Data doesn’t lie, but it’s not telling you the whole truth
Identity checks on individuals use names, addresses and dates of birth, but where should you go to check this information? And does it matter which data sources you choose?
Credit bureaux typically sit at the heart of an identity check on an individual. These businesses hold data relating to an individual’s name, address and date of birth and the source of these records; for example, electoral roll, credit header, county court judgements. Whilst similar data on an individual is typically held by more than one credit bureau, there are often differences. For example, a specific bank may submit data to bureau A but not bureau B. Therefore, the credit header (name, address, date of birth) data associated with that bank account will be available for checking at bureau A but not bureau B.
So, in cases where there is insufficient data to complete the required checks via one credit bureau, it is necessary to run the checks against a second bureau. However, in doing this second check there is a risk that the same data is checked at each bureau. For example, if two credit header checks are undertaken via separate checks at each bureau, they could be using the same bank account twice. It is essential when using two credit bureaux to avoid checking duplicate records because the result will not meet the required number of independent matches for that individual’s identity check.
Avoiding duplication is achieved by initially checking the primary bureau and if insufficient data matches are achieved then by running a check with the second bureau but ignoring any matches already achieved against specific data types. What does this look like in practice?
If the primary bureau matched on electoral roll and a bank account, then any matches against these data sources will be ignored at the secondary bureau. However, a match against a mortgage or a personal loan would be accepted. The required checks can be fine-tuned in the item check configuration to maximise the likelihood of a match, without risking duplication, and also use the age of the account as an additional level of granularity in determining whether the match is acceptable. Configuring the match ensures there are no unnecessary checks performed using the second bureau.
Full visibility of all matches in terms of what was matched and where it was matched is also essential in order to be able to demonstrate compliance with the regulated entity’s risk assessment.
Jonathan Jensen, GBG Commercial Director Identity, said: “Multi bureau gives regulated entities the opportunity to obtain an uplift in customer identity verification matches whilst avoiding the risk of duplicates and unnecessary additional costs.”