The steady cadence of highly publicized incidences of personally identifiable information (PII) theft has escalated this fear to a fever pitch. As a result, consumers are placing greater pressure on banks, lenders, card issuers, retailers and others to improve their defenses against fraudulent actors looking to steal, sell and use their PII.
Not only do they expect organizations that hold their data to protect it, increasingly they are holding them accountable when those safeguards fail.
By failing to protect their customers’ data, financial institutions and others in the payments ecosystem are risking the most important currency they have: trust. Failing to prevent identity fraud, and failing to quickly and definitively correct that fraud, can inflict lasting damage on an institution’s reputation and future success.
Unfortunately, the fraudsters are winning. They are innovating their tactics faster than most financial institutions are able to innovate their defenses, and they are doing so at the expense of your company’s reputation.
To turn the tide, institutions need to embrace the fact that protecting customer PII is an essential component in building lasting, trusted customer relationships.
According to a recent Javelin study, fraud impacted a staggering 16.7 million victims in the U.S. last year, an increase of 1.3 million more victims than the prior year. In total, an alarming 6.65% of the U.S. population fell victim to fraud. With the rise of more sophisticated methods, as well as the growing mass of leaked consumer information, this figure is likely to rise.
For the consumer, fraud is felt both financially and emotionally. In 2017, account takeovers (ATO), one of the most challenging types of fraud for consumers, resulted in victims paying almost $300 in out-of-pocket costs, taking an average of 16 hours to resolve. The process overall can be dragged out, taking two months to reach a final resolution.
While financial costs and the average resolution time can be easily quantified, these metrics cannot capture the emotional damage that consumers incur when faced with the daunting task of restoring their credit in the wake of identity theft.
Consumers typically begin their journey toward resolution in dramatic fashion: through the rejection of an important loan, discovering a negative mark on their credit, receiving a call from a debt collector or, the worst possible way, via law enforcement. Realizing that they’ve been victimized, and that their identity has been stolen, victims must initiate their own investigation by contacting all relevant parties and filing a police report.
Through the investigation process, and as details of their case begin to surface, consumers are made aware of the financial institution that may have allowed the fraud to occur. This alone is more than enough information to lose trust in a brand (which can translate into a lost customer).
The bank (and victim) face yet another potential issue. Following resolution, the negative fraud file can sometimes be mistakenly recycled if not cleared in a timely manner. If that occurs, the incident is relived, forcing the victim to again relive the painful experience of clearing their name.
Identity proofing is the biggest challenge facing financial institutions today; it is vital to multiple lines of business, products and processes. It’s also a critical reputational tool. Unfortunately, despite that importance, many organizations continue to rely on a single validating data point (e.g., a consortium score or credit score) at key interactions with customers such as new account enrollments, payment processing, loan underwriting, disbursements and more. Clearly, given the trend, relying on a single data source is not enough.
To protect your brand and its reputation, additional verification sources are required. From an identity authentication perspective, that means not only should enrollment entail a check on valid Social Security number, name, address and other PII, but should also require a cross-reference on mobile phone number, purchase history, addresses, companies as well as social media activity and email addresses. By blending traditional and nontraditional data, banks can create a more comprehensive enrollment picture, making a safer payment environment for all.
Until the above cross-checks are implemented, banks will be exposed to unnecessary financial and reputational risks. With the rise in fraud cases, the issue will only intensify for financial institutions as well as their customers.