Opinions expressed by Entrepreneur contributors are their own.
For some businesses, fraud is nothing more than an accepted expense casually factored into the company’s bottom line. But for those who understand the true threat, fraud is a risk that must be prevented and stopped at all costs. We’ve become so accustomed to fraud’s existence that it now, unfortunately, seems like a fact of life. It doesn’t have to be this way, but preventing fraud requires a paradigm shift. It requires knowing your customer (KYC) and adopting practices that many companies have shied away from for years. Fraud will keep increasing until the business world embraces prevention from the first stages of customer interaction.
Fraud is a business problem
The internet has made fraud easy. Covid-19 made it even easier, with more businesses moving their workflows to digital platforms. Unfortunately, without a subsequent improvement in security practices, this digitalization exponentially increased the attack surface area for fraudsters worldwide who won’t hesitate to seize the advantage. According to LexisNexis, there was a 19.8% increase in fraud costs from 2019 to 2022.
Fraud costs are a real problem for businesses. Of course, individuals bear the cost of fraud as well, but companies see a significant impact on their bottom line. Each $1 of fraud, according to the same LexisNexis study, costs eCommerce merchants in America an actual $3.75 once the response is all said and done. All told, fraudsters were able to steal about $28 billion in 2021 alone through identity fraud. Our current economic downturn means fraudsters will be more, not less, bold in their attacks.
Clearly, fraud is more than a pesky issue. Not only does it cost both businesses and customers vast amounts of money, but it can also lead to significant damage to a brand. Businesses risk losing customers’ trust if they don’t appear to be tackling the issue and keeping their customers safe. This problem is incumbent upon companies to solve. However, it’s not as hard as we might think.
Most fraud starts (and ends) with identity
Most scams start at account creation, where a fraudster impersonates a real person or creates a fake persona to carry out fraudulent activity. KYC has historically consisted of methods like human-based document verification, SSN, knowledge-based authentication (KBA), as well as other database information to identify a person is who they are claiming to be by what they know about the individual. This might have worked 20 years ago, but the traditional methods we have been accustomed to are not cutting it anymore. Too much personal information is available online, and fraudsters can usually find the answers to security questions through data dumps or trolling a victim’s social media. Luckily, the solution already exists, using widely-accepted tools and stopping identity fraud at the source — account creation.
Strong KYC practices at onboarding have often been avoided because of the misconception that they create too much friction for users. Truthfully, the tools are in place to make this a frictionless transaction. All the customer needs to do at the onset is capture their government-issued ID and then take a selfie. Such a small step can significantly reduce problems later on by creating an environment where fraud is prevented from the outset. It also sets the stage for frictionless continued fraud prevention using the selfie biometric for ongoing re-authentication.
The secret behind strong, ongoing KYC
Strong onboarding practices create a highly effective and streamlined re-authentication process for subsequent transactions with a customer. As the customer continues to interact with a business, it can use advanced analytics to build a baseline of behavior to assess risk levels dynamically. All the customer sees is the occasional request for a selfie, which then is compared with multiple other data points to verify a person’s identity.
Another term for this practice is multi-factor authentication (MFA). That’s lazily been construed as “security measures” like SMS-based one-time passcodes. Unfortunately, while such added security measures are standard in business, they’re among the easiest MFA methods to break — a thief can intercept an SMS-based code for as little as $16.
That doesn’t mean MFA needs to be completely thrown out. The concept is based in fact: The most secure identity verification consists of a combination of something you are, something you know and something you have. The hardest to spoof is something you are: biometrics. These include fingerprints, facial scans, voice recognition and retina scans (among many others). Today’s modern biometrics proofing is quickly approaching 100% accuracy.
Incorporating these security measures also creates much stronger assurances for the company, since friendly fraud is a big problem. With facial recognition integrated into the account management process, companies now have time-stamped, verified proof that a person did make that purchase. With some simple tweaks to identity verification, businesses could save over $48 billion per year in fraudulent chargebacks.
Active monitoring — the key to continued success
The journey doesn’t stop at biometrics, though. A robust orchestration layer is needed to organize the tiny pieces of data spread across the internet into a comprehensive picture of each unique customer. This behind-the-scenes work can help monitor the KYC fundamentals to vet for fraud continuously.
Orchestration and active monitoring also help keep the good customers while weeding out (or even preventing from the start) the customers you’d rather not do business with. Using a trusted vendor to execute these third-party identity verification actions, on top of the original and ongoing verification methods maintained in-house, helps businesses with underwriting. You can also assess risk in real-time; if a customer is usually in California but trying to sign in from Russia, you’re better able to catch the fraud and stop it in its tracks.
Simple KBA methods alone can’t keep up with advanced identity fraud techniques. Unfortunately, many companies equate better identity proofing with a worsened customer experience, but in reality, fraud prevention can enhance interactions and even streamline workflows for businesses and customers alike. Businesses can have their cake and eat it, too, by incorporating better identity verification from the start of the customer’s journey, along with biometric-based MFA and continuous, active monitoring. Our customers deserve it, and it will take a big bite out of the global identity fraud game.