Why Identity Tokenization and Trust Indicators Are Key to Preventing True Name Fraud
More and more people are falling victim to identity theft and fraud every day. As per various sources, identity fraud resulted in an estimated loss of $56 billion in the United States alone. Over the years, companies have progressively improved measures to protect data from identity theft and fraud. However, true name fraud has always been a particularly difficult fraud to tackle.
A "true name" identity fraud occurs when someone uses an individual's actual identifying information. Thieves use Social Security Numbers (SSNs), credit card information, date of birth, and any other personal information to create or take over accounts. In essence, the criminal assumes the identity of a real person, making it one of the toughest frauds to catch.
True name fraud could occur in the following ways:
- A fraudster creates a phone number in the victim’s name at the phone company and ties the phone number to the individual’s banking/bureau records.
- A fraudster creates a sub-account at the phone company in the victim’s name and then uses that number to associate with a merchant account.
- A fraudster grabs a victim’s prior phone number when creating a new phone account.
- A fraudster changes the identity of an existing phone number and then links the number to the victim’s banking/bureau account.
Identity theft is the primary cause of true name fraud. With increasing digitization, identity data is widely shared between individuals and enterprises, often exposing security vulnerabilities. As per the FTC Consumer Sentinel Network, in the first two quarters of 2021 alone, over 800,000 identity theft cases have been reported in the US. Stolen identity data finds its way to the dark web, then purchased by fraudsters to create new phone records.
Given the high-risk environment we live in, businesses have the onus of protecting consumer assets including their data. Since identity records are replicated under a new phone number, legacy fraud prevention methods that try to match input identity data with authoritative databases have proven largely ineffective in combating true name fraud. An undesirable consequence of trying to fight true name fraud is bad customer experience and low pass rates. Over time, with increasing identity fraud, enterprises tend to develop high-risk aversion forcing stringent authentication policies upon consumers, all of which indirectly lead to a significant drop in transaction success rates.
Combating true name fraud requires going beyond traditional identity verification & authentication to look at device and phone number attributes in order to determine the authenticity of the phone numbers associated with the consumer.
Leveraging technology to fight true name fraud
Businesses generally use SMS-based one-time-passcodes (OTP) as a form of authenticating possession of the consumer’s phone. However, true name fraud committed by creating genuine identity data of a victim and associated with a different phone number can easily circumvent OTPs. The fact that most businesses do not keep their customer contact information current and updated compounds the problem. To ensure that a phone number is truly associated with the right identity, enterprises need to implement a single, centralized, and reliable registry of identities that manages all valid phone numbers associated with the individual. Apart from delivering a high level of trust and confidence in phone-number-based authentication, such a registry of tokenized identities will also augment customer communication, thereby improving customer service. In addition, granular characteristics and attributes of a phone number and its association with the identity—tenure of the association, connection status & date, and newly created phone to identity association—must also be validated as trust indicators to determine the authenticity of the phone number and its association with the customer.
While legacy platforms rely on static rule-based methods to address fraud, the modern approach calls for intelligent and dynamic assessment of identity risk based on self-learning algorithms that feed on various identity data attributes. A single platform that combines the power of a tokenized identity registry and the intelligence to assess point-in-time transaction risk dynamically can not only eliminate true name fraud but also increase pass rates.
Prove Identity Manager™ is a registry of tokenized identities that persists and manages only genuine primary and associated household phone numbers of the customer, thereby eliminating fraudulently created phone numbers out of the reckoning.
Prove Identity Verify™ utilizes the phone number to verify consumer identity. It relies on various phone intelligence attributes that are paired with device information and data from authoritative identity verifiers to enhance the efficacy and accuracy of identity verification and authentication.
To learn more about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.
Keep reading
AI tools can autonomously generate threat detection queries, sift through vast amounts of data, and pinpoint potential threats without manual intervention.
Deepfakes, while not entirely new, have reached a level of sophistication that challenges businesses that are trying to deliver frictionless digital onboarding to their users.
The Federal Trade Commission (FTC) received reports of a significant increase in SIM swap attacks in 2023, and Experian's 2024 scam forecast identified SIM swapping as one of the top threats, emphasizing the need for heightened awareness and preventive measures.
