November 23, 2018 by Greg Meckbach
Commercial clients who do business over the Internet can reduce fraud risk if they have more than one way of verifying people’s identity, a major credit bureau suggests.
“Any industry that is in the online channel has an opportunity to become a victim of organized crime trying to perpetrate identity theft,” Anne-Marie Kelly, executive director of identity management and fraud solutions for TransUnion Canada, said in an interview.
Several Canadian home insurers offer protection for identity theft. The Insurance Bureau of Canada reports that with identity theft, criminals impersonate innocent people. In some cases, those criminals make false insurance claims, apply for credit cards in other people’s names and make purchases in other people’s names, IBC warns. Identity theft tactics include Internet hacking, picking personal documents out of the garbage and breaking into vehicles and stealing documents.
To help reduce the risk of identity theft, many Canadian organizations are using “voice biometrics” to verify that the person on the other end of the phone is who they say they are, Kelly reported.
Biometrics has “very broad definition” and could include fingerprints and facial recognition, she added.
“Financial institutions and insurers are exploring the use of biometrics and the types of biometrics that actually fit their strategies.”
The rise of social media over the past decade has increased identity theft risk, Kelly said Thursday in an interview.
“Consumers don’t necessarily think about where their information is going and who is actually going to get it,” Kelly added.
A user name and password is not good enough when verifying the identity of someone doing business with you over the Internet, Kelly said.
“It’s like the old saying putting all of your eggs in one basket and relying on that basket to solve all your problems.”
Multi-factor authentication could involve something the user knows (such as a password) combined with biometrics or something they possess, Kelly explains.
With multi-factor authentication, one example of a second factor is a device that generates a new one-time-use password every minute or so.
Fifteen years ago, “it may have been okay” to use just one factor “and have a good comfort of who you are dealing with,” Kelly said. “But just because of the ease by which information is so accessible now, it becomes critically important that organizations or incorporate layered approaches into their identity management strategies.”
There can be a drawback to multi-factor authentication.
More than half (56%) of Canadian financial services leaders surveyed said the identity verification techniques they use are “too complex and burdensome,” Chicago-based TransUnion said Wednesday.
TransUnion – whose products include reports on consumer borrowing behaviour – commissioned Forrester Research to survey 465 executives in Canada, the United States and India on fraud prevention. The results were released Nov. 21.
The vast majority (96%) of Canadian respondents said they experienced some sort of fraud in the past two years.
Respondents were in both financial services and insurance.
The survey results suggest financial services firms finding it hard to strike a balance between preventing fraud and making it easy for their customers do to business with them, TransUnion said Wednesday.
“As a consumer, I want a frictionless experience. I want my services now. I don’t want to be bothered answering cumbersome questions. I want an insurance quote and I want to bind within five seconds,” said Kelly.