The Two Faces Of Digital Identity Authentication

Devhub Login

Products
Products Experience the power of graph-defined identity verification.
Platform

Fraud Risk

Compliance

ID Document Verification

Account Intelligence
Platform

. Socure ID + Platform
The new standard for digital identity verification, providing real-time, predictive analytics for the most accurate and comprehensive identity verification and fraud prediction—all through one API.

Socure named a Leader in The Forreseter Wave
Identity Verification Solutions Q4 2022
See more

Fraud Risk

. Sigma Identity Fraud
Analyze every dimension of a consumer identity to capture up to 90% of fraud in the riskiest 3% of users.

. Sigma Synthetic Fraud
Identify and isolate synthetic identity risk at enrollment and in existing customer portfolios.

. Address RiskScore
Predict the risk of an address utilizing various risk intelligence and residency attributes.

. Email RiskScore
Predict the risk of an email and its correlation to an identity.

. Sigma Device
Predict the risk associated with a device while binding known identities to known good devices.

. Phone RiskScore
Predict the risk of a phone number as well as ownership utilizing various risk intelligence and phone number attributes.

Compliance

. Socure KYC
Achieve the highest auto-approval rates for all ages and populations with the highest level of matching accuracy across each PII element.

. Global Watchlist Screening with Monitoring
Identify risk by matching identities against sanctions and enforcement lists, as well as PEP and Adverse Media registries worldwide.

. eCBSV
Instantly verify consumer provided name, SSN and DOB with the issuing authority - enhancing compliance and promoting financial inclusion.

ID Document Verification

. Predictive DocV
Authenticate government IDs, stop spoofing attacks, drive better decisioning, and approve more good users on the first try.

Report
3 Warning Signs That Your ID Verification Process is Robbing You of Revenue
See more

Socure Account Intelligence

. Socure Account Intelligence
Accurately verify account ownership and status with consortium-powered analytics while supercharging customer conversion and reducing risk.
Industries

Industries Seamlessly onboard more good customers while preventing fraud—no matter your industry.

.

Financial Services
Verify identities and stop fraud throughout the customer lifecycle, while meeting the most stringent compliance requirements.

.

E-Commerce Marketplace
Strengthen the reputation of your ecosystem and instantly onboard more consumers and sellers without increasing risk.

.

Sharing Economy
Ensure trust & safety while instantly onboarding more consumers, sellers, and gig workers without increasing fraud.

.

Online Gaming
Maximize player conversion rates and reduce identity fraud losses while maintaining compliance.

.

Buy Now Pay Later (BNPL)
Auto-accept more shoppers, attract more merchants, and protect your customers from identity fraud.

.

Public Sector
Increase auto-verification rates of eligible individuals, improve program integrity, and eliminate manual reviews.

.

Crypto
Verify identities faster and accelerate time to funding, trading, purchase, and storage.

.

Workforce
Register and onboard more good applicants with passive identity verification.
Resources
Resources Stay up to date on industry news, trends, and Socure's world-class solutions.
Fact Sheets

Case Studies

White Papers & Guides

Reports & eBooks

Webinars

Events

Blog

Glossary

Insights Guides
Synthetic Fraud White Paper
Read about how we will eradicate synthetic identity fraud by 2026.
See more
Partners
Company
Company Learn more about the award-winning people and technologies that power Socure.
About Socure

News & Press

Careers

Events

Socure Risk Insights Network
Socure named a Leader in The Forreseter Wave
Identity Verification Solutions Q4 2022
See more

Home News The Two Faces Of Digital Identity Authentication

There are two primary concerns in the payments industry’s quest to achieve effective security and fraud protection: businesses’ own data, and the digital identity of consumers. Sunil Madhu, Founder and CEO of Socure, discusses with MPD CEO Karen Webster a methodology that can address both of those factors with equal effectiveness.

While there’s a concern throughout the payments and commerce ecosystem that any digital identity being presented might not be what it seems (i.e., fraudulent), that potential duality manifests into a literal one in the goals that businesses seek to achieve: protecting account data while simultaneously authenticating a customer’s identity.

Karen Webster recently spoke with Sunil Madhu, Founder and CEO of Socure, about the need for a digital identity authentication solution that does not give either one of those concerns short shrift.

KW:There’s a lot of attention being focused on the differences between protecting the payment stream and protecting the customer data stream. What are your thoughts on that distinction with respect to the focus on security in payments today?

SM:Most solutions in the marketplace focus on both sides of the fence, if you will.

Identity verification is obviously important, as is examining the behavior on an account over time to determine that the person using the account is the same one who opened it in the first place.

There are different sets of tools available for those two areas.

On the one side, new account openings and identity verification has historically been handled by data brokers and credit bureaus that possess a lot of offline information about consumers and verify them based on that data.

That method isn’t working well anymore, for a few reasons. All of that data is public to begin with and a lot of the credit bureaus have been breached, leading to consumers’ PII (personal identifiable information) being stolen and sold to fraudsters.

More importantly, demographics are changing. Fifty-one percent of the world’s population today is millennials (people between the ages of 18 and 34), and those individuals are treated as thin-file by the bureaus, given that there’s often very little offline information about them. Meanwhile, 50 million adults in the U.S. are outside the banking system; and compounding that problem is the fact that the financial collapse turned a lot of good credit (in regards to individuals) into bad.

That’s why we think that using online and social data, in addition to that offline data, in order to validate the legitimacy of consumers interacting with FIs is a viable strategy.

It’s very difficult for a fraudster to fake social proof — for example, the network effect of creating online friends, followers, etc. Using social data as an augment to offline data, we think provides the opportunity to discern more accurately if the person interacting with a business is in fact who they claim to be.

On the other side of the fence — examining behavior over time — a lot of solutions have started to use step-up authentication or multi-factor authentication as way of ensuring the legitimacy of a transaction. Increasingly, those methods rely largely on biometrics.

But utilizing biometrics alone is insufficient, because it is possible for a fraudster to associate their biometrics with a legitimate consumer’s PII; it’s happening with Apple Pay, which — despite utilizing Touch ID — has about 60 times the fraud rate of swipe cards.

In order to get the utopian state where we’re able to eliminate online transaction fraud or account takeover fraud, you have to bind the verified identity to a biometric or to step-up authentication credentials. That binding ensures that when credentials are presented, there’s no way that they could have been stolen and reused by a fraudster.

The combination of these two things — augmenting offline data with social data, and the binding of an identity — prevent the need for us to look at things like the device being used or payment behaviors, et al.

KW: Isn’t that one of the problems that payment tokens are trying to solve for?

SM: FIDO is obviously one of the organizations that are trying to do tokenization; there are also a lot of private enterprises coming up with their own tokenization schemes.

Knowing how slow technology gets adopted in the industry — credit cards, for example, took decades — you’re really looking at the next 15 to 20 years before we move to such a scheme.

As we move to stronger authentication and biometrics in any kind of step-up or multi-factor mode, it’s important to note that there is no standard for any biometric credential.

The technology for each type of biometric credential — fingerprint, face, voice recognition — is actually proprietary.

Regarding tokenization, the first challenge is getting the industry to agree upon a standard for interoperable credentials, as well as for which constitutes a trustworthy ID. Then there’s the larger problem of creating a trusted identity against an authenticator wherein the biometric credential itself is proprietary.

There’s still a lot to be done in solving both of those problems in order for tokenization to be useful.

KW: The move to online, driven by mobile, is forcing this lack of distinction between the offline and the online worlds. I think that will accelerate the intensity of the ecosystem to find an identity authentication solution that actually can be deployed across channels — one that isn’t device dependent, but is person dependent.

SM: Most of the transactions that people are making today are still taking place offline. But I agree with you that the adoption of mobile in a lot of different markets will accelerate that growth.

It’s great that the industry has recognized the problem surrounding digital identity and is starting to move toward a consensus solution … but, optimistically, I think it will be a decade or two before we see the outcome.

And in the meantime, we still have to deal with fraud.

KW: A lot of the bureaus have tried to look at social attributes as the way to build the thin files of the consumers you describe into thicker files, and they’ve determined that that’s not necessarily appropriate if you’re making a risk assessment for an individual.

But I suppose what you’re doing is just trying to say that “Joe is Joe” and “Sally is Sally” — and, for that purpose, social is effective. Is that the working theory?

SM: Although our system isn’t used to create credit models, it actually does both of the things you describe.

We de-risk the authenticity of an identity, and we also make a fraud prediction.

Fraud varies from one industry to another. In the merchant space, the focus tends be on chargeback fraud, while issuing banks care more about synthetic ID fraud, and a lender might care about first payment default fraud, et cetera.

What we’ve been able to do is obtain data from our customers — financial institutions and global payment companies — in terms of who is actually committing fraud in their industry. That’s allowed us to train artificial intelligence machine-learning systems to discern between the features of a person committing fraud and those of people whose identities have been stolen and are being used for fraud (of various types).

Our system looks at data spread across different networks, combines them with offline PII, and determines whether or not they correlate well — a determination that can be meted out both by social proof (or a lack of it) and an assessment as to whether or not the features of identity are indicative of fraudulent behavior in a specific industry or vertical.

It’s the combination of those things that makes our system effective and empirical.

KW: Is the application of your technology used mostly to validate the identity of a consumer when they are taking a new action, or is it inserted into the payment stream in the midst of transactions that are happening?

SM: Again, there, our system is used in both ways.

We’re used both in account opening and in post-account openings — instances where people have changed their profile data. In the remittance industry, for example, we’re used on every transaction.

KW: The industry obviously can’t wait 20 years for an effective digital identity authentication solution — we needed one 10 years ago. What do you think is a shorter-term path to both protecting consumers and giving relying parties assurance that an identity is legitimate?

SM: The best way to do that is, simply, to actually do it.

Regulation typically lags behind the market; there is no standard, for example, for KYC – knowing your customer compliance — technology simply has to be proven out. And we intend to do that with ours.

We intend to show the world that relying on credit bureaus and offline data is no longer the most effective method, and that much more empirical models can be created by combining a variety of what was once esoteric data and applying it in meaningful ways for much better outcomes.

And we expect to be able to do that in less time than 10 years.

Resources

Quick Links

The Two Faces Of Digital Identity Authentication

Identity Starts Here.