The strength of an identity verification solution is not determined solely by having more data than anyone else. It is solved by combining the maximum amount of data to cover all ages, races, demographics, and genders with best-in-class entity resolution, clustering, and machine learning (ML) technology to resolve back and correlate to any given identity with the highest degree of accuracy and coverage. With this combination also comes the ability to identify and safely onboard more good customers, with the highest degree of precision possible. Simply put, organizations that are serious about delivering inclusive onboarding and achieving continuous compliance with increasingly stringent regulatory mandates have to operate with a solution that moves beyond the limited analytical capabilities of legacy identity verification solutions.
Many legacy identity verification solutions claiming “smart linking” technology were developed over two decades ago. While little has changed in their core functionality since then, the challenges they have been tasked to solve have grown increasingly complex, creating gaps in accuracy across name, address, phone, email, DOB, and SSN matching. This is resulting in ~4% of all transactions returning the wrong answer—at scale! For example, legacy vendors tend to claim exact DOB matching when in fact fuzzy matching is being performed because of sheer looseness in the algorithms. In another example, many legacy providers frequently classify an address as residential when it is actually something entirely different, like a commercial business or even a prison. Finally, legacy players often negatively impact hispanic or asian-descent individuals because of an inability to recognize and match on patterns of split names and concatenations.
Legacy solutions lack the accuracy of Socure
Socure’s graph-defined identity verification platform analyzes the entirety of an individual’s identity with ML to correlate the freshest and broadest set of data available to maximize accuracy and coverage, without introducing any friction into the customer experience.
Through hundreds of customer data studies we have examined on a transaction-by-transaction basis, Socure can confirm that legacy KYC/CIP solutions are incorrectly returning matches ~4% of the time while also being unable to verify certain segments of the population across different ages, races, and socioeconomic classes over 10% of the time. Needless to say, the adverse impact of these issues are massive. Even a seemingly small percentage of incorrect identifications over a large customer portfolio adds up to both an operational and regulatory nightmare, especially in an audit.
Digging deeper, in one examination of a sample customer file for a major fintech, Socure found that a shocking 40% of all applications approved by a legacy provider contained these issues:
- Customer approvals in conflict with the organization’s stated KYC/CIP acceptable policy
- Verification and approvals on the wrong SSN, often times with edit distances >4
- Verification and approvals when the SSN was issued before the DOB
- Incorrect fuzzy matching on SSN where matches were claimed and the edit distance was ≥1
- Approval of deceased customers and associated SSNs
- Matching on secondary SSNs (in violation of CIP requirements)
- Address classification issues—P.O. box, commercial/business address/CMRA, business ZIP codes being returned as residential addresses which financial institutions require both for regulatory and mailing purposes
- Approval of government-sanctioned individuals
If you’re currently using a legacy identity verification solution, you can expect to find many of the same issues in your own customer portfolio and it is fairly easy for us to prove it. It’s something we regularly discover across a wide range of head-to-head data analyses, many times resulting in row by row analysis for exact proof.
Now let’s explore more on how this is happening with actual examples from our exhaustive analysis of real customer data—along with recommendations for what you can do to avoid these pitfalls.
Example 1: Incorrect DOB and SSN match
The most basic and critical task that identity verification solutions must get right is complying with KYC/CIP regulations. If an incorrect identity is matched to a customer, the result is non-compliance. For organizations that require exact matching on DOB or SSN as part of their scorecard, our analysis has discovered that legacy solutions are matching the incorrect individual 3-4% of the time.
SSN before DOB
An issue we routinely see is the verification of an SSN that was issued before the DOB, resulting in an approval. This can be a problem for customers with an SSN issued prior to 2011, as the birth date in part determines the makeup of the issued SSN. As an example, we identified a customer with a DOB of 07-28-1974, but the issue year of the SSN on file is 1972. Had the legacy provider accurately matched the DOB, it would have been easy to discover that the SSN was not a correct match—or at least it would have been able to flag the discrepancy.
Use of fuzzy matching and incorrect fuzzy matching
Some customer KYC/CIP policies mandate exact matching for the SSN and/or DOB. Despite this, we regularly discover that legacy solutions are either ignoring this requirement and using fuzzy matching when an exact match can’t be found or they are incorrectly matching an SSN to a customer because of their algorithmic matching logic simply being outdated. In some cases, the approved SSN is off by one to two years from the DOB.
Example 2: Approval of deceased customers
Socure consistently discovers multiple instances of legacy solutions approving customers that are actually deceased, as well as the inverse, where customers who are living are declined for being deemed deceased. These instances typically involve more than one SSN tied to a customer, suggesting that the legacy solutions are matching individuals on secondary, non-primary SSNs.
Example 3: Incorrect address classification
In an actual customer data analysis for a top 10 banking institution, we found hundreds of instances of the bank approving customer applications where the customer address was a commercial mail-receiving agency, a violation of regulations requiring a residential address. And these errors were found in a small snapshot of their recent transaction data; the true risk of exposure is far more extensive.
Here are some examples of confirmed residential addresses, that are actually commercial addresses, from legacy solutions:
But it gets even worse. We found actual examples in their customer data of the use of correctional institution addresses that were approved by their legacy identity verification solution as valid customer residential addresses. These “customers” provided addresses at correctional institutions in Pennsylvania and Indiana that should never have been approved, and these examples further call into question how much trust you can put in these legacy “smart linking” solutions that miss something so obvious.
No one can match Socure’s ability to definitively resolve an address
Socure has the most accurate address matching in the US, with over 99.5% coverage—more than the USPS, Smarty, or even Google. Socure combines data from these and other sources for maximum coverage and then optimizes to a single normalization, ensuring you get the most comprehensive, accurate match. Regulated industries such as financial institutions that require a residential address for their customers can’t afford to get this wrong.
Example 4: Approval of sanctioned individuals
With new sanctions imposed following Russia’s invasion of Ukraine, regulators have greatly increased their focus on sanction and watchlist violations. This means that screening for sanctioned individuals is no longer simply a bureaucratic box to check, as these lists are continually updated and can present a serious, ongoing risk to your organization.
In a recent customer analysis for another top 10 bank, we found these three sanctioned individuals who were permitted to open accounts and transact in violation of applicable sanctions regulations:
- A customer with criminal records from the Georgia Bureau of Investigation who matched on name and exact DOB
- An approved applicant on the OFAC sanctioned list who matched on alias name and exact DOB
- An approved applicant on Canada’s OSFI Person List who matched on alias name and exact DOB
These were not all individuals trying to evade detection, as they used their actual name or a known alias as well as actual exact DOB, but were missed by the legacy identity provider. Of even greater concern is the reality that an auditor is going to ask, on a line-by-line basis, why sanctioned individuals were allowed to transact.
Socure is proven to be by far the most accurate identity verification provider in the industry
Aside from having the traditional sources used by most providers, Socure invests tens of millions of dollars in additional, redundant data sources from the most diverse, authoritative, and reliable sources. But while having diverse, in-depth data is essential, data volume can actually be a zero-sum game. More is better, but only to a degree. As we stress above, data is only as useful as the insights that can be obtained from it. Socure’s advantage comes through connections and correlations from that data, which we orchestrate and integrate into our proprietary matching capabilities.
For example, Socure uses 26 different name-matching algorithms, which make our industry-leading accuracy possible. And that’s just one aspect of our patented identity clustering technique.
Additionally, Socure not only matches on multiple sources that have corroborated name, email, phone, address, DOB, SSN, and other PII elements such as IP and device, but we also have actual confirmation of a good or bad identity as reported by our customers (your peers) in our proprietary feedback data network of more than one billion known outcomes to compare against. We’ve built something unique in the identity verification market—our own, one-of-a-kind consortium of actual decision outcome data from more than 1,200 customers that provides us with specific, accurate decisioning data about good and bad identities and their outcomes. And it continuously learns more every day with each new transaction and each new customer who joins the Socure network, ultimately keeping our customers ahead of evolving risks to their business. No other provider in the market can truthfully make this claim.
Socure consistently delivers real auto-approval lifts of at least 7% when compared to any other provider in the industry. In a time when every customer is so valuable, and the frequency of audits are increasing substantially, accurately approving more customers and maintaining good customer accounts has never been more critical.
As a Socure KYC customer, you’ll have access to the best-matched entity for every transaction—ensuring your confidence in exactly what data we matched against and delivering unsurpassed accuracy while reducing operational costs. In cases where manual review or reviewing the final disposition is required, both our dashboard review capabilities and API offers a side-by-side comparison of customer input data with the best-matched identity, with detailed reason codes and field validation scores providing the context needed to quickly focus on elements of risk to make a sound decision.
Last but not least, Socure can identify the risk that currently exists in your portfolio so you can take action and prevent new risks, while automatically approving more good customers. Our data science experts are ready to investigate a sample of your customer portfolio, completely free of charge, with a row-by-row analysis to uncover incorrect classifications and identify where we can verify and approve additional customers so you can thrive in the current economic environment.
Contact us today for a free in-depth data analysis to get your organization on the path to confident compliance.
Johnny Ayers is founder and CEO of Socure. Since founding the company in 2012, he has had a number of roles, including managing and leading strategy for the Direct Sales, Channel, Product, and Growth organizations. Johnny has been instrumental in building the company's tremendous customer base and suite of industry-leading digital identity verification and fraud prevention solutions. He is also a frequent expert speaker on fraud, authentication, and KYC/AML, and has been quoted in publications such as the WSJ, Forbes, Bloomberg, Thomson Reuters, Cheddar, PYMNTS.com, and more. In 2022 he was awarded Ernst & Young’s Entrepreneur of the Year, Finovate Executive of the Year, and has been named by Goldman Sachs as one of the top 100 Entrepreneurs of 2021 and 2022. Outside of Socure, Johnny is an investor in and an advisor to companies including; Acorns, Alloy, Astra, Bask, BillGo, Chipper Cash, Commerce Ventures, Curve, MoCaFi, and more.
How to Ensure Sanctions Compliance in Today’s Geopolitical...
Like many of you, the team here at Socure is deeply...
Stop Relying on Breached Data and Credit Bureaus...
Data breaches have regrettably become so common that it’s safe to...