Visa turns to its vast database to mitigate application fraud
As more people create false identities to open card accounts, Visa has launched a new scoring system that takes advantage of the card brand's scale.
The Advanced Identity Score has been under development for the last six to eight months in pilots and proof of concepts with existing issuers. An issuer can leverage an existing integration it already has with Visa to request a score on a new credit card applicant. Visa returns a numeric score between 0 to 99 to the issuer in near-real time to supplement the issuer’s decisioning process. The higher the score number, the higher the level of risk to the issuer.
Visa is accessing a centralized database where it requires all issuing financial institutions to supply all new and declined applications, as well as fraudulent ones discovered after approval. “We have created a score that is easy to digest. The applications are from U.S. institutions and cover multiple card brands, not just Visa. We are evaluating the expansion into other regions where it makes sense in the future," said Melyssa Barrett, vice president of identity and authentication at Visa. The score is technically being offered by Advanced Resolution Services Inc., a wholly owned consumer reporting agency subsidiary of Visa. Visa felt the need to create and utilize a separate entity for the purposes of Fair Credit Reporting Act compliance and to be able to provide consumers the ability to interact with it as they would any bureau, such as to be able to place a security freeze on their records.
“Instead of trying to be all things [fraud detection] to all people, they focused on the application process,” said David Mattei, senior analyst at Aite Group. “Looking at it from an FI’s standpoint, Visa’s solution is appealing because it’s brand agnostic. It can be applied at any issuer and used on other network-branded card applications, not just Visa cards.”
Visa is using artificial intelligence to mine this proprietary data set to predict potential application fraud in near-real time. The database is supplied annually with data from over 100 million new credit card applications and 12 million fraud cases. Further, Visa supplements the database with over 8 million bankruptcy cases each year.
Since the score supplied by Visa is a range, an issuer can choose their threshold level of risk in terms of at which score does it want to outright reject a credit card applicant and at which score range would it desire to send an applicant into a manual review process with an underwriter.
“We have a two second SLA [service level agreement] with the issuer to return a score. It can be offered in a batch mode, but the power is in real time. Or in this case near-real time,” noted Barrett.
The Advanced Identity Score has been designed to include a robust set of fraud types including new account fraud, synthetic fraud, bust-out first-party fraud and identity theft. Additionally, the program is being future proofed to introduce details such as device data, authentication data and more. The program supports numerous loan and underwriting needs of an issuer — beyond credit cards.
“The other appealing thing about this solution, is that now you have a single solution that can be applied to more than just a credit card application,” added Mattei. “A bank can integrate once with Visa and potentially leverage it across multiple bank silos such as auto loans, installment loans and other products.”
The new identity score addresses a growing challenge for many issuers as fraudsters create synthetic identities for the purposes of applying for new credit cards. The crook uses real data on an actual person and melds it with false data, such as a fraudulent street address or a new email. The fraudsters’ plan is that the real data will allow them to pass through an issuer’s security screens and get legitimate credit cards issued to fake addresses.
The rise of real data becoming available as a result of growing data breaches and then sold on the dark web compounds this problem. According to data from UpGuard, a cybersecurity firm, eight of the 12 largest data breaches ever recorded occurred in the past three years.