Bruno Farinelli
The Need for Identity Proofing
Online, people can pretend to be whomever they want. And thanks to data breaches, phishing attacks and more, fraudsters can quickly and easily find personally identifiable information (PII) on unsuspecting consumers and use it to circumvent the simple techniques many e-commerce merchants rely on for identity verification.
As a result, it’s no longer enough for merchants to ask a customer to enter a user name and password; instead, to weed out legitimate customers from fraudsters, merchants must get creative and adopt a combination of advanced authentication factors, such as:
- Something customers know (e.g., user names, passwords, challenge questions, dynamic knowledge-based authentication, PINs)
- Something customers have (smart cards, tokens, etc.)
- Something customers are (e.g., retinal scans, fingerprints, voice recognition)
This process of analyzing several pieces of confidential information to authenticate an individual is called identity proofing.
How Merchants Can Confidently Authenticate Customers
To establish the right approach to identity proofing, merchants can consider adding a mix of techniques such as the ones below.
1. Upgrade to Dynamic Knowledge-Based Authentication
Traditional static knowledge-based authentication (KBA) methods — like “Where did you go to high school?” or “What was your first pet’s name?” — are traditionally the weakest, because it’s easy for fraudsters to guess or find the answers to these questions online.
Dynamic KBA improves on this method by creating on-the-fly, time-sensitive questions that are harder for a fraudster to quickly answer but easy for the legitimate customer. These questions might look like, “On what street have you lived in the past 10 years?” or “What was the amount of your mortgage payment last month?” and offer several possible answers. Data for these questions is gathered from public records or third-party agencies and is delivered to, but not stored on, an e-commerce merchant’s authentication system.
2. Layer Identity Proofing Strategies
Layering identity assessment strategies — ideally, using at least two of the factors from something you know, are and have — increases confidence that the customer is who they claim to be and makes it harder for fraudsters to compromise sensitive data. Each new layer backstops the one before it, protecting against current threats and legitimizing a customer’s identity claim.
3. Implement Out-of-Band Identity Proofing
With this approach, if a customer locks themselves out of their account because they’ve mistyped their password too many times, the system will call or text the phone number on file and deliver a temporary password or a verification code that unlocks the account. This type of identity proofing is one of the most secure, because it removes verification from being online-only.
4. Add Risk-Based Authentication
Instead of applying the same identity proofing strategy to each customer, consider implementing a risk-based solution that modifies authentication methods based on transaction risk. Transactions deemed to be more secure might require only simple device recognition for approvals, while those considered at-risk might also require one-time passwords or dynamic KBA responses.
5. Choose a Robust Fraud Management Provider
Fraud is a pressing issue for merchants, and those without adequate defenses may find themselves the target of cunning fraudsters. When merchants can flag suspect transactions early using a comprehensive fraud protection program, they can stop fraud before it occurs, saving time and money and protecting their reputation and customers.
Although a customer’s identity can’t always be proven with 100% certainty, ClearSale’s outsourced fraud protection solution helps give you the confidence you need to grow and protect your business. Contact one of our fraud specialists today to learn why companies around the world trust our solution to increase approvals, reduce false declines and eliminate chargebacks.
