How does digital identity get smarter over time—and how does it spot fraud?
To better understand how digital identity intelligence works, it might help to think of your favorite coffee shop, and the transactional experiences you’ve had there.
On your very first visit, your server might say hello, cash is exchanged and, with luck, you’re off with a cup of your favorite caffeinated concoction in no time.
Now think of your twentieth or thirtieth visit. By now, the relationship has changed in subtle and perhaps even noticeable ways. The barista may know just how you like your beverage. The server may know you by name, and perhaps has even seen your children, or told you they like your glasses.
Digital identity intelligence gives us greater insight into our client base, allowing us to make better risk decisions and be smarter about adjusting rules based on customer behavior.
-General manager, leading global financial services provider
The staff may ask about your weekend, or notice changes in your morning routine. They may ask where you’ve been when you return from a trip. Digital identity works in a similar way – developing confidence in an identity with each interaction.
When a baseline for normative behavior, device, event and transaction details are established for an identity, the intelligence on that identity becomes further enriched with each new transaction.
More inferences become available and powerful associations can be made. Trusted customers are recognized the moment they return, and their transactions can be accelerated.
For any digital event, each tiny deviation of the baseline can be weighted mathematically to contribute to an aggregate risk score for the transaction at hand.
Javelin Research recommends businesses use a richer array of context around the identity and behavior of customers throughout their entire journey
Minor variations, such as a new device or location, can be accommodated without raising a false positive for fraud. Those exceeding preset thresholds (which are typically configured to the needs of the business) may trigger a step-up. Suspicious indicators, such as an obfuscated location for a sensitive transaction, can tip the weighting significantly. When the risk threshold is surpassed, a transaction can be blocked.
Risk thresholds are generally set at the entity level, but are then aggregated to comprise a risk score for a transaction. Similarly, an identity gets scored based on aggregate history. Let’s look at a few examples.
The number of email addresses associated with an identity can easily be discovered. This data point might be useful to fight fraud, because while legitimate individuals may have a handful of email addresses, they don’t usually have several dozen. In this case, the mere presence of so many email addresses may mean nothing. But, as a behavior indicator, it can be weighted as a risk factor.
Likewise, transaction frequency or the average distance between transactions can be computed and weighted as risk factors. Multiple ship-to addresses may mean nothing, but too many can look suspicious. Literally hundreds of possibilities are available because hundreds of entities are generally available for analysis.
But this is not without complications. Some data related to web-based transactions can be obfuscated or altered by tools that have emerged as the web has evolved — often in response to legitimate security and privacy concerns.
Digital intelligence allowed us to have bespoke, risk-based authentication that is ahead of the curve. We continue to improve the online experience for valued customers while removing unnecessary friction.
-Data and analytics executive, leading online payments service provider
For example, many companies use Virtual Private Networks (VPNs) to encrypt connections between a remote user and the corporate server to prevent somebody from eavesdropping or spying on the connection.
Among other things, VPNs mask location to make it harder to hack into active sessions. As a result, the ability to pierce a proxy server to identify the true location of an event or user is critically important to any digital identity solution.
Another challenge is the TOR browser. Short for The Onion Router, it was originally developed for the U.S. Navy to protect government communications online.
TOR routes web connection requests randomly over a volunteer network consisting of more than 7,000 relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. It also encrypts the addresses of each web server along the way.
The ability to detect TOR and other location-cloaking tactics is of paramount importance to many businesses using digital identity. Banks, for example, would generally be suspicious of the presence of any transaction request from an anonymous location.
Cybercriminals have also become adept at using virtualization techniques to emulate end-user devices. These virtual devices can be replicated in volume and used only once. Because the devices appear to be new, device-level intelligence can sometimes be tricked – simply because it hasn’t seen the device before.
Digital identity can identify devices heuristically. This approach doesn’t rely on cookies to identify a device, so it can identify devices with wiped cookies. It can also discover networks comprised of multiple virtual devices.
Next up: The Network Effect