actionable insights and tools to defend against increasingly sophisticated and costly attacks.
At ID Analytics, our ID Score® 8.3 is one of the first solutions to combine identity and device risk to deliver a unique and powerful view into application fraud. If you have further questions about managing the new fraud threats facing your business today please feel free to contact me.
Author: Keith Hillestad
Director, Product Marketing — ID Analytics, Inc.