Why Document Verification and One-Time Passcodes Miss the Boat on Fraud Detection

Let’s start with a hypothetical scenario: Meet Jake. Today is Jake’s 18th birthday, and in addition to voting and playing the lottery, he is now old enough to open a bank account on his own. After all, he needs a place to save all of his lottery winnings! 

Imagine you are the bank with the opportunity to onboard Jake as a new customer and start his journey into the financial system. As part of the account opening process, you may use document verification (DV) to confirm his identity and then issue a one-time passcode (OTP) check for extra security and authentication purposes. Over the next couple of years, Jake will be issued a credit card, will build a commendable payment history, then boom, out of nowhere, he’ll max out his card and never pay it back. 

This story has an unhappy, but not unfamiliar, ending—you see, it turns out that Jake was a seasoned fraudster, and those lottery winnings were funds acquired from fraud schemes. Financial institutions are faced with manipulated identities every day and have to ask, how does this kind of thing happen, and how can it be avoided?

How do fraud schemes circumvent document verification and OTP?

Fraud scheme innovation coupled with unparalleled volumes of data breaches have resulted in an environment in which DV and OTP are not comprehensive enough as point solutions in preventing fraud. Many fraud types, including synthetic fraud, first-party fraud, deep fakes, and spoofing, exhibit the potential to exploit the gaps in the DV + OTP combination. In the aforementioned example, Jake was tied to a phone number and was biometrically identified; however, some critical checks were overlooked. In this example, let’s assume that the methods used are 100% accurate with no false-negative results. Here’s what was not considered: 

1. First-party fraud association: The verification methods failed to notice that Jake had a history of committing first-party fraud. No consortium databases or device signals were used to determine whether Jake or the device he was using had been previously associated with fraud. 
2. Phone verification: The methods used did not recognize that Jake was not the legitimate owner of his phone. Simjacker attacks exist in which spyware-like code instructs a mobile phone’s SIM Card to “take over” the phone and perform sensitive commands. According to research conducted by cybersecurity provider, Enea, the Simjacker vulnerability exposed more than one billion smart device users to cybercriminals. 
3. Poor friction-to-fraud-detection ratio: Because neither solution passively authenticates, they likely created additional, unnecessary friction that prevented good customers from onboarding. Mantl, an omnichannel account opening platform, notes that “every additional 10 seconds added to an application process directly correlates to a 5% increase in application abandonment.”

How Socure’s graph-defined approach provides the most accurate identity verification 

To guarantee a beneficial ecosystem of trust, next-generation identity verification methods must accurately flag manipulated identities while providing frictionless access for legitimate consumers. To achieve this balance, Socure employs a graph-defined approach that uses machine learning (ML) and consortium feedback data with actual decision outcome data, trusted by more than 1,700 customers. This approach provides us with specific, accurate decisioning data about good and bad identities and fraud outcomes, which enables us to detect malicious actors on the basis of behavioral-, transactional-, geographical-, and velocity-related anomalies. 

The consortium data informs an ML-driven model that is built on Socure’s binary classification engine, analyzing over 8 billion records and more than 1 billion known good and bad identities to achieve the most accurate view of identity possible. The consortium is continuously fed via Socure’s API with new decision outcome data, and as the consortium gets larger with each incremental customer and participant, the Socure platform gets smarter by receiving feedback data from the expanding network of top brands across multiple industries to continually improve results. Our network intelligence ingests this customer data persistently through the feedback API and thereby builds—and continuously strengthens—the ML model as it cleanses and adapts to this intelligence.

Most DV and OTP solutions simply do not have the ability to identify and assess data in the way that an ML-driven solution like Socure can, because Socure offers:

1. A comprehensive view of identity: Socure has spent more than 10 years producing an identity verification model that has increased fraud capture rates by 35-45%. The result is a comprehensive platform that evaluates all dimensions of risk including: name, email, phone, address, date of birth, Social Security number, geolocation, device, velocity, transaction information, merchant details, and historical purchase behavior.
2. A passive authentication experience: The beauty of the graph-defined identity network is that it works behind the scenes. This model drives growth at scale with passive and highly accurate fraud prediction to onboard new customers without adding friction at account opening, and also meeting compliance mandates. 
3. A cost effective approach: After the frictionless identity verification is completed, only those users that appear risky are escalated to an identity document verification check. The riskiest populations see tertiary controls, such as manual review. This progressive onboarding reduces reliance on costly document verification and manual reviews, which in turn optimizes overall operating costs. 

The result is a comprehensive identity verification platform that is continuously improved through dynamic data and automated ML, which enables Socure to better identify and assess Jake in the story above. It’s the essence of what qualifies Socure to be the identity verification layer of the internet as well as what distinguishes the Socure platform from other single-point solutions, such as DV and OTP. 

Learn more about why Socure is trusted by 1,000+ top banks, cryptos, and fintechs, and how our graph-defined identity verification promotes trust amid fraud innovation. Speak with an identity verification expert today, and further explore the ID+ platform here.