Fraudsters are taking advantage of the fact that identity verification, in large part, is stuck in the past, relying on static variables that are easily (mis-) appropriated. With so much information about individuals available online, why aren’t more verification systems utilizing that wealth of data to create a fuller picture of consumers’ behaviors, in order to protect them from fraud?
What's Next In Payments®
Copyright 2015, all rights reserved by author
PYMNTS recently spoke with two executives from Socure – Johnny Ayers, Co-Founder & SVP of Business Development, and Ken Allen, SVP of Operations – to find out what more can be done.
Socure has developed a tool to help business to mitigate fraud risks by mining what you call the “social biometrics” of individuals. How does Socure Social Biometrics work?
JA: When a new customer goes to open a new account – maybe a new bank account, a new credit card, a new remittance account – online, we take the same data that’s passed to an Experian or a LexisNexis and do a real-time search of the Internet. We search all the major social networks, search engines, and people search engines to find the sum total of an individual’s identity across the Web.
Then we put that data in the context of psychographic behavioral models that we’ve created, to determine what different types of individuals should look like across the Web. We’re able to use online identities and the behavioral patterns that all people create in the normal paths of their lives to determine whether an individual is real or fake, whether an identity is potentially stolen or synthetic, and then – based on known good and known bad data from our customers – we’re able to predict things like the likelihood of an individual to commit fraud.
Whereas an offline vendor is just looking at static things like name, address, date of birth, SSN, we’re actually able to take behavioral cues to determine someone’s authenticity when they’re opening a new account.
What differentiates Socure from standard verification methods?
KA: Let’s look at the way verification has been done historically. The starting point – name, address, phone, email, device – they all have different variables that you can validate against. In the last 15 to 20 years, however, that’s been done using variations of the same data from similar sources.
The online digital data brings additional risk-splitting power that actually starts to paint the behavior of a customer and his or her legitimacy on top of some of the traditional means of verification. Fraudsters are very good at representing the real data of a customer, but they can’t verify themselves when trying to emulate the behavior across all of the digital and social touch points that everyone has as a consumer today.
The data is actually differentiated in that it’s new data being applied to customer verification models and it allows you to split and see where disconnects might exist in the data. For example, a typical fraudster will use a different email so that the real customer doesn’t get notified, but he will use the actual name and address in the payment. Where you can start to see the disconnect – in addition to whether that email may or may not be similar to the real email – is whether or not the behavior being presented matches up in any capacity to anything that the real consumer does across the Web.
Your costumers are banks, remittance companies and the card networks. How are these sectors taking advantage of online and social data? Is there anything they should be doing differently?
JA: When you look at the industry as a whole, there’s a pretty big gap with millennial consumers. The CFPB put out a report last week that said roughly 50 million adults in the U.S. are completely out of the credit system. For big remittance players or anyone in the prepaid market with a consumer application that’s targeting millennials, traditional data sources just don’t work. There’s no credit data available.
By leveraging online and social data, they’re able to not only help catch more third-party fraud and synthetic fraud identities, but also to be able to say ‘yes’ to more people. We’re able to help them increase the number of consumers that they’re able to accept.
KA: Let me synthesize it forward a couple of points. The first component is that regulators are striking agreements with public entities – specifically financial institutions and related – to enable the underbanked or the non-banked to be banked and/or to be included in the financial sector…for instance, not use payday lenders as often. So there are regulatory agreements that have occurred in the last eight months that are opening up the doors to use more data.
The second component is that a lot of financial institutions have struggled with leveraging additional data sources because of the regulatory scrutiny. Therefore, institutions are opening up – using “big data” as a catchphrase – to start to leverage more and more sources of data. As it’s accumulated into robust processes, these institutions can make advanced decisions based on the full profile of a customer, not just one that is specific to a particular product.
It’s opening up regulators in terms of their tolerance for striking agreements with financial institutions, and it’s providing the ability to use it in the manner of an infrastructure – use more data, big data, in real-time, that you’ve never before had the access to in incorporating models. That, in turn, is starting to open up the avenue to increasing the appetite for finding additional sources of data that, again, gives risk-splitting power to verify a customer and also leads towards predictions of types of risk that need to be mitigated.
Let’s say I’m a bank and I’m using social media to better understand customer risk. What kind of regulatory hurdles would I expect?
JA: One of the things that we’re seeing take place very rapidly is the evolution of KYC and CIP. To address customer bases that are made up of millennials, or send-file consumers, we are seeing large, public financial institutions actually rewrite their KYC and CIP processes to begin to look at email, online, social and mobile data in order to evolve those implementations. With the CFPB and a lot of state regulators pushing financial inclusion, we’re actually very well positioned to be a key part of the evolution of KYC and CIP.
Additionally, by being really the only company that combines online and offline data, we are seeing people looking at the whole identity of an individual – offline, online, and mobile – as being the future of KYC. It’s being driven a little bit by big data capabilities, and also by regulators wanting to include as many people as possible into the financial infrastructure.
Finally, what is next for Socure? What initiatives are you working on that you can disclose?
KA: Today, we primarily focus on consumer verification through a few different products that enable a lot of these related companies to handle the process very comfortably and with high degrees of predicting risk. There are natural evolutions of this type of data that can expand into different verification approaches and customer techniques – perhaps expanding beyond the customer segment. It is a very natural and complementary fit to a lot of the traditional methods of device fingerprinting, payment verification, and some of the credit header data; and that complementary play actually leads to a lot of partnerships and a lot of opportunities to strengthen the data.
The natural product evolution will occur. We won’t say too much in terms of the road map, but there are some very exciting things coming. If anything, the ability to differentiate customers and be able to tell the legitimacy of their behavior is actually improving as we go; therefore, that natural product evolution and the use cases are what is currently on our mind as we expand the road map and start looking for new products before too long.
JA: We have customers live in 33 countries at this point. Continuing to grow our international footprint is going to be a big part of Q3 and Q4, as we head into 2016.
Specifically, we want to address the fact that credit systems are not universal. Developed credit systems only exist really in the western world, so we’re seeing a lot of businesses internationally look to use online social data as a form of launching digital products.