When implementing a fraud-prevention system, there are multiple approaches you can take. The most important step is to keep fraudsters off your platform in the first place. Using identity verification and authentication, you can ensure the person who’s onboarding or signing in to an existing account is who they say they are.
But stopping identity fraud is not a one-size-fits-all approach. For best results, the customer journey should be dynamic and introduce the right fraud checks at the right time based on your business needs as well as the risk of the user. Furthermore, your workflows should be optimized to stop the type of fraud that is the biggest threat to your business.
Let’s look at some common fraud types and explore the workflows you can use to stop them.
For businesses that sell adult products such as alcohol, tobacco and gambling, it’s vitally important that you keep minors off your platform. Often, children will try to work around age restrictions by using an older family member’s ID or manipulating their own ID.
To prevent age misrepresentation, you should include the following checks during onboarding:
- ID Verification
- Age Verification
ID verification evaluates the identity document (such as a driver’s license or passport) that the user presents.
Age verification looks at the person’s stated age and compares it to the date of birth on their ID. It can also perform age estimation, which predicts the age of the end user in the selfie and compares it to the date of birth on their ID.
Market Guide for Identity Verification
A synthetic ID is a combination of real and fake data. It’s usually based on a stolen Social Security number or other national ID number and is combined with a fake name, real date of birth and other variations of real and fake data. Many synthetic IDs can be caught through low-friction risk signals, so we recommend putting those first in the workflow:
- Device Risk Check
- Social Security Number (SSN) Check
- Email Risk Check
- Phone Number Risk Check
- ID Verification
- Selfie Verification
- Liveness Detection
The first four services are risk signals that verify the risk of the user’s device (phone, PC, etc.), Social Security number (is it valid and does it match the user’s stated name?), email address (is their email address valid, and how long have they had it?) and phone number (is their stated phone number valid and has it been used in fraudulent activity?).
The last three services are part of Jumio’s identity verification solution. They check the validity of the ID, compare it to the user’s selfie to make sure the person on the ID is the same as the person presenting it, and then run liveness detection to make sure the person in the selfie is physically present and not a spoof.
Account takeover occurs when a fraudster signs in to a legitimate user’s account. Typically, the fraudster uses stolen credentials they have purchased on the dark web, or they have acquired the credentials directly from the user through phishing and other types of attacks.
To prevent account takeover, you should include the following services:
- Device Risk Check
- IP Address Check
- Risk Score
- Biometric Authentication
The IP address check makes sure the user is not signing in from a high-risk location. The risk score looks at a variety of fraud signals and can automatically reject the sign-in if the score is over a certain threshold. When you need maximum assurance, such as when the user wants to make a high-value transaction, you can also require biometric authentication. This prompts the user to take a selfie, which is compared to the selfie they took when they onboarded to ensure it’s the same person.
While money laundering is typically considered adjacent to fraud instead of being a fraud type itself, it is useful to prevent money laundering while you’re preventing fraud. AML screening helps identify people who are at a higher risk of participating in money laundering, especially if they’re politically exposed persons (PEPs). While a PEP isn’t automatically a money launderer, they are treated as higher risk and require additional screening. AML screening is also useful for ensuring you don’t do business with sanctioned individuals.
For this reason, we recommend adding AML screening to all your onboarding workflows and also run it periodically throughout the customer lifecycle.
Checking Multiple Documents
Sometimes checking the user’s ID isn’t enough. For extra assurance, you can ask the user to provide additional documentation. For example, you might prompt them to scan a utility bill to prove their residence at the given address.
Jumio provides pre-made rules that let you trigger the request for the extra documentation from the same workflow where they provide their ID. It can then compare the information extracted from the ID and the additional documentation to make sure they’re aligned.
Designing workflows to meet your specific business needs, risk appetite and potential vulnerabilities for fraud while streamlining the process for legitimate users can feel daunting. By creating dynamic workflows that introduce risk checks at the right time, you can ensure your good customers sail through the onboarding process while putting up roadblocks for fraudsters.
Jumio’s solution engineers are highly experienced in helping businesses in a variety of industries across the world design the right workflows for their needs. Contact us today to start a conversation about how we can help you put together the right solution for your company.