A leading online gaming platform increased customer registration with seamless identity verification

A leading online gaming platform increased customer registration with seamless identity verification

Problem: Automating customer registration and verification

The company is a leading provider of online and in person gaming, providing a unique cross platform gaming and wagering experience in the United States. They provide a loyalty and gaming platform that requires regulatory compliance to ensure the safety and security of their users. Matching a digital identity to a physical identity is not only good business but required. Their legacy verification solution provided sub-par pass rates of only 70%, leading to customer drop off and manual intervention.

 

Goal: To onboard users & verify their identities without friction

With hundreds of thousands of users registering each year, the company needs to be able to provide a frictionless yet secure onboarding experience into their gaming and loyalty application. It is essential that users onboard with the least amount of friction and the highest pass rates for the “good guys.”

Strategy: Use identity verification workflows and orchestration to increase pass rate

The company decided upon an identity verification workflow to increase pass rates while keeping the “bad guys” out. By linking several templates from the least friction to the most secure, the company could progressively verify users through several factors: first checking what they have, then what they are, and then what they know. If a user passed the first test, they were registered only going on to the subsequent test if they could not pass the first. Using this method, the company is able to achieve a 95%+ pass rate. This additional 27% pass rate equates to thousands of extra paying customers per year with no manual intervention needed.

Results: 27% higher pass rate equals 27% more paying customers*

By increasing the pass rate for “good guys,” the company was able to increase the number of customers seamlessly and quickly getting on the platform to generate revenue. Most users (70%) passed the lowest friction verification template (MobileMatch); of those that were not able to pass that test another 70% passed the document scan to selfie match (BioGovID); of the remainder, another 70% were able to pass the dynamic KBA (knowledge based answers) to achieve an amazing 97% pass rate through an automated branded experience.

 

* All numbers have been rounded to protect the security and identity of the company in this example.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Edward Killeen

Vice President of Marketing

ID Dataweb named technology leader in Kuppinger Cole Fraud Reduction Leadership Compass

ID Dataweb named technology leader in Kuppinger Cole Fraud Reduction Leadership Compass

Kuppinger Cole’s recently released Leadership Compass on Fraud Reduction Intelligence Platforms (FRIP) names ID Dataweb as arguably THE technology leader when accounting for innovation and product capabilities. With an estimated worldwide cost expected to reach $10.5 trillion (yes, trillion) by 2025, cybercrime prevention should be the #1 focus for any publicly facing application. If there is a way to reduce that risk while maintaining customer experience, a business can drive their customers to a safe secure digital experience, thus increasing revenue while limiting risk. Kuppinger Cole’s FRIP Leadership Compass recommends ID Dataweb’s AXN platform as one of the most, if not THE most, innovative and capable platforms for solving this fraud problem. 

Below I will talk about the most common types of fraud and recommended solutions, but to read exactly what Kuppinger Cole is talking about and compare vendors in the space, please download the free report here. 

 

How are fraudsters costing businesses $10,500,000,000,000 through fraud?

According to Kuppinger Cole’s report, the three most common types of fraud are: 

  • Account Takeover Fraud (ATO) 
  • New Account Fraud (NAF) 
  • Sim Swap Fraud (subset of ATO) 

In Account Takeover Fraud, a fraudster will use breached passwords and credential stuffing attacks to execute unauthorized transactions. Everyone now knows that passwords (what you know) are the weakest of all of the authentication factors. In fact, there are only two types of passwords in the world, those that have been breached and those that are about to be (I can’t find the citation for this but trust me!). The solution for this is weirdly simple, use the other two factors – what you have and what you are. But you need to be certain that you know exactly who the user is when assigning those factors to a credential. 

In New Account Fraud, a fraudster will open accounts using a collection of stolen PII (Personally Identifiable Information) to execute transactions or transfer money. This is particularly insidious because the victim won’t know until it shows up on their credit report often at an innopportune time. To solve this problem, the account registration process needs to properly prove and verify an identity upon account creation without being so onerous that legitimate customers stay away. Being able to prove the identity outside of the stolen PII is key, it has to be independent and impossible to fake. 

SIM Swap Fraud is a subset of account takeovers. By pointing a customer’s legitimate phone number to the fraudster’s device, many of the fail-safes that companies use to determine if a customer is legitimate are sidestepped. A One Time Password (OTP) goes to the bad guy’s phone so the bad guy gets to vouch for themselves = not good security. Again, simple fix, check for SIM swaps or recent ports on a device before even sending the OTP. 

Why is ID Dataweb so well suited to solve fraud?

As Kuppinger Cole reports, ID Dataweb’s AXN (Attribute Exchange Network) “facilitates orchestration of identity attributes and risk factors for analysis.” By orchestrating signals about the user, their devices, their risk data, their credit bureau data and creating a single trust score, the AXN provides a standards-based way for an application to easily verify a user’s identity or risk at the time of account creation, authentication or transaction. ID Dataweb has built a series of commonly used templates that can be inserted into any process for one time or ongoing identity verification.

Specifically for ATO fraud, ID Dataweb can provide risk analysis on the user or the device at time of authentication or before a high value transaction, determining how likely that user is who they say they are. Additionally, for the organization that utilizes the other factors (what you are, what you have), ID Dataweb can verify the user’s identity at the time of credential issuance or recovery, making that biometric or device authentication that much more secure. 

New Account Fraud is one of the most common problems ID Dataweb solves. By integrating with all of the major customer identity platforms, we insert a verification workflow directly into the account creation process. This workflow is designed to be as frictionless as possible by first verifying a user’s phone possession and ownership, orchestrating data signals from many sources. If that isn’t sufficient or the user doesn’t pass that verification, we can step up to verifying that data against a selfie and government ID, again orchestrating the collection of data across up to a dozen sources invisibly to the end user. The organization is going to have a much better assurance that their new user is who they say they are. 

SIM Swap fraud is ridiculously easy to solve. When verifying an identity or using MFA, simply check with the appropriate Telco to see if the SIM card has been swapped since the last verification. If it has, step the user up to a more stringent verification like checking their government issued ID against a selfie. 

There is a reason Kuppinger Cole rates ID Dataweb so highly in this report, we are very well positioned to solve the most common cybercrime and fraud issues. Identity verification and risk detection are the cornerstone of a successful customer facing application. As the Leadership Compass explains, ID Dataweb has a “strong positive” on the product capabilities and innovation needed to solve this growing fraud problem. 

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Edward Killeen

Vice President of Marketing

Demographic Bias in Identity Proofing

Demographic Bias in Identity Proofing

In Gartner’s Market Guide for Identity Proofing and Affirmation, the authors make special note of demographic bias in facial recognition. If the AI performing the facial recognition or face match has a bias with regards to gender, race, age or any other characteristic then that is wrong on a fundamental human level. Of course, there are business implications as well but our concern transcends those implications. 

This is an important topic and one that ID Dataweb takes very seriously. One of our identity proofing templates involves the user taking a selfie, doing a liveness detection, then comparing that photo to a driver’s license or government ID. We don’t control the AI that performs these actions but we do control which backend providers we use on our exchange for these functions. We want to ensure that every user has an equal ability with as little friction as possible to verify their identity to sign up for our customers’ services. 

What can we do to mitigate demographic bias?

Of course, we test our pass/fail rates internally for our BioGovID proofing workflow. Due to the nature of our services, we have no way to know the gender or race or age of our production customers but we can determine the demographics of our POC and internal testing. To date, we have had identical results for all of our internal testing through all demographic groups. With pass rates north of 90% in all groups, we are confident that within our company’s, our customers and our partners’ employee groups, there has been no demographic bias. 

But that isn’t enough. It’s a small sample size with technically astute users. We need to ensure that there is no bias with larger populations. From our production customers, we have never seen any abnormally low pass rates but that still isn’t enough to ensure that the bias isn’t hidden in the numbers. Thankfully, our attribute provider partners are aware of this issue and are taking steps to mitigate and solve the bias when they find it. I am going to provide Acuant’s Fairness Evaluation verbatim. When asked about it, they had an answer immediately and obviously put it at the forefront of their research and product development 

Acuant’s commitment to Responsible AI includes building AI services that work equally well for all supported demographic groups and scenarios. To achieve this, Acuant worked with stakeholders to establish the following fairness accountabilities for facial recognition: 

  1. Measure and mitigate error-rate differences between subpopulationsbased on race, ethnicity, skin tone, gender, and age. Differences should get smaller or stay the same as new and updated features and functions are released. For face verification and identification, Acuant has committed to a <3% performance discrepancy between gender, age, ethnicity, ethnicity x gender, ethnicity x age for the categories defined below.
  2. Plan to support fairness by evaluating key use cases for potential fairness issues. Particularly for new functions, identify use cases that should be restricted or prohibited, conduct research with key stakeholders to uncover key fairness-related concerns, and evaluate the impact of regulations and policies.
  3. Document known issues and influences on accuracy, as well as known remediations, specifically for the purpose of informing experience and solution builders. In addition, Acuant is building the product to minimize the amount of work required to properly use Acuant facial recognition AI.
  4. Provide access for third parties to audit external-facing APIs. Provide contact information for escalating any fairness issues that are discovered and establish an internal review process, including expected outcomes and a communication plan for responding to escalations.
  5. Participate in credible public fairness benchmark competitions and/or evaluate functions using datasets designed to support evaluating accuracy by subpopulations based on race, ethnicity, skin tone, gender, and age. Existing public datasets are small, unbalanced (<5,000 subjects per subpopulation), and contain labeling errors. 

Building a bias-free Identity Verification workflow

Even with all of these efforts in place, relying solely on selfie to government ID matching can be problematic. You not only have the potential AI bias in recognizing faces but also can have issues with disadvantaged populations being less likely to have a government ID. Economically disadvantaged users are less likely to have a smartphone with a high enough resolution camera causing matching discrepancies. 

This is one of the many reasons ID Dataweb recommends a two or three step workflow for identity verification:  

  • Start with a phone possession & ownership check – if the user gets the OTP and we can triangulate that it is indeed the user’s phone without any signs of fraud we consider the user verified. This step usually verifies 70-90% of users. 
  • If they not able to pass that step, we can then perform a dynamic KBA (knowledge based answer) with either a credit bureau or custom data. This step can verify 70-90% of users who didn’t pass the first step. 
  • If that step is not passed, we would step up the verification to the selfie to government ID match. This step again, usually verifies 70-90% of the remaining users. 

By taking this stepped workflow approach, you are able to bypass a vast majority of the demographic bias. Your users have a more frictionless process and your goal of allowing the correct people through while stopping fraudulent actors with sophisticated security tools built into ID Dataweb’s AXN platform. 

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Edward Killeen

Vice President of Marketing