4 ways credit risk differs from fraud risk
Guest post by Beth Shulkin, VP of Global Marketing at Ekata
Determining an individual’s credit risk is not the same as determining their fraud risk. Yet, it is common for organizations to assess these types of risk using similar approaches. With an evolving fraud landscape, organizations today need to modernize their tactics for evaluating fraud risk, and that means abandoning the rigidness of credit risk assessment tactics when it comes to digital interactions.
Prior to the 1990s tech boom, organizations in mature credit markets determined credit risk by using data tied to consumer credit histories. Government agencies used credit data to identify the correct person to send payments to, such as welfare, social benefits, wages, and stimulus checks. Financial institutions used it to process new credit cards, bank account openings, and approve loans. Credit data was (and in credit-related industries, still is) essential for preventing mispayments, protecting lenders from individuals who can’t pay back their loans, and keeping default debt at manageable basis points.
So in 1995, when e-commerce (and subsequently, digital fraud) began to take off, e-commerce companies turned to a method they were familiar with to prevent fraud, using — you guessed it — a credit risk approach. With an address or zip code check or heavy handed reviews, these companies would try to determine if an individual making a purchase was real. However, just as the early internet experience evolved, so did the sophistication of fraud attempts. Dirt cheap computation power, coupled with tech innovations created a whole new era of digital fraud, one where massive security breaches over the last few years (such as Equifax in 2017 and Starwood Hotels in 2018) has credit data severely compromised. In fact, there is a greater than 50% chance that credit data is in criminal hands according to Gartner. With credit data so compromised, how can businesses protect themselves and their customer experience from the impacts of fraud?
Modern digital businesses turn to fraud risk assessments
Today, businesses are leaving the rigidness of credit risk assessments to the organizations that value creditworthiness and are bound by the Fair Credit Reporting Act (FCRA), and instead are focusing on assessing the fraud risk of any given digital interaction. These assessments enable organizations to anticipate the behavior of potential fraud perpetrators. It is especially helpful for those in highly digital industries such as e-commerce, online marketplaces, travel, hospitality, etc., to look for the probability of risk without introducing friction into the process. From use cases to global reach, fraud risk differs from credit risk in four key ways that help digital businesses:
1. Respond to new business needs: Historically, organizations have used credit risk in Know Your Customer (KYC) procedures to determine customer risk in compliance with Anti-Money Laundering (AML) laws and regulations. But, as account security in the onboarding process has become increasingly critical, the term KYC is now being used to refer to the entire process flow and associated security measures. The process now engulfs far more beyond the traditional regulatory definition; it also refers to the initial sign-up and onboarding experience, where probabilistic analysis and identity verification data for machine learning models are at work.
2. Improve the customer experience: Assessing credit risk is ascertained through a deterministic approach. This consists of verifying a direct line between a name, a unique identifier (social security numbers or more broadly National ID), and date of birth, a process still required by law today for credit. Fraud risk, by contrast, has core business requirements that call for a different approach, one that looks at the probability that the identity elements submitted in the digital interactions look to be a good customer or a bad actor. This helps businesses spot suspicious online activity without creating additional barriers for misidentified good customers.
3. Provide a comprehensive risk assessment: Credit risk relies on static personally identifiable information (PII) elements linked to credit histories (such as SSN, government IDs, DoB). It is also limited to analysis of credit history, making it inadequate to determine risk in underbanked or unbanked populations. Digital fraud risk, however, uses dynamic PII to verify the online identity; this can include typical PII (name, address, phone number, etc.) used to evaluate credit risk, as well as device ID, email, IP, consumer behavior, metadata, and biometrics. By evaluating the multiple dynamic linkages between these elements and how the elements behave online, organizations can provide a more comprehensive assessment of the probability of risk.
4. Remove border limitations: Credit data also resides in country-based silos to comply with local laws in just 20 mature credit markets, making it difficult for businesses to evaluate risk when it comes to cross-border interactions and transactions. Fraud Risk is not siloed, but is multi-geo across tens of countries, or even north of 100 countries for multinational companies or payment service providers (PSPs). It requires dynamic PII elements that can be leveraged with a consistent data format around the world to assess risk.
While using credit data as a means to identify and combat digital fraud may have seemed like a quick and “known” solution at the advent of the internet, it simply isn’t. With the increasing number of data breaches compromising consumer credit information, the pull of end-clients expecting secure, streamlined customer experience, and the sophistication of fraudsters, organizations will turn to new ways to protect themselves and their customers.
About the author
Beth Shulkin is VP of Global Marketing at global digital identity verification provider Ekata. She has 20 years of experience in strategy, product, and marketing, spanning several industries including, finance, communications, digital marketing, and data API technologies.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.