Tag: analytics
The term “risk-based authentication” means many things to many institutions. Some use the term to review to their processes; others, to their various service providers. I’d like to establish the working definition of risk-based authentication for this discussion calling it: “Holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time.” Now, that “holistic assessment” thing is certainly where the rubber meets the road, right? One can arguably approach risk-based authentication from two directions. First, a risk assessment can be based upon the type of products or services potentially being accessed and/or utilized (example: line of credit) by a customer. Second, a risk assessment can be based upon the authentication profile of the customer (example: ability to verify identifying information). I would argue that both approaches have merit, and that a best practice is to merge both into a process that looks at each customer and transaction as unique and therefore worthy of distinctively defined treatment. In this posting, and in speaking as a provider of consumer and commercial authentication products and services, I want to first define four key elements of a well-balanced risk based authentication tool: data, detailed and granular results, analytics, and decisioning. 1. Data: Broad-reaching and accurately reported data assets that span multiple sources providing far reaching and comprehensive opportunities to positively verify consumer identities and identity elements. 2. Detailed and granular results: Authentication summary and detailed-level outcomes that portray the amount of verification achieved across identity elements (such as name, address, Social Security number, date of birth, and phone) deliver a breadth of information and allow positive reconciliation of high-risk fraud and/or compliance conditions. Specific results can be used in manual or automated decisioning policies as well as scoring models, 3. Analytics: Scoring models designed to consistently reflect overall confidence in consumer authentication as well as fraud-risk associated with identity theft, synthetic identities, and first party fraud. This allows institutions to establish consistent and objective score-driven policies to authenticate consumers and reconcile high-risk conditions. Use of scores also reduces false positive ratios associated with single or grouped binary rules. Additionally, scores provide internal and external examiners with a measurable tool for incorporation into both written and operational fraud and compliance programs, 4. Decisioning: Flexibly defined data and operationally-driven decisioning strategies that can be applied to the gathering, authentication, and level of acceptance or denial of consumer identity information. This affords institutions an opportunity to employ consistent policies for detecting high-risk conditions, reconcile those terms that can be changed, and ultimately determine the response to consumer authentication results – whether it be acceptance, denial of business or somewhere in between (e.g., further authentication treatments). In my next posting, I’ll talk more specifically about the value propositions of risk-based authentication, and identify some best practices to keep in mind.
-- by Heather Grover I’m often asked in various industry forums to give talks about, or opinions on, the latest fraud trends and fraud best practices. Let’s face it – fraudsters are students of their craft and continue to study the latest defenses and adapt to controls that may be in place. You may be surprised, then, to learn that our clients’ top-of-mind issues are not only how to fight the latest fraud trends, but how they can do so while maximizing use of automation, managing operational costs, and preserving customer experience -- all while meeting compliance requirements. Many times, clients view these goals as being unique goals that do not affect one another. Not only can these be accomplished simultaneously, but, in my opinion, they can be considered causal. Let me explain. By looking at fraud detection as its own goal, automation is not considered as a potential way to improve this metric. By applying analytics, or basic fraud risk scores, clients can easily incorporate many different potential risk factors into a single calculation without combing through various data elements and reports. This calculation or score can predict multiple fraud types and risks with less effort, than could a human manually, and subjectively reviewing specific results. Through an analytic score, good customers can be positively verified in an automated fashion; while only those with the most risky attributes can be routed for manual review. This allows expensive human resources and expertise to be used for only the most risky consumers. Compliance requirements can also mandate specific procedures, resulting in arduous manual review processes. Many requirements (Patriot Act, Red Flag, eSignature) mandate verification of identity through match results. Automated decisioning based on these results (or analytic score) can automate this process – in turn, reducing operational expense. While the above may seem to be an oversimplification or simple approach, I encourage you to consider how well you are addressing financial risk management. How are you managing automation, operational costs, and compliance – while addressing fraud?
By: Tracy Bremmer It’s not really all about the credit score. Now don’t get me wrong, a credit score is a very important tool used in credit decision making; however there’s so much more that lenders use to say “accept” or “decline.” Many lenders segment their customer/prospect base prior to ever using the score. They use credit-related attributes such as, “has this consumer had a bankruptcy in the last two years?” or “do they have an existing mortgage account?” to segment out consumers into risk-tier buckets. Lenders also evaluate information from the application such as income or number of years at current residence. These types of application attributes help the lender gain insight that is not typically evaluated in the traditional risk score. For lenders who already have a relationship with a customer, they will look at their existing relationships with that customer prior to making a decision. They’ll look at things like payment history and current product mix to better understand who best to cross-sell, up-sell, or in today’s economy, down-sell. In addition, many lenders will run the applicant through some type of fraud database to ensure the person really is who they say they are. I like to think of the score as the center of the decision, with all of these other metrics as necessary inputs to the entire decision process. It is like going out for an ice cream sundae and starting with the vanilla and needing all the mix-ins to make it complete.
Learn More Image
