New payment models are unsafe without interoperable digital ID
To get a sense of the dynamism and pressures facing online lending, and the importance of digital identity to this rapidly evolving sector, look no further than the late-March introduction of Apple Card.
While its 3% cash-back offer may be lackluster and certainly isn’t much of a differentiator, the instant and friction-free sign-up process more than makes up for the run-of-the-mill cash-back rate. And privacy and security come baked into even the physical card, which features no account number, no CCV, no expiration date and no signature—instead, there’s a dynamically generated security code, initiated through biometric authentication.
But as it happens, the launch comes amid an important moment for a sector that is suddenly experiencing an explosion of growth—and more than its share of challenges, including the kind of cybercriminal activity that even the most advanced new services may inadvertently foster and even empower.
Fueled by an endless supply of identity credentials stolen through breaches and misconfigured databases, cybercriminal attacks on the financial services industry exceed all others, at an average $18 million in losses per firm (compared with $12 million for firms across all industries), according to Forbes.
In fact, lenders lost $6.4 billion to credit card fraud and $4 billion to account takeovers in 2018, according to Javelin Strategy and Research. Though these figures are actually lower than 2016, they’re still painful—as are the rising levels of account creation fraud, which cost the industry $3.4 billion last year.
With half of all loan applications now submitted online, traditional authentication practices are incapable of meeting the real-time demands and are proving equally challenged in verifying the identity of the person filling out the application.
To add insult to injury, the data shows a growing, highly networked pattern to fraud, with the same identity credentials being used to attack numerous lenders. In the face of investments in cybersecurity on the part of FIs, fraudsters are also perpetrating crimes against businesses in multiple industries, testing credentials across banking, retail, travel and more.
Factor in social engineering scams that fool unsuspecting customers to unwittingly commit the crime for the cyberthieves, and it is clear that anti-fraud efforts are growing ever more complicated. That’s especially true without a modern, digital identity-based approach to user verification and assessment that leverages machine learning, behavioral analytics and global, shared identity intelligence to recognize both legitimate and fraudulent users beginning at the point of account creation.
There are signs that the same approaches to digital identity that are proving so effective in fighting new account creation, account takeover and other forms of cybercrime, may also give online lenders the ability to meet and document compliance mandates. Online lenders that have deployed such digital identity solutions, for instance, report they’ve been able to maintain or accelerate new loan application processes and boost regulatory compliance, even while significantly reducing fraud.
That sounds encouraging, especially when 55% of organizations globally have reported an increase in fraud-related losses over the last 12 months, according to Experian’s Global Identity and Fraud Report. Which means that for online lenders contending with cybercrime, growing customer expectations, increased competition and countless compliance mandates, a digital identity-based approach to user verification and assessment continues to be the first and smartest place to start.