Published: Thursday November 13, 2014
In Victorian times there was a craze for phrenology. People thought they could identify personality types on sight: the shape of someone's skull could tell you whether that person was a criminal or an upstanding citizen.
The problem with this theory, popular though it once was, is that it didn't and doesn't work. There's no scientific basis for generalising or interpreting in this way, and using it to judge people could wrongly condemn some or pardon others.
Modern fraud prevention faces the same challenge. How can organisations look at current and potential customers and decide who's trustworthy and who isn't? We can't look at their skulls: even if it weren't daft, business these days is rarely face to face, so they're unlikely to be standing in front of us for inspection. Instead, we have to find a way of identifying potential fraud that actually works and that doesn't create so much red tape it hacks off all our good and honest customers.
Achieving this is like a lot of things in life: to make things friction-free for others you have to do some groundwork yourself, and in this case that means having an intelligent, layered approach.
We recently created a conceptual model of just such an approach. It comprises six layers:
1. Capturing accurate information
2. Confirming the existence of an identity
3. Detecting impersonation by confirming the other party is the real owner of the identity
4. Confirming key attributes such as phone number and bank account details belong to the person
5. Identifying risks associated with the person eg. whether his/her name has appeared on a sanctions list
6. Establishing whether the identity has been active and trading for a period of time
If you're adopting such an approach then putting robust systems in place is a good start. The fewer manual reviews you conduct, the more time you save and the less scope there will be for human error. Systems are repeatable and scalable, so you don't disrupt your customers as they sign up or sign in, and you don't put things in the way of your employees either.
Another important element is insight. Those systems need to be not only robust but informed. They need to be able to spot differences of various kinds as indicated in the Gartner model above: for instance, between suspicious data entries and a simple case of mistyping; between can't-pay (a credit risk) and won't-pay (a fraudster); or, most basically of all, between a chancer and a genuine customer.
With insight you're more likely to make these distinctions faster and more accurately. This will reduce your susceptibility to fraud - but importantly it can also actually improve the transaction experience for your customers, creating advocates and attracting new business. After all, if a rival website has given them several false starts or made them jump through hoops while running checks, and you've run the same checks almost without them noticing, who's most likely to be their favourite? It won't be the other guy.
The question, of course, is whether you have all the data you need to be able to make an informed choice. Any insight you have and any systems you put in place are nothing without that information.
Without good data, you might just as well do what the Victorians did - and feel for the bumps.
Read more in our white paper on "Walking the tightrope"