The traditional methods of identity verification—for instance when a customer wants to open a new bank account or start doing business with a new institution— are, unfortunately, stale. They just don’t work anymore. Part of the problem is that the data the traditional identity verification providers - the credit bureaus - use to verify users is the same identity data that gets stolen in breach after breach. How does it make sense to use social security numbers, addresses, and birthdays to verify an identity when that same information can be easily bought on the black market? The truth is, it doesn’t.
That’s why we need to consider new approaches for identity verification. But in order to do that, we first need to bust some myths about what can and can’t happen in the verification process:
- Myth #1: More rules lead to better security. Traditional identity verification process are rules-based, but with so much data being produced today, the rules just can’t keep up. And neither can humans. Rules-based systems ultimately deny too many legitimate applicants (often those without much credit history) and let too many fraudsters through. And creating more and more rules isn’t going to help. Rather, scrapping rules-based systems altogether and automating identity verification systems using artificial intelligence and machine learning techniques help to improve accuracy while keeping false positives and false negatives down.
- Myth #2: It’s OK to use static data sources. Static data—like your birthday, SSN, and address—aren’t useful anymore because in this day and age it’s all too easy to find anyone’s information online. A better solution is to combine that data with dynamic data sources, such as social networks and online information. This type of information is much harder to recreate or buy online—making it much harder for someone to create a fraudulent account in your name.
- Myth #3: Manual review is required for first-time users. Customers who are new to an organization are the hardest to verify. Often, companies require manual review of applications, but we know humans are prone to error, leading to a lot of delayed and rejected applicants. In order to make the process frictionless and more accurate, we should reduce our reliance on manual review as much as possible. Again, a broad range of dynamic data sources can make this possible.
- Myth #4: The rules can’t be broken. Of course they can! After all, rules are meant to be broken, right? Of course, it’s always hard to defect from a well-established approach, but when the “tried-and-true” methods aren’t working anymore, it might be time to take a step back and reevaluate.
If you’re interested in reading more on this topic, I wrote about these myths—and potential solutions—in more detail at CSO earlier this year.