“Historically, the online identity verification ecosystem has been very brittle, susceptible not only to fraud but also to friction for good people,” says Jordan Burris, vice president and head of public sector with Socure.
Modern identity tools let agencies implement proactive, comprehensive anti-fraud processes that deliver low-friction identity verification and high-accuracy transaction authorizations.
Taking a Holistic Approach
Residents want more options for interacting with state and local governments. Agencies are responding by digitizing more financial transactions and offering user accounts that let residents access multiple transactions — like paying property taxes or applying for a business license — using a common set of identity credentials.
The core challenge for public agencies starts with the fundamentals — proving account holders are who they say they are and not fraudsters or foreign adversaries. Legacy verification techniques include requiring users to photograph a document and submit it to a human for manual review. Users might also need to identify the type of car they previously owned or the lender/amount for their student loans. If those tactics fail, people need to call a contact center, speak to an agency representative and prove their identity data is genuine. Ironically, fraudsters frequently can answer these questions better than the actual person.
Modern identity verification systems take a different approach — one that eases the burden on legitimate users while strengthening fraud protection. These solutions approach identity verification holistically by applying machine learning (ML) techniques to analyze online users, comparing recent behavior, current devices, IP and email addresses, and other key factors to a global database of known malicious actions. This analysis informs a risk score that assesses the likelihood that a user is authentic or malicious.
Users with positive signals and low overall risk scores get verified in milliseconds. Those with red flags and higher scores enter a self-service escalation process that asks for additional document data. The highest risk scores get rejected automatically, discouraging fraudsters and other malicious users.
To foil scammers using bogus images or video streams, modern verification systems can also analyze real-time images from a user’s smartphone. Advanced liveness detectors separate genuine live images from fakes.
High-Accuracy Transaction Authorization
As government grows more digital, agencies are automating financial transactions with residents and business partners. A company supplying parts for a city police department’s vehicle fleet may be able to automatically submit monthly invoices online, for instance.
Scammers are keen to exploit these business relationships, and government’s unique mission can make these transactions harder to protect because digital services must be accessible to all residents. The intricate nature of procurement cycles and data protection regulations also complicate efforts to automate digital transactions. Siloed data makes it difficult to apply consistent solutions across an entire state, city or county.
At the same time, fraudsters and other malicious actors are gaining more powerful tools. “Fraud has industrialized and weaponized artificial intelligence,” Burris says. “They share insights with each other to help mount attacks at scale and counter defenses put in place by different organizations.”
Modern software platforms put identity front and center while tracking the context of user behavior. They apply AI/ML in a layered, holistic approach that enables automatic decision-making, protects legitimate users and makes life miserable for cybercriminals.
Tips for Implementing Proactive Anti-Fraud Tools
Identity protection shouldn’t be a checkbox on a list of nice-to-have options. It should be a strategic priority applied consistently across an agency’s business practices. “It’s important to treat identity as a continuous, data-driven ecosystem that lets good people engage in the process and makes fraudsters feel like they’re climbing a never-ending wall,” Burris says.
Key stages of implementation include:
Planning: Take time to understand where identity decisions are made. Assess the user challenges and threat intelligence you’ll need to make more informed decisions. Identify the required integrations with the applications and data sets in your technology stack.
Engaging: Get essential stakeholders involved in the solution development process. Include end users as well as experts in security, privacy, finance, compliance and IT. This prevents progress from stalling because key players weren’t consulted.
Proving: Design a proof of concept for a single transaction type. Work with your integration partners to create standard workflows that can be applied to more transaction types in the future. Create playbooks to simplify development. Test thoroughly to work out any bugs.
Going live: Roll out new workflows incrementally so you can apply lessons learned to later stages. Start with low-risk traffic, and set up a process to compare new solutions to legacy controls. Assess thirdparty dependencies to see how well your solution integrates with external software. Establish metrics for success and failure.
Iterating: Analyze user data to document improvements and identify problems like processes that allow fraud or deny access to legitimate users. Data should also capture the cost of fraud and the potential savings from effective prevention.
Striking a Better Balance
“Fraud is like running water,” Burris says. “It’s going to take the path of least resistance.” The people using public services online, meanwhile, want resistance reduced to a minimum.
Modern identity defenses strike this balance, creating more trouble for malicious actors and making online interactions safer and easier for everyone else.
This piece was written and produced by the Government Technology Content Studio, with information and input from Socure.
