As fraud escalates across the globe, modern fraud prevention demands agility and the breaking down of organizational silos. The most prevalent types of fraud rely on stealing identities, masquerading as legitimate users, and scamming real customers into parting with their money. Traditional fraud detection can’t help in these scenarios because they’re standalone solutions (strictly transactional, focused on applications, or ATO detection, etc.). Even the platforms that claim to do multiple things, do them completely independent of each other. And they’re black box – which by default makes them limited.
As Equifax notes, using a combination of authentication and modeling techniques is the best approach, and “Predictive modeling can demonstrably help reduce losses from true-name identity theft.” Their studies show that predictive tools which leverage user behavior, activity rate, and known fraudulent behavior are effective in detecting fraudulent activities in real-time. All of this comes down to identity.
The role of identity in fraud prevention
Many fraud management systems talk about using profiles to limit fraud losses, but when you dig into it you realize they lack a complete, detailed identity profile for all users that interact across digital channels. This means more than just individuals who log in. To effectively combat fraud, you need a detailed picture of all journeys and interactions from anonymous to known to authenticated.
Think about the journeys you take on a digital device today as a consumer - not everything you do happens in an authenticated state. There's quite a bit of value in the interactions that happen at each step in the journey. If you don’t start capturing data as soon as an individual lands on your digital properties, you’re missing critical insight. For marketing it’s easy to see the connection – a customer profile allows signals to be developed based on things a visitor may be interested in buying or looking at, which are used to trigger offers, campaigns, or other marketing activities. Those same signals can provide huge value in preventing fraud, especially when combined with behavioral biometrics, but they must be stitched together into a comprehensive identity graph to be effective. This falls directly in line with KYC (Know Your Customer) principles. Knowing who your customers are better illuminates who they’re not – i.e., a fraudster.
The key to reducing false positives and providing real-time opportunities to detect fraud and intervene is building robust identity profiles that ultimately link data across channels, domains, and devices via a first-party Identity Graph. This enables you to connect anonymous journeys to authenticated users over time based on key identifiers. With the appropriate data model linked to these profiles, you'll have the most evidence at your fingertips to make the best decision in the moment.
When it comes to creating those links between an anonymous session and other authenticated sessions, there are two main elements to consider:
- The ability to persist identity over time on each digital device is critical to having the best chance of recalling who that individual is the moment they arrive on a particular channel.
- The ability to capture PII in a secure, compliant, and first-party manner as individuals provide that information throughout their digital journeys.
The first point relies on having a first-party data capture solution with the ability to identify and persist profiles in a way that is unimpacted by Apple's Intelligent Tracking Prevention (ITP), recent browser changes, and ultimately the varying degrees of privacy legislation around the globe. This means a data capture solution that lives within your protected environment – that’s not at risk, doesn’t jeopardize compliance, and doesn’t expire.
The second point focuses on trust and data ownership. Today's fraud management solutions are mainly third-party in nature or only receive hashed IDs to build profiles and power anomaly detection. This creates barriers to live-time fraud prevention because data transfer is limited and delayed. Black box fraud solutions aren’t enough to deliver a robust identity profile to help prevent fraud in live-time.
PII data plays a vital role in fraud detection. We've seen upwards of 30% of fraudulent activity better identified with the addition of PII that extends beyond a simple hashed ID. In a world where organizations continue to struggle with balancing between limiting fraud losses and lowering the number of false positives, a fraud management strategy without PII is leaving the door open to key misses in your fraud prevention strategy.
What’s “live-time” got to do with it?
The term "real-time" is used (and abused) on 1000s of vendor websites, with 1000s of definitions of "real-time" as well. But what does that really mean? To some it’s seconds, some minutes, and some even hours. Obviously when talking about fraud prevention, milliseconds are the only timeframe that counts – anything longer is irrelevant.
But it’s not just about when you get the data, it’s about what data you get and when you can act on it. Most fraud solutions deliver a score in “real-time” but it doesn’t provide any background data or context around that score, and you can’t action it in real-time. To actively prevent fraud you need to capture comprehensive data, analyze and stitch it across sources to create a full customer profile, and deliver the triggers, decisions, and actions directly to your fraud platforms. And don’t forget the most pivotal link – you need every piece of this puzzle to execute in milliseconds – i.e., BEFORE the fraud occurs.
Again, most data capture solutions struggle with setting identifiers, persisting those identifiers, or recalling who someone is as they land on a digital touchpoint based on those identifiers. This inability to resolve identity causes delays which impede live-time fraud prevention. Even if you get the data in so-called “real-time”, if you can’t decision it or act on it immediately it doesn’t do you much good.
Let's think about what you need to be able to do when someone arrives on your website, mobile app, or other digital channel - before you even begin to think about decisioning or reacting. These 5 steps form the basis for identity resolution in fraud prevention:
- Determine if you know who the person is based on a persistent identifier on the device and whether they’ve been there before.
- Recall the history and profile attributes of that individual.
- Append the current session, inclusive of the journey, interactions, and behavioral signals that may be relevant to the historic profile as they happen.
- Enhance the Identity Graph for the individual if anything is provided (i.e., email address, login, phone number, etc.).
- Send relevant data, from the current session or history or both, to the right systems in the right format to allow for decisions, triggers, actions, etc.
It’s a big list, and the most challenging aspect is you must do all of it in milliseconds to catch fraudsters in the act. To be specific, decisioning should happen within 30ms to effectively detect and prevent fraud. Since decisioning would be Step 6, you can see how little latency you have room for in the data capture part of the process.
First-party enables live-time, which empowers true fraud prevention
Going back to “what data you get” in live-time, first-party data capture is a key component. To capture actionable, non-generalized, trackable data, your data capture solution must live within your environment, behind any firewalls and protections, to remain compliant and facilitate instantaneous data transfer. A first-party data capture solution is the only way to ensure you’re getting identity resolution and behavioral biometrics in live-time. And first-party data is the only data that doesn’t get blocked or deprecated due to privacy regulations. With a first-party solution, persisting identity is a non-issue.
Imagine being able to identify, in-the-moment, that a user made multiple attempts to start an application on your banking website, then abandoned it, and started a new application on another of your brand sites - with different information. Or that a customer who never uses mobile is logged into their banking account on the website and simultaneously on a mobile device. With live-time decisioning your fraud management solution can immediately take action to intervene and either validate the mobile user is legitimate, or pause the session to prevent any fraud from happening.
Now imagine you could do all that with full ownership of the data captured, complete integration with all your fraud platforms, and 100% compliance. It’s a gamechanger for live-time fraud prevention. Celebrus is an innovative technology that captures and contextualizes all customer data, including PII and behavioral biometrics, to resolve identity in milliseconds and inform your fraud prevention strategy. A true first-party solution, you retail full ownership and control of all the data so you can decision and action it in live-time, effectively preventing fraud instead of just managing it.
