In 2002, a staggering number of individuals (161,819) in the US reported to the Federal Trade Commission that their identity had been stolen. This brought the number of reported incidents of ID theft to nearly 300,000 since the inception of the FTC's database clearinghouse in 2000. While identity fraud is nightmarish for the individual involved, it is no walk in the park for lenders either.
In an ideal world, a lender would be able to answer a single two-part question: "Is this a legitimate identity, and is this individual the right owner of it?" Absent a national identification system, there is no IT solution today that can answer the second part of this question. With that said, annual lender losses of an estimated $1 billion make a compelling case for trying.
For most lenders, identity theft is a difficult-to-quantify risk. The most logical investors in the available technology solutions are lenders with large consumer loan portfolios and thus increased fraud exposure. In addition to high-volume lenders, those lenders planning to drive account opening to self-service or call center channels will also have an easier time justifying increased expenditures.
For other lenders, there remains little IT money available to fund authentication tools. Since the ink is barely dry on the USA PATRIOT Act, its impact on driving investment in this area is still unknown. Regulators have not yet begun to weigh in on whether financial institutions are meeting the requirements. And even if they are, the jury is out on whether the technology will be a factor in stemming burgeoning losses.
Ultimately, lenders have always been willing to accept a certain amount of risk, and fraud losses (if not rising) remain an area of complacency. Periodically, though, there is a need to revisit the assumptions--and given the potential economic and geopolitical impact on a lender's bottom line, the time is now. Emerging concept products using less costly Web services can be packaged with existing fraud or compliance tools to make ROI less elusive.
Institutions should take a strategic approach, since the exposure is considerably greater on an enterprise-wide basis -- as is the reward. In fact, a dual-front approach with the emergence of an industry initiative--a consortium of sorts (perhaps in partnership with one or all of the US credit bureaus)--to incorporate information databases would have the greatest payback.
Recent attempts by lenders to raise consumer awareness of the damages of identity theft include individual mailings to encourage care with personal information. Several government agencies, including the FTC and the Federal Reserve Bank, are now involved in both orchestrating media coverage and organizing more centralized reporting. These efforts may be starting to pay off, as different types of credit fraud losses associated with identity theft have taken a downward turn even while other types of fraud increased.
Yet it is unlikely that attempts to stop identity theft at the source will be any more successful than efforts to stop the theft of credit card information have been. The best way for lenders to put a dent in this type of loss is to prevent the stolen identity from being used in the initial loan application process.
The problem with this approach is that the technology used to authenticate a person's identity at the point of sale is not mature, and the loss associated with identity theft is random and unpredictable. Unless financial institutions have been involved in substantial losses of this type, they've typically been unable to justify the IT expenditures--let alone fund research and development.
Nevertheless, several authentication solutions are available for industry participants, including the following:
Identicate, from American Management Systems, Fairfax, Virginia, helps banks authenticate new online customers by asking them things that they ought to know. The system accesses multiple databases to retrieve information that can be used to ask questions specific to the applicant. It generates questions that only that individual should be able to answer, evaluates those answers, and then produces a normalized score for inclusion in the decision analysis.
TransUnion Canada (TU), one of the largest Canadian credit bureaus, chose to partner with AMS and use Identicate to support its bank client base. In doing so, the credit bureau brings with it an abundance of accessible, personal data in order to generate meaningful multiple-choice questions.
LexisNexis Group acquired RiskWise, International in September 2000 and now offers a two-pronged solution. To comply with the PATRIOT Act, LexisNexis and the American Bankers Association jointly developed InstantID, which simultaneously searches against multiple independent data sources and return results. A second predictive tool, FraudDefender, can be used to supplement InstantID. FraudDefender is a logistic regression model built through comparisons of data from public record databases, and is used to predict the likelihood of a fraudulent transaction. FraudDefender searches multiple noncredit databases looking for confirmation of identity, conflicting data or slight variations. It reports back a statistical score to the financial institution, which is used in concert with other scores in the institution's decision process.
Bankers Systems, Inc., a provider of compliance resource solutions to financial institutions, offers a tool called IDFlag that provides validation, verification and risk detection. IDFlag was launched as a Web-based solution, but in 2003 a customizable electronic solution will be rolled out to the existing customer base of more than 300 users. Powered by a search technology from LexisNexis RiskWise, IDFlag queries a large number of information databases, performing real-time or batch comparison of information on a consumer's application. IDFlag seeks to differentiate itself from similar models by presenting detailed instructions on how to proceed in high-risk situations.
ID Analytics, Inc. has designed a scoring model known as ID Score, which is based on graph-theoretic anomaly detection. The solution is a potential partner to strengthen other offerings like Identicate from AMS or a credit bureau fraud match service.
TowerGroup: Celebrating 10 years of trusted research and advice to the financial services sector
Register now for the TowerGroup 2003 Business and Technology Conference: "Linking Technology, the Customer & the Bottom Line" April 30 - May 2, 2003 in Boston, Massachusetts To find out more, visit http://www.towergroup.com/public/conf03/index.html
This article originally appeared in Bank Systems & Technology eNEWS,
a weekly e-mail newsletter. To order a free subscription, click here:www.submag.com/sub/by?tc=1&wp=wpdly1&pk=WMNE