Credit risk and fraud risk are often discussed in relation to one another but in truth, determining an individual’s fraud risk is not the same as determining their credit risk. An evolving fraud landscape with increasingly sophisticated methods requires new tactics for mitigating fraud risk. This means moving away from the old, rigid credit risk assessment tactics.
By Beth Shulkin, VP Global Marketing, Ekata
In the 1980s and early 1990s, the traditional method for determining credit risk was based on data tied to consumer credit histories, and only done for mature credit markets. This information was used by the government to identify the correct person for payments, such as welfare, social benefits, wages, and stimulus checks. Banks and other financial institutions also leveraged this data to process account openings and assess loan worthiness. Credit data was essential for preventing mispayments, flagging individuals who do not pay back their loans, and more.
When the tech boom occurred in the mid-1990s and e-commerce began to take off (as well as digital fraud), companies turned to a method they were already using to determine credit risk and prevent fraud – using namely credit data. By utilising easily accessible information like addresses and ZIP (post) codes, the companies could determine if an individual making the purchase was real. However, the massive number of security breaches that occurred in the 2000s, including Equifax in 2017, compromised much of this credit data. Non-fraudulent customers trying to make valid purchases were often flagged as risky, even if they were perfectly legitimate customers, leaving money on the table for businesses and creating unnecessary friction for buyers. According to Gartner there is a greater than 50% chance that an individual’s credit data is already in the hands of a cybercriminal. With this in mind, businesses are finding new ways to determine creditworthiness.
Fraud Assessment to Determine Risk
Modern businesses are leaving behind old, rigid credit risk assessments, and are turning their attention to new approaches for determining the probability of fraud risk. This assessment leverages new types of dynamic personally identifiable information (PII) to make a risk assessment, and new technologies (such as machine learning) to help organisations anticipate the behavior of potential fraudsters.
There are three ways this type of analysis is helpful for businesses:
- It eliminates friction in the digital customer journey: Credit risk makes a determination based on a set threshold. For instance, customers must meet a certain credit score in order to be eligible. Fraud risk looks at the likelihood that a bad actor is behind the digital interaction. Using a probabilistic approach to risk assessment for digital fraud can help businesses move away from utilising rigid, friction-filled deterministic methods to fight digital fraud. This creates a smoother process for good customers while also flagging suspicious online activity and protecting the business.
- It provides a more comprehensive assessment: The PII used for credit risk analysis is based on static information (social security numbers, government IDs, phone numbers, etc.) most of which has been compromised. While the information used in probabilistic fraud risk analysis utilises dynamic PII and more importantly the links between those attributes and how they behave online. Dynamic PII moves beyond credit history determinations and instead looks at device ID, IP, emails, consumer behavior, metadata, and biometrics, to get a better sense of the customer risk. By evaluating the multiple dynamic linkages between these elements, organisations can learn how consumers are behaving online and provide a more comprehensive assessment of risk in fractions of a second.
- Extends beyond border limitations: Another issue with using only a deterministic approach with credit data is that it resides in country-based silos in only around 20 mature credit markets, making it difficult for businesses to evaluate risk internationally or across borders. Dynamic PII elements can circumvent this issue and be leveraged with a consistent data format around the world to assess risk.
A rigid, deterministic approach was useful for fraud detection when e-commerce was in its infancy, but in today’s world, it simply isn’t sustainable. More than 70% of consumers say account creation should be instantaneous. An overwhelming majority also expect a fast, frictionless experience while also getting one that is as trustworthy and secure as possible. As data breaches continue to compromise customer’s credit information, it’s imperative that organisations move beyond traditional risk analysis and shift toward new ways to protect themselves and their customers. Dynamic PII used through machine learning is the future of fraud analysis, and by utilising a wider breadth of data, businesses can enable a quick and easy process for their good customers while mitigating risk.