A Better Customer Experience to Stop Identity Fraud: Validation vs. Verification
June 29th, 2021
In the fraud prevention world, the terms ‘validation’ and ‘verification’ can become somewhat synonymous with each other. Validation is the determination of legitimacy, while verification is the matching of information to a trusted source. When assessing third-party data sources, it can be profitable to be aware of the difference.
As a customer, I want my privacy and I do not want to be a victim to fraud. I want my applications and orders to go through as fast as possible, but I do not want to provide any intimate details of who I am. As a customer, I do not want to risk my information being stored, shared, sold, or stolen. It may be a tall order, but I want my identity to be validated, without my identity being verified.
As a fraud prevention analyst, I have had mixed feelings about this as less verifiable data makes it hard to determine between the legitimate customers and the thieves. In my traditional review process, I would look for names and addresses to be verified as a match to ultimately confirm validation. This method for validating customers is becoming harder and more expensive as privacy concerns continue to rise and fraudsters continue to adjust their methods.
The good news: the confidence to validate a transaction or application does not need to come from identity verification. Validation is the confidence to approve and it can happen without needing to verify a name, proof of a physical address, a list of relatives, social security number, or the answers to intimate questions such as the make and color of the car that my sister drives. It is not a profitable endeavor for the fraudster to create all of the little data points that would be consistent with a legitimate customer. It takes time and money to build a full-blown alternate identity and fraudsters are continually guessing at the extent to which their fake identity will be scrutinized by financial institutions. In the end, a fraudster will cut corners to find the most cost-effective way to get past the security system.
Often times, the little data points such as registered social accounts, domain registration information, the correlations between phone number and email addresses, and overall email address reputation can be overlooked by both fraudster and fraud fighter. This can happen especially to fraud fighters who are solely focused on verifying identities rather than focusing on overall data validation.
Having intensive customer verification for every new customer signup can be overkill. Knowing how an email address and phone number have been historically used can be more effective in validating for legitimacy or fraud prevention than knowing that a name and address verify to a particular person.
Identity verification can help to confirm validity. However, it is imperative for us to keep in mind that validation is the end goal in our search to uncover risk. As one of the product owners at ArkOwl, we specialize in providing seemingly small data points that uncover big insights to aid in validation. These insights represent either good indicators or nefarious risks associated with the use of an email address and phone number. As a business owner, I would much rather hear that a client has been validated rather than to hear that the information verifies.