• Contact Us Today:1-877-749-8731

Resource Center

ID Insight Named Tekne Finalist, Issued Patent for Cloud-Based Secure Search Technology

Cutting-edge technology combines unprecedented search engine functionality and speed with heightened data security

Over the course of just a few hours in September, anti-fraud technology leader ID Insight was awarded a patent for its cloud-based encrypted search technology and honored for the technology as a finalist in Minnesota’s 2016 Tekne Awards. The patent and recognition are the culmination of years of innovation, collaboration and product development focus for ID Insight and positions the Minneapolis-based company for its next growth phase.

ID Insight’s search technology incorporates a Google-like search experience with government-grade security, a combination that has never before been available to companies. By combining a highly secure encryption package with the latest advancements in inverted indexing technologies, ID Insight now offers the same functionality as the world’s best-known search engines, while enabling companies to keep highly sensitive personal identifying data encrypted. ID Insight was awarded Patent No. 9,449,178 for Systems, Method and Computer Product for Fast and Secure Data Searching on Sept. 20. The company holds two additional patents.

According to ID Insight President Adam Elliott, this technology was developed in response to a customer’s need for an innovative solution that delivered both speed and security. A financial services company needed a “Google-like” search experience for accessing sensitive encrypted data. “Up until now, companies had to choose between speed and encryption when accessing sensitive data in the cloud,” Elliott says. “While there have been some attempts at enabling this capability, we were able to crack the nut on it through our patented approach of enabling new developments in inverted indexing technology.”

This technology is one of several recent cutting-edge product and platform innovations that have been developed in collaboration with current ID Insight customers and partners. “We are extremely proud that the Fortune 500 corporations we work with continue to demonstrate increased confidence in our relationship and our company’s ability to innovate and execute new ways to help them solve their largest business challenges,” Elliott says.

This technology is integrated into ID Insight’s fraud prevention SaaS platform. In August, the company announced enhancements to its platform to help a wide range of financial institutions reduce fraud losses and improve compliance processes. The expanded platform includes account profile information beyond address verification – such as phone, email and IP address verification – to help customers verify profile changes in an increasingly complex fraud environment. ID Insight customers use this technology every day for searching and reviewing high-risk activity and alerts all while securing the underlying sensitive personal data.

Hours before the patent was issued, the Minnesota High Tech Association named ID Insight a finalist in the 2016 Tekne Awards due to this break-through technology. This is ID Insight’s third nod as a finalist in the Tekne Awards, which celebrates leading-edge innovation and technological advancement in Minnesota; it was also named a finalist in 2009 and 2010. This year, ID Insight is a finalist for the Applied Analytics Award, which honors innovative applications for turning data-driven insights into improved business processes or outcomes. Winners will be announced on Nov. 16.

For more information, visit www.tekneawards.org.

About ID Insight

Established in 2003, ID Insight helps companies prevent fraud, reduce costs and capture more business by combining its massive collection of data on identities and profile changes with predictive scoring algorithms. ID Insight provides highly configurable verification, authentication, market research and fraud prevention solutions to financial services companies, credit issuers, retailers, online merchants and telecommunications companies.

ID Insight Expands Financial Fraud Prevention Platform

New enhancements protect phone and digital communications channels

Anti-fraud technology leader ID Insight today announced the most comprehensive update yet to its fraud prevention platform, responding to the industry’s need for a more robust solution for verifying identity profile changes in an increasingly complex, multi-layered fraud environment.

ID Insight’s new solution will help a wide range of financial institutions reduce fraud losses and improve compliance processes while achieving a more than 10-to-1 return-on-investment ratio through more efficient customer profile-change verification processes. The company, which maintains the largest proprietary database of financial service customers’ address changes, is countering a shift in financial fraud that exploits non-monetary setup events – such as phone and email changes – as a precursor for account takeover.

“ID Insight started more than 13 years ago to fill a specific market need: fraud prevention related to address changes,” said Adam Elliott, founder and president of ID Insight. “As the illicit business of financial fraud continues to evolve, so have our solutions.”

The shifting fraud landscape and a specific customer need for better intelligence about phone number changes inspired ID Insight’s latest platform expansion. An ID Insight customer – and one of the country’s largest financial institutions – reported a sharp rise in account takeover cases where fraudsters first changed a customer’s phone number before requesting a large ACH transfer. When the bank called to approve the transfer, the identity thief answered the call, posed as the legitimate customer, and falsely verified the request. In response to this scheme, ID Insight leveraged its extensive profile-change database to tailor a solution that also included phone, email and IP address verification.

“Our customer’s urgent need reflects how account profile information beyond addresses are all emerging as setup events for account takeover,” Elliott said. “Without a solution for fraud identification for all pieces of customer information, financial institutions may be unwittingly sending account verification details and fraud alerts directly to criminals.”

With the rise of mobile banking, online account opening and mobile wallet technologies, mobile phones and computers are vital communications channels for both customers and financial institutions. Having controls in place to ensure that phone numbers, email and IP addresses in the customer profile actually belong to the legitimate customer is critical to reducing fraud risk.

Despite advancements in point-of-sale transaction security, financial institutions are more vulnerable to fraud than ever before. Data breaches have made consumer identity data available in bulk on the black market, exposing more and more customers to account takeover and leaving banks open to fraud losses. ID Insight’s expanded solution helps defend against these attacks by using data and analytics to separate fraudulent profile changes from legitimate customer activity, while significantly improving fraud detection rates.

The updated solution also allows customers to accept data via a flexible API, run the data through a configurable flow based on risk, business process and cost requirement, and return results that the client can act upon for fraud investigation and compliance. ID insight solutions are also easily accessible through many of the nation’s core banking platforms.

ID Insight Names Tim Becker, Ted Crooks to Board of Directors

New board members bring specialties in finance, tech to growing anti-fraud company

Anti-fraud technology leader ID Insight announced two new additions to the company’s board of directors. Longtime finance and technology executives Tim Becker and Ted Crooks each bring more than 20 years of experience in accounting, payments, big data, fraud prevention and business development to the ID Insight board.

“Our newest board members embody the spirit of innovation and bring talent, expertise and energy to the table,” said Adam Elliott, chief executive officer for ID Insight. “We are very fortunate to have them by our sides as we continue to expand our product portfolio and grow the company.”

Tim Becker is founding principal of Lighthouse Management Group and has worked with client organizations in industries as diverse as transportation, food, retail, technology and real estate. His client list includes public and private companies with annual revenues up to $600 million. Becker is a founding director of the Minnesota Chapter of the Turnaround Management Association and is a Certified Turnaround Professional (CTP). He is also a Certified Public Accountant (CPA) and a member of the Minnesota Society of CPAs and the American Institute of CPAs. Previously, Becker was a senior manager with Ernst & Young, where he led efforts to establish the firm’s restructuring and reorganization practice in the Minneapolis office.

Ted Crooks is principal of Crooks’ Analytics, where he provides consultation and system architecture for payment system operators, providers and developers. His work spans big-data and machine-learning projects and product designs, risk-management policy development and market planning, vendor representation, and new technology for internet and mobile commerce. Prior to starting his own firm, Crooks served as vice president of products at Global Analytics, Inc., and vice president of global fraud solutions for Fair Isaac Corporation. He has also authored three books on computer science topics and holds several patents in robotics, natural language applications and fraud detection systems.

“Ted and Tim are two of the most creative and intelligent forces at work in the business and technology fields today, and they will certainly help ID Insight continue its growth and momentum,” Elliott said. “We’re eager to begin working together.”

ID Verification: The Current and Flawed State

Much has evolved since the enactment of the Bank Secrecy Act, and the majority of financial institutions have a relatively simple process when it comes to ID verification. While this process is straightforward and meets compliance requirements, it is by no means optimal.

Let’s take a look at the two huge problems with today’s ID verification solutions: 1) believing matching is a silver bullet, and 2) not effectively resolving verification failures due to the mailing address.

Matching is NOT a Silver Bullet

Matching identity credentials to external databases reduces fraud and identity theft risk, but by no means eliminates it by itself. With massive data breaches, consumer identity data is available in bulk on the black market, exposing more and more customers to new account fraud. According to the Identity Theft Resource Center, there were 781 reported data breaches that left more than 169 million identities vulnerable in 2015 alone.

With more compromised identities in the marketplace, the criminals are able to purchase the actual “match key” to evade ID verification systems that rely on matching only. As you can imagine, it’s pretty easy for the identity thief to fill out a new account application that matches together the name, address, and Social Security Number (SSN).

The implications for a match-only ID verification process are most troubling when a physical card is not required to access the funds (e.g., online ACH products). When the criminal does need the card, then the mailing address comes into the picture.

Address Verification Failures

Traditional ID verification systems typically do a great job of taking the name, SSN and date-of-birth (DOB) that is provided on the application and matching them to verification sources such as credit bureau headers, phone directories, utilities databases and other public sources. Most ID verification vendors utilize similar data sources and therefore deliver similar match rates. Because SSN and DOB don’t change and names change infrequently, verifying names to SSNs is really not that difficult—the static nature of the data leads to match rates that often exceed 90 percent if matching is good.

Mailing addresses are a different animal. Because of the 15-20 percent of Americans who move each year, verifying a name to an address is much trickier. When legitimate consumers move, banks who are bureau focused are much less likely to find them in any external database with the new address. This can result in 10 to 40 percent of all credit-approved applications failing on the mailing address component of ID verification—credit issuers and regulators refer to this problem as “address discrepancies.”

These address discrepancies are a major problem for financial institutions. Before the Fair and Accurate Credit Transactions Act (FACTA) was put in place in 2008, many credit issuers played the odds and approved accounts even if the application address did not match the address on the credit bureau report. FACTA no longer allows this “fraud toleration approach” in order to protect consumers from identity theft–so even if an issuer felt like they could tolerate the losses based on a low fraud rate, it’s no longer an option.

To comply with FACTA, most issuers simply deploy a standard ID verification system to form a reasonable proof of identity. While this process solves for compliance, it is not even close to being optimal from a business perspective. When consumers legitimately move and an address discrepancy occurs, standard ID verification tools only resolve about half of the cases.

What happens to those applications where the standard tools can’t resolve the discrepancy? Some issuers do little or nothing with the unverified discrepancies. That is, if they can’t verify the consumer, they simply decline the applicant, resulting in the loss of many new customers. More commonly, issuers have implemented processes such as running address discrepancy applications through “out-of-wallet” solutions, conducting manual reviews and even reaching out to the customers directly. These approaches are very costly and result in too many legitimate customers either abandoning the process or being tagged as “unverified” and not booked.

Besides compliance rules, let’s not lose sight of the fact that address discrepancies are indicative of fraud—that’s why the regulations were written in the first place. The criminals still need an alternate address to complete the new account fraud scheme, so they can receive the credit card or debit card instead of the victim. Preventing these fraud losses using traditional ID verification processes is difficult to manage profitably: high intervention costs combined with low fraud incident rates can easily put issuers upside-down.

In our final post of this three-part series, we’ll tell you how to overcome the problems and close the gaps associated with current ID verification solutions.

ID Verification: The History of “Knowing Your Customer”

Not long ago, verifying the true identity of customers meant that financial institutions ran an off-the-shelf ID verification (IDV) solution and simply confirmed that all the identity credentials presented had been seen before. If the information checked out, then it was business as usual.

For more than three decades, legislation of the financial services sector designed to combat criminal money laundering, terrorism and, more recently, to address identity theft, has required financial providers to implement procedures to track customer information. While the financial services industry has grown much more sophisticated in developing systems and solutions to minimize fraud and criminal activity, fraudsters have also been able to morph and adapt their tactics to defeat these systems.

Fortunately, new tactics and procedures are now being developed to address the changing fraud landscape. But in order to understand where ID verification is going, it is important to begin with its history.

The Simple Beginnings

In 1970, the Foreign Transactions Reporting Act, known as the Bank Secrecy Act (BSA) provided the first regulation of bank practices aimed at curbing money-laundering activities. The BSA established record-keeping and reporting requirements for individuals, banks and other financial institutions and required that banks have a Customer Identification Program (CIP) that is appropriate for their size and type of business. As part of the CIP, banks were required to use documentary or non-documentary methods of identification to form a reasonable belief that it knew the true identity of each customer. For most banking institutions, this meant that when a prospective customer came into the branch to open a new account, the account opening representative simply got a copy of a driver’s license and dropped it into a file. It wasn’t a sophisticated solution, but it was effective enough at the time.

The Internet and being “Not Present”

The next evolution in the ID verification market came in the mid to late 1990’s with the advent of the Internet and the subsequent dot-com explosion. The banking industry realized that there would now be millions of “Not Present” transactions, as the customer would no longer be present at the bank branch; they would now be sitting at the other end of a computer connection. As an industry, banks realized they would still need to “know the customer” even though they were not physically present.

This need gave way to new forms of electronic IDV. Instead of comparing identity credentials to a physical document (such as the driver’s license), IDV solutions emerged to compare identity credentials with a separate known repository of those same identity credentials. Typically, this meant electronically verifying that the identity credentials matched these same credentials at a credit bureau. If the name, social security number and date of birth all matched, presumably that was the correct individual and financial services companies would be in compliance with BSA and the CIP requirements.

Then, just as the Internet had done in the 1990s, the September 11 attacks changed everything again in the 2000s.

9/11 Ups the Ante

Up to this point, IDV systems and solutions focused on combatting fraud and organized crime. With 9/11, however, the world of IDV changed once again. Suddenly it became about protecting ourselves from terrorism. In the days after the attack, Congress enacted the USA PATRIOT Act, placing even more scrutiny on the individuals and organizations banks were doing business with. This was based on the realization that many of the 19 hijackers had successfully opened and maintained banking accounts at some of the largest banking institutions in the country. The fact that the terrorists had opened those accounts using false and fictitious information was difficult for banks to swallow. IDV solutions were no longer about saving a few bucks, but protecting the home front.

Identity Theft Epidemic

Then, starting in 2003, identity theft became front-page news, rising at a rate of 30 to 40 percent annually with one in 20 consumers being impacted. While this was alarming to the average consumer and certainly newsworthy, it really didn’t register for financial institutions as a major problem, as identity theft still represented a relatively small financial liability.

In talking to victims of identity theft, a common theme began to emerge. Repeatedly, victims described how identity thieves had used their identifying information to open up new accounts in their names. They would apply for credit instruments using the victim’s correct name, social security number and date of birth. However, the thieves would then alter the physical address on the application. Why? Because when it was approved, the corresponding credit cards, debit cards, and statements would be delivered to the thief and not the real person.

This rise in identity theft gave rise to the Fair and Accurate Credit Transactions Act (FACT Act) of 2003, which added several new sections and amended the Fair Credit Reporting Act of 1970. With regards to this address loophole that the criminals exposed, Section 315 of the FACT Act now required that financial institutions resolve these address discrepancies.

In our next post in this three-part series, we’ll examine the current state of ID verification and assess the challenges and gaps most frequently encountered with existing ID verification solutions.

You Need More than a Shrink-Wrapped Data Engine

ID Insight’s Adam Elliott provides his expert opinion in an InformationWeek article titled ‘8 Reasons To Consider Insights-As-A-Service.’ In his interview with Lisa Morgan, Elliott asserted, “There’s so much changing with security, regulation, and compliance you need more than a shrink-wrapped data engine.” He also highlighted that ID Insight refers to its offering as “Decision-as-a-Service.”

Read the full article here.

Request a Demo