Identity Verification in a Post-Data Breach World
In the United States, data breaches have become increasingly more common. In the first half of 2018 alone 668 data breaches occurred which exposed over 22 million identity records of American citizens. With the amount of identity information exposed, people may lose trust in the value of their personally identifiable information (PII). At IDMERIT, we believe that it is likely that most adults have some sort of compromised PII, but it is still valuable information. In this piece we will explain how performing identity verification when opening high value accounts—like bank accounts or credit cards—is still an important practice.
Data Breaches with Varying Scope
With data breaches, the personal information that is accessed by criminals varies. For example, in the Marriot data breach reported in September 2018, the information accessed included names, mailing addresses, phone numbers, emails, passport numbers, dates of birth, gender, and Starwood account information. In contrast, in the Facebook data breach also reported in September 2018, the information accessed included names, gender, and hometowns.
Criminal Activity After a Data Breach
Criminals can use stolen PII from data breaches for a variety of nefarious purposes. One of the main ways criminals use PII is to create synthetic identities and perform synthetic identity fraud. For example, the hackers from the Marriot data breach can take the information they stole and piece it together with fake identity information to create synthetic identities. From there, they can take these fake identities and use them to open financial accounts and perform nefarious activity such as obtaining loans they do not plan to pay back, money laundering, or terrorist activities.
These days, synthetic fraud is the fastest-growing type of identity theft occurring in the US according to the Federal Trade Commission.
Financial Institutions Must be Vigilant
The types of companies that should be most worried about data breaches are financial institutions. These entities are the ones likely to be targeted for synthetic fraud or identity fraud by cybercriminals who gained access to PII through data breaches. This is because criminals can gain access to valuable financial services if their attacks go unnoticed for a period of time.
Financial institutions have a lot at stake when dealing with fraud attacks. For one, they have to maintain a level of trust with their customers. Customers expect financial institutions to perform due diligence and prevent criminals from using their PII to cause them harm. They also must maintain a level of trust with regulators. Regulators expect financial institutions to perform proper Know Your Customer (KYC) checks prior to customer onboarding. Their failure to do this can lead to severe fines for noncompliance. Trust can also be lost for financial institutions if their fraud and compliance solutions allow criminals to access their services. This can cause severe damage to the financial institutions reputation and even lead to their demise.
The Importance of Comprehensive Identity Verification
Validating PII during onboarding is a key fraud and compliance solution for financial institutions. Proper identity verification services will help financial institutions meet KYC procedures and prevent questionable individuals from gaining access to financial services. With services like ours at IDMERIT, PII from identity documents—drivers licenses, national IDs or passports—is crosschecked with information stored in official databases during the onboarding process at a bank. Real individuals will have their information stored in these types of databases. In contrast, synthetic identities will not have their information stored in these databases. For this reason, this type of identity check determines with certainty if the PII being used to open an account comes from a real or synthetic identity.
Data breaches have compromised the personal information of many individuals. Nevertheless, PII is still a valuable tool for deterring fraud. Criminals have recently been focusing their efforts on performing synthetic identity theft. Synthetic identities will not pass identity verification procedures if they are performed by a financial institution. Banks can benefit greatly from performing comprehensive identity verification during their onboarding process. By crosschecking PII from identity documents with information stored in official databases, they can know with certainty that they are doing business with real individuals. This helps prevent identity theft even though identity information has been stolen by criminals in data breaches. Ultimately, KYC makes the world a little bit safer.