Historically, ID verification solutions have been deployed to verify a consumer’s identity. Whether it is a new loan application, credit card application, new checking account or other, the financial institution has relied on ID verification solutions to confirm that the applicant’s identity credentials are correct. Verifying this information stems from a critical need to combat identity fraud, as well as to meet various compliance needs such as Bank Secrecy Act, Patriot Act and the Fair and Accurate Credit Transactions Act (FACTA).
However, over the past few years, it has become much more difficult to do because of the explosion in data breaches. According to the Identity Theft Resource Center (ITRC), there were 781 reported data breaches that left more than 169 million identities vulnerable in 2015 alone. The ITRC also found an additional 489 breaches through June 21, 2016. When an identity has been breached and the fraudster is using the victim’s identity credentials to attempt to open a new account, traditional ID verification solutions are simply confirming that the fraudster has the correct credentials.
Playing the “match game” is not a fraud prevention strategy
When consumers apply for a new loan, deposit account or other financial account, they typically provide their name, address, social security number (SSN) and date of birth (DOB). As part of the financial institution’s fraud and/or compliance strategy, the FI attempts to verify that the information provided is correct. When you look at the individual data elements, the match rates for Name, SSN and DOB are typically very high, sometimes approaching 100 percent. Why? Because the verification solutions compare these credential to what is maintained at the credit bureaus. When you consider that consumer’s name, SSN and DOB rarely change, it makes sense that these credit worthy consumers will “match” to these identifying identity credentials at the credit bureaus.
Also, as we discussed, if the identity has been breached, we would simply be verifying that the fraudster has the correct credentials of the victim.
However, when it comes to address, it is a very different story. Every year 15-20 percent of consumers will change their address. On top of that, the credit bureaus are notoriously slow at updating a consumer address. As such, the address verification rates are typically much lower. Typically, 75-80 percent of new account applications will “match” on address to the credit bureau or other verification sources. This leaves 20-25 percent of all credit worthy applications that need to be resolved.
Address changes are a top set-up event for fraud
From an identity fraud perspective, address is the key. When the fraudster has a compromised identity, they can and do use the correct name, SSN and DOB of the victim. However, when it comes to address, they don’t list the victim’s address. They list the address that they control. Why? Because, when the account is approved, they want to ensure that all credit cards, debit cards, checks, and statements are delivered to that address – not the victim.
To compound this issue, the Fair and Accurate Credit Transactions Act (FACTA) Red Flags now require financial institutions to resolve these address discrepancies before opening the account. This new regulation was put in place exactly for the reason we just covered. Because this is precisely how fraudsters open up new accounts in the victim’s name.
So we have two issues to tackle: identifying whether an address belongs to a legitimate customer, and verifying whether that address matches the rest of the customer information on file. Address discrepancies are the biggest pain point of any ID verification solution as it drives so many mismatches and it is where the identity thieves are hiding.
The standard approach is to take these mismatches and use manual methods to resolve them with other verification sources, for instance, using the white pages and confirming the name to address or other sources. Typically this can resolve up to 50 percent of address mismatches. The end result is very high manual review costs and, more importantly, this still leaves up to 10-13 percent of applications in an unresolved state. Financial institutions understand that the vast majority are good and valuable applications, but are unable to open the accounts due to compliance reasons. Historically, this issue has been perceived as a “cost of doing business.”
However, this does not have to be the case. We understand that doing a much better job at understanding and verifying the address issue is the key to the next generation of ID verification solutions. No longer is it viable to verify the name, SSN and DOB and fail on address. If financial institutions continue to treat this issue as a “cost of doing business,” they will continue to decline good accounts while leaving the door open to identity theft and fraud.
So how can we do it better?
The first thing we need to focus on is having more data related to address. The most important data needed is new mover information. When a consumer moves, if we can identify that move as soon as it occurs, then our address verification rates will go up significantly. Traditional ID verification hits every available public source of new mover data such as utility directories, National Change of Address (NCOA), etc. However, this still leaves a large gap. Why? Because these directories are not always up to date. Also, only about half of consumers actually report an address change through the NCOA process.
So how do we get better new mover information? This is exactly what we have been doing at ID Insight for over 10 years. In addition to hitting all of the standard public sources that all traditional ID verification solutions access, ID Insight maintains a comprehensive, up-to-date database of new mover information. Each day, over 500 financial institutions report new address changes to us simultaneously as customers request address changes. They do this to screen their customer portfolio for potential account takeover.
Because ID Insight sees address changes before other sources, we are able to increase our address verification rates by 15 percent or more compared to traditional ID verification solutions. This results in booking significantly more new accounts while reducing the costs of manual intervention.
In addition to verifying more addresses through superior data, solving the problem also requires scoring. The traditional “match” indicators are important, but there is so much more to understand – especially with respect to address. When you think about a nine-digit SSN and what it tells us, we can only determine if it matches, and we may be able to determine if is associated with a dead person. Similar situation with a name or a date of birth. And as we discussed – if it is the victim, then we are only confirming that the information matches.
But when it comes to address, there is additional context to consider. Beyond verifying, we can understand if it is a business or a residential address, we can determine the value of the property, whether it is an apartment, whether it is a rented mail box and so on. Just as a simple example, we know that rented mailboxes are a favorite address for fraudsters. The typical fraudster loves anonymity. They are committing fraud and because of that, they tend to list various anonymous, nomadic addresses –places where they can set up shop, commit the fraud and vacate as fast as possible. As we like to say, they are answering the door when the Postal Inspector shows up to make the arrest.
Now that we have the best verification data available and have ascertained everything there is to know about the address, we can go beyond all of the raw information and score every transaction for the likelihood of fraud or identity theft. Much like a credit score, we can rank every transaction we see. Banks and credit unions can then use the score as the anchor of their compliance and fraud strategy. By focusing their investigative resources on the highest risk transactions, financial institutions are able to verify many more good accounts while significantly reducing fraud. Our typical customer is able to resolve and approve 90-95 percent of all address discrepancies. The end result is more profit, less fraud and lower costs.
To summarize, closing the gaps of traditional ID verification caused by address discrepancies can be achieved by:
- Accessing relevant, recent and proprietary address change data–better data coverage means better verification rates.
- Scoring new account applications to resolve address discrepancies in an automated way that allows financial institutions to approve more accounts, reduce fraud and comply with FACTA Red Flag rules.
Knowing where people live is the single most difficult part of any ID verification solution, and ID Insight’s proprietary address change database allows us to resolve this problem.