“Insanity is doing the same thing over and over and expecting different results.” -Albert Einstein
The issue of identity management is big and complex, and while some are making incredible strides to solve identity issues, the fraud that stems from ineffective identity management plagues businesses and government agencies everywhere.
National Identity Management Day occurred this week, and it was a great way to champion the work going into identity-related problem solving, while also shedding light on what still needs to be done. But identity management deserves more than just a yearly reminder. Rather, it needs to be an always-on mindset for every organization that wants to protect its users and eliminate fraud.
Effective identity management should be a focus every day because current approaches are lacking and uncoordinated, and that is preventing efforts at having a widespread impact that the country desperately needs. The issue, quite simply, is that identities are not being accurately verified, and that’s allowing fraudulent behavior to enter financial, social services, and other types of systems while creating inequality across different demographics. Each and every time this happens, it weakens our social and economic infrastructures.
We need a sense of urgency to drive broad impact and enable the facilitation of easy access for the right people to the goods and services they deserve. This requires those who make decisions about identity management systems and processes to change their approaches and behaviors – in other words stop doing the same thing and hoping for different results.
The fact is that too many of the approaches taken to solve identity management would be recognized by Professor Einstein as, well, insanity. The problem is that they’ve become hardwired into our behaviors and thinking; in some cases they’ve even been embedded into legislation. There is a reluctance on the part of many in positions of authority to consider alternative, better ways. Shouldn’t we seek a different way forward, an ongoing commitment, one that involves the orchestration of public sector organizations, private enterprise, and individuals, all in the name of eliminating fraud through more effective identity management?
In the spirit of treating every day like it’s National Identity Management Day, let’s put an end to cyclical behaviors and the “it’s always been done this way” thinking that impedes our institutions from managing digital identity and fraud prevention effectively.
Herewith is a list of things that, if stopped, will yield some surprisingly positive results in our pursuit of a better path forward:
1. Stop pretending that fraud has been solved
In fairness, it’s unlikely that anyone has ever claimed that fraud has been solved, but the decisions made by many make it seem that fraud prevention is just a box they’ve checked in a loosely-defined set of identity management requirements.
The great philosopher, Heraclitus, said that no person can step in the same river twice, and fraud is very much like that. There can be an instance where no fraud exists, but time is not frozen and just as soon as all applicants to a system are adequately verified, there is a new batch of users bringing innovative ways to fake their identities. Much like Heraclitus’ river, the fraud landscape is continuously changing, and that will never stop – fraud is an always-on proposition, and the need to defend against it requires the same.
We do not live in a world where we can solve the issue by just reducing bad identities, because eventually there’s an unintended impact on good identities. The solution, therefore, is to apply systems that can identify bad identities without discouraging or rejecting good ones. Applying precision through automation that is informed by data science can help us get exponentially better. But first, we have to stop addressing identity management as an afterthought.
2. Stop relying on KBA
Knowledge-based authentication (KBA)is a type of authentication that looks to prove that the person providing identity information is truly that person. Once considered the industry standard for financial services, KBA is now considered a legacy solution for verifying identity online. This ‘ancient’ process is inconvenient, ineffective, and it causes frustration for valid customers and users. Not to mention, fraudsters can easily override the KBA process using compromised personally identifiable information (PII).
Many systems still use KBA because it seems, on the surface, to be a logical solution – write good rules and don’t let users in when they break those rules. But bad actors , even unsophisticated ones, know how to circumvent those rules. Rules also change, but the KBA systems put in place don’t always adapt fast enough.
What happens too often with KBA is the double-whammy of identity verification bozosity – it doesn’t catch bad actors and it creates friction and frustration for legitimate users. Why is anyone still using it?
3. Eliminate identity management silos
As bad actors constantly change their attack vectors and approaches, the data on fraud changes as well. Ideally, that fraud data should all be put to collective use to improve how we construct identity management systems. The problem, however, is that that data doesn’t get shared with the proper fraud decision makers, and prevents the future-proofing of identity management approaches.
As companies, states, and federal agencies get smarter about fraud by improving how they detect and manage it, that knowledge needs to be networked and shared, albeit judiciously, so that all organizations with a vested interest in eliminating fraud can apply this knowledge to current trends and changes. There are a variety of ways in which this can be accomplished, but the first step is to put an end to behaviors that have proven to be ineffective. The goal of identity management should be to accurately verify identities in a way that reduces fraud, yet doesn’t negatively impact the consumer experience.
National Identity Management Day is an important reminder that raises awareness among business leaders and technologists, and we applaud the efforts of those who are trying to solve the complex challenges of identity-related issues. We at Socure know that it will take a network of the willing to win the fight, and it starts by making identity management an always-on priority. Learn more about our identity management solutions and our commitment to helping government agencies and financial institutions streamline identity verifications and program integrity with the most accurate and inclusive identity platform on the market.
Jordan Burris is the Vice President of Strategy - Public Sector at Socure. In this role, he partners with government leaders to develop and scale Socure's public sector offerings for identity verification and fraud detection. This includes leading efforts to promote and evangelize industry leading concepts in digital identity inclusion and fairness.