Economic, business, and social systems operate according to the trust that exists between users and providers. Enterprises make goods and services available to those who need or desire them, and everyone benefits. Companies get paid, government agencies support those in need and deliver on their charter, and recipients get access to the material things they need to thrive. But for this agreement to work, all parties have to be able to operate under that umbrella of trust, and without it, there is no reliability, and the system ultimately fails.
Humans invented fraud, and it’s humans who perpetrate it. Because of that, we use the process of identity verification as a mechanism for ensuring trust. The more we know about identities, the more we can leverage that intelligence to tell us who is and who isn’t a fraudster, the closer we get to eliminating fraudulent activity and achieving a 100% trusted system.
The economic benefit of getting identities right—through the accurate identification of “good” and legitimate users—translates into major value in the form of financial rewards and increased operational efficiency for all organizations. Fraud results in actual loss of money. It creates additional friction in the pursuit of user growth. It also adds layers of complexity and resources that drain organizations of money and focus.
Identity verification has become the source for trust in the digital economy, and those who do it right are reaping both financial and intangible benefits.
The business value of getting identity verification right
In the financial markets, in the public sector, and in any service where individuals or consumers apply in order to receive a benefit or gain participation, the majority of people applying are good. They have good intentions, they have a need, they have decent credit, and they have a solid background.
Nevertheless, operators of every type of enterprise have to determine who’s good and who’s not in order to prevent fraud from entering their systems. It sounds like a simple, binary exercise, but the cleverness of bad actors makes it anything but simple. And all too often, the fear of squeezing out good users outweighs keeping out the bad ones.
There are massive benefits in maximizing the deflection of bad applicants while also maximizing the acceptance of good ones. The trick is achieving that optimum balance of allowing the most goods with the least bads. Those enterprises that get it right see the positive results on both top-line revenue and bottom-line costs. In the public sector, the revenue aspect is replaced by inclusion and helping honest citizens gain access to needed services.
Let’s examine the economic and social value of accurately weighing whether an individual is who they claim to be. It comes down to four buckets, but these in themselves can have multiple facets of risk and value. We are including anonymized data from actual Socure customers and proof-of-concept data studies. All of this data is derived from actual identity verification and fraud decisioning activity.
These buckets of value are:
- The multiple costs of fraud.
- The multiple costs of friction.
- The multiple values of auto-acceptance.
- The elimination of false positives.
The bottom-line cost of fraud
Digital organizations have to balance between delivering that excellent customer experience, which creates happy users, and eliminating risk, which reduces the potential for fraud. A great customer experience is fast and frictionless—users are onboarded and start using a service in minutes or even seconds. But fraud easily enters the picture when speed and broad access are prioritized over risk. Many startups are encouraged to crank up new account openings in their first year, with less emphasis on the fraud that will impact them for some time to come. The trick is determining the viability of every applicant so you don’t introduce fraud into your system, but doing so in a way that doesn’t adversely affect a fast, easy user experience.
The cost of fraud gets woven into an organization’s entire economic structure. Large financial organizations have to budget into nine figures for expected fraud, a staggering, sobering aspect of systemic fraud. The cost is typically passed on to consumers. It impacts an organization’s bottom line with revenue loss. Fraudulent users, especially in the form of synthetic identities that often escape standard types of scrutiny (and which aren’t based on real people who may report a stolen identity) can infect user repositories for months or years.
Fraud drives up the costs of the entire onboarding process in terms of the price of friction, and the cost of additional tools that must be leveraged in order to combat criminals. Compensating controls aren’t cheap. If current trends continue, the credit card industry faces losses of over $400 billion over the next decade. Brand reputation suffers when fraud cases make headlines.
State governments must hire additional investigators to check out fraudsters, and more citizens must visit government offices or tie up the phone lines with public servants. Citizens applying for benefits have to compete with identity thieves who have already claimed benefits in their names. Furthermore, theft of COVID-related relief and government programs is already in the billions.
Many solutions on the market treat this as a choice between one or the other, as in you can have either a good customer experience, or less risk—take your pick. Those solutions that enable a fast experience typically are using very few data sources to inform their decisions about identity and fraud. A surprising number of solutions take this approach, rendering them incapable of providing a truly holistic and accurate explanation of the identities they’re tasked with verifying. The outcomes they deliver are incomplete, or they require additional escalation methods and manual reviews that are costly and prone to inaccuracy, resulting in customer turnover and lost revenue. By not scrutinizing applications, organizations may see great growth numbers, but they are also willingly allowing risk into their environments.
Socure has proven with its 1800+ customers and hundreds of proof-of-concept exercises that our sophisticated machine learning (ML) model delivers the most accurate identity verification on the market. The Socure platform captures up to 90% of fraud in the riskiest 3% of users for synthetic and third-party identity fraud. For a five-year-old BNPL provider, that could result in auto-acceptance of 20,000 additional legitimate customers. Those new customers could account for more than $1 million in additional revenue. For a $4 billion provider of private label credit and loyalty cards, Socure’s accuracy could account for $3 million in prevented synthetic fraud losses.
The economic impact of fraud is obvious, and while it will never be completely eliminated, it can be drastically reduced to the point where it falls into an acceptable, manageable range. So what’s the trick to overcoming the fear of having defenses so tight that they trip up honest applicants? Accuracy. Which means being able to properly identify criminals so that they are excluded, whether they’re employing identity theft or synthetics.
Customer friction leaves money on the table
Customer onboarding friction, in the form of KBA, manual review, or other step-up methods, is perceived as a growth killer, and as a consequence, organizations are reluctant to add any roadblocks into the application process. This often means that enterprises accept customers without much scrutiny (as we saw in the previous section, they view some amount of fraud as the cost of customer growth), or they err on the side of rejecting customers with even the slightest whiff of fraud.
But friction is often the choice when reviewing applicants who fall into the gray area of appearing neither totally bad bad nor totally good. Would-be consumers are subjected to additional hurdles that they may or may not overcome, or even choose to overcome. There are three outcomes of friction. The applicant passes, and they get in. They fail, so they’re gone. Or they say, “this process is too hard, I’m out of here.” And if that frictional step is lengthy or unfriendly, then many people, including perfectly legit ones, will abandon, and take their business with them.
And remember, even if someone abandons the onboarding process, the organization has already incurred the cost of that process. The applicant didn’t want to answer about his mother’s maiden name, or the make of his first car? Too late, it’s already cost somewhere between 25 to 80 cents.
Initiating KBA costs dimes, which doesn’t sound awful, but you’re multiplying by the number of people that don’t fall into the “accept” or “reject” buckets. Physical id verification costs more, and is worse if it requires actual people to examine your license or passport. Manual review of documents such as utility bills or credit card statement costs more yet, and takes the most time. At least KBA doesn’t take long, but in general consumers find it really frustrating, and in many cases, criminals accessing the dark web have as much of those answers as the consumers themselves.
You’ll never completely eliminate friction, since it’s still a way to evaluate the outliers among the applicant pool. But accurately classifying consumers as either good or bad up front is the ultimate ROI with regard to friction, since it shrinks the need for it. This means: 1) a savings on the cost of fraud, 2) a better user experience, 3) lowering the acquisition costs of the good applicants who ultimately pass the friction process, 4) lowering the cost of uncovering the bad applicants, who should have been kicked out at the start, and finally 5) avoiding driving away those good applicants who abandon the friction process.
It’s better to identify the bads before you spend the money on additional scrutiny. A bad guy who finds your KBA answers on the dark web can sneak in and commit fraud, meaning they cost the organization twice. And even when friction does its job correctly, it costs you more to bring in the “goods” who pass and reject the “bads” who fail.
Auto-acceptance eliminates costly manual reviews
The old joke in the fraud business is that it’s easy to eliminate all fraud; you simply approve nobody. The alternative is to manually review literally every applicant, which is also absurd. The nirvana, of course, is to automate the process of applicant review, and with the greatest possible accuracy.
Acceptance means approving the applicants who pass muster. Auto-acceptance means doing it in the first step, without incurring the costs of friction. Again, this represents a better user experience, and avoids those abandonments in which good applicants give up and take their wallets with them. There is only one true path to auto-acceptance at a scale that accommodates large volumes of applicants, and that is the use of Machine Learning.
Socure customers benefit from auto-approvals by leveraging Socure’s identity graph and ML capabilities to persistently process, analyze, and correlate every facet of a digital identity, using over 17,000 features, redundant data sources, and a consortium network of over 1,800 customers to deliver the highest-assurance assessments of new users in the market. This means more good customers can be accurately identified and onboarded without friction. Moreover, there is decreased risk of fraud being introduced because Socure’s ML models provide a holistic picture of the individual’s identity, whether good or bad. And because Socure’s models are trained through a consortium of literally hundreds of millions of known application outcomes, they can approve a good applicant even when any given piece of PII is suspect, or if the applicant is younger or lacking a lengthy credit history. As a result, Socure’s customers consistently see a 90% reduction in manual reviews.
A mobile payment app provider worked with Socure to reduce manual review rates by almost 5%, which means an operational expense reduction of more than $800,000 over the course of one year. A financial services provider saw a 13% increase in customers, thanks to Socure’s auto-acceptance, which resulted in more than $2 million over the course of one year.
The business value of auto-acceptance is again clear. Legit applicants who walk in without any hassle are spending money right away. They’re transacting business. They’re generating revenue. In the public sector, users are able to access benefits or services. They’re not eating up the phone lines or sitting in some agency’s offices trying to find out what went wrong. A legitimate consumer or citizen is in this way able to leverage their own good identity.
False positives prevent access to good customers—and their revenue
If a fraudster becomes a customer because you thought they were good, eventually you’ll figure it out, but probably only after they have defrauded you. The flip side of that is, if you incorrectly reject a good applicant, you’ll probably never know about it. These are false positives, and the obvious harm here is the missed opportunity to acquire a good customer or participant. False positives equate to business growth that never happens, or a citizen who is cut off from much needed benefits or services.
False positives result in lost revenue, reduced customer growth, and higher drop-off rates. False positives may also be an indicator of potential exclusion and bias issues in the system. Solutions that struggle to verify hard-to-identify populations, like thin-file and new-to-country segments, may unwittingly eliminate access to worthy applicants, and propagate inequity. The long-term economic impact of turning away valid customers is substantial, and even the perception of unfairness can be devastating.
As with these other examples, the first step in eliminating false positives is to separate good identities from bad ones. But the degree to which this is done—the degree of accuracy in the identity verification results—is what empowers an organization to stop rejecting good applicants simply because they are not adequately vetted. To achieve the highest possible level of accuracy, Socure employs a bold graph-defined approach using ML and artificial intelligence (AI) techniques. That means acquiring, cleansing, and interpreting data from the most expansive, authoritative, and usable sources. It also means adapting that data continuously so that it’s always capable of identifying risk in the ever-changing digital identity and fraud landscape.
The upshot of this is that Socure consistently delivers up to a 13x reduction in false positives for our customers. In a proof of concept, one of our customers, a payment plan vendor, reduced false positives significantly and the accompanying annual revenue they recognized was close to $900,000.
Socure operates as a single, seamless, comprehensive platform, which delivers a complete picture of identities. Because of the completeness and accuracy of the data we use, the Socure platform helps customers avoid the false positives that occur when multiple solutions are cobbled together and deliver decisions that do not orchestrate data from multiple and redundant data sources.
Key takeaways for businesses looking to maximize ROI
To recap, the value of a machine learning approach to identity verification and fraud detection can be understood in four ways:
- Auto-acceptance means instant business and better user experience.
- Improved fraud capture translates to millions in cost savings.
- Reduced friction means better user experience and, yes, even more cost savings.
- Turning false positives back into identified good applicants brings those people into the family quicker.
Socure has spent more than 10 years and hundreds of millions of dollars in data science research and development to produce the most accurate platform for identifying legitimate identities on the internet and, in the process, eliminating fraud. With our solutions, our customers achieve well over 90% accuracy and 98% auto-acceptance of new users, bringing to our larger customers literally tens of millions of dollars in top-line growth and bottom-line savings.
Fraud pros might focus on basis points, those percents of a percent of fraud that Socure can prevent. But the accountants want to know how much each basis point represents in terms of dollars taken by criminals. The acquisition staff want to calculate how much each auto-accepted applicant equals in terms of lifetime value to the business, and how many are lost to the aggravation of KBA or manual review. And they want to know how much they could save in friction costs when an applicant is identified right up front as trustworthy or not. This is how they justify investing in a solution that accurately classifies the people at the door. The bad ones are kept out, while the good ones are welcomed into the family so they can become happy customers. In the public sector, this kind of seamless interaction creates happy citizens. And the organizations who offer these goods, services, and benefits happily protect themselves with the secure inclusion of only those they want in the family.
There’s the ultimate ROI : happiness.
See how Socure’s ML/AI-based identity verification solutions can deliver to you that ultimate ROI. Speak with one of Socure’s identity verification and fraud prevention experts now. We look forward to it.
Jeff Scheidel
Jeff Scheidel is a technologist with 38 years in software, including 26 years in security solution design. He is the author of numerous white papers on security and regulatory compliance, as well as a McGraw-Hill book on identity, access, database, and application protection. Jeff is an expert on compliance requirements across a number of industries, and has presented at a wide variety of security events.