As the banking world becomes more and more dependent on contactless payments and efficiency, financial institutions need to anticipate the expectations of potential customers and a smooth, safe, and secure onboarding process of a new customer. With the constant threat of evolving tactics from fraudsters, the focus of the digital onboarding process in the financial services industry is around identity verification and using the digital identity of a new customer for the onboarding process. Finding the balance between a secure, yet smooth customer onboarding experience is the challenge that the financial services industry faces.
Read this Q & A with Andy Ding, Principal Product Manager at Upgrade, a fintech-focused on unsecured consumer lending.
The company offers “affordable online personal loans” as well as a payment card tied to a personal line of credit. With a Master’s degree in Industrial Engineering and Operations Research, Andy previously worked for one of the world’s top business consulting firms and held risk operations and fraud analytics positions for a leading peer-to-peer lending platform. He talked with Mike Sasaki, leader of the Mitek Systems global customer success team, about why identity verification is so important to fintech success.
Why is identity verification (IDV) such a hot button for fintechs right now?
Andy: Identity is hot because of two big things going on today. The first is that, as we speak, fintechs—which have always been disruptors—are being disrupted. There are all kinds of new competitors crowding into the space. They’re all battling for consumers with good credit scores, and so consumer expectations for a frictionless experience and a high level of service are continuing to rise.
The second thing happening as we sit here talking is that fraudsters are getting smarter and smarter every day. So it’s more and more difficult to bifurcate between who is a real customer for a loan versus somebody who wants to conduct fraud on the lending platform. Staying afloat in this environment requires constant innovation, both in terms of customer services and security. And all of it revolves around identity. We think doing a great job of IDV is essential to our future success.
What are your key identity challenges?
Andy: I think the key challenge for us as a fintech firm is finding the right balance point between, on the one hand, providing a frictionless and seamless customer experience and, on the other hand, ensuring the integrity of transactions and preventing fraud on the platform. Identity is fundamental to both.
That balance is reflected in the two key metrics we track very closely. One is how fast we’re getting our customers through the application process and onboarding. The other is fraud rates.
Does the balance point shift in different situations?
Andy: Yes, definitely, it can shift depending on the use case and business model and customer’s level of risk. From a business point of view, when you’re offering something like an unsecured consumer loan, that’s usually a one-time transaction. For that, consumers have limited tolerance for friction. They want to get their money as quickly as possible. At the same time, if we go too fast and make a loan to a fraudster, we take a direct loss. We would also be opening the door to an increased level of fraudulent activity on the platform, which wouldn’t be good for our customers either. So the balance point is a bit toward speed, except in the case of very risky loan applicants, where we selectively add more friction.
In contrast, when consumers are signing up for something like an investment platform, they tend to be more willing to accept a higher level of friction. It establishes a level of trust in the integrity of the platform and gives them confidence all the transactions they do on it over time will be secure. So in that case, the balance point shifts somewhat away from speed.
But, you know, the right balance point isn’t a fixed thing. Finding that optimal point is something we’re always working on. We have a very good analytics team that’s always looking at a diverse set of data to scientifically determine how we can improve our approach points. Things like elapsed time for account opening, customer characteristics and risk levels, the different treatments we’ve applied to them, process completion and drop-off rates, fraud patterns, and fraud rates.
What kind of fraud are you most concerned with?
Andy: We generally see three types of fraud. There’s first-party fraud, where a criminal uses a consumer’s information obtained from, say, a data breach to try to take over that consumer’s identity and open an account with it. The second is first-party fraud, where the fraudster knows the victim. It could be a family member or friend using the consumer’s information to try to get a loan. The third is synthetic identity fraud, where criminals piece together bits of data stolen from real people to create a fake identity for a person who doesn’t actually exist. That kind of fraud is growing, and it’s the hardest to detect.
How do you combat it?
Andy: We’re a very data-driven firm, so our approach is to front-load a lot of advanced analytics to prevent fraudsters getting through the door. Of course, we analyze the standard data needed under Know Your Customer requirements, but we also use a lot of nonstandard data points. These might include email, IP address, device ID, account data, banking history, click patterns on websites, and other behavioral data, which are input into our credit risk and fraud detection models.
As I said, fraudsters are getting smarter and changing their methods all the time. For that reason, we can’t rely entirely on analyzing historical data to detect fraud signals. So we also need unsupervised machine learning models to analyze new data coming from customers in real-time and find patterns we don’t know about that may indicate fraud is in the works.
Another thing changing about the business environment is the emerging self-help culture—how are you adapting your security approach to that?
Andy: Sure, the self-help culture is definitely on the rise. It’s good for streamlining simple customer service processes. At the same time, it could open the door to more fraudulent activity, such as account takeovers. Once a fraudster takes over a personal line of credit account, for example, they can do just about anything, such as changing the email address on your account, your payment schedules, and the bank accounts you’re linking to. So self-help definitely creates more challenges for fintech platforms to keep customer information like this safe as well as to keep our corporate data secure. In addition to all the analysis we do upfront to prevent fraudsters from getting in the door, we’ll also need to constantly analyze self-help activity and account transactions to proactively detect atypical behavior that might signal an imminent account takeover and stop it before it happens.
That said, it’s not just sophisticated analytics that provides security. We’ve all read about breaches that could have been avoided by following fairly simple, well-known security measures. So, in addition to all the analytics, Upgrade relies on best practices like two-factor authentication and notifying the original name and email on the account whenever anything gets changed—a lot of little things that add up to better security and are essential for the self-help culture.
What do you see as the future of identity?
Andy: It’s going to be a mix of best practices and new technologies. We expect to use more biometrics like facial and voice recognition. But I think no matter what the specific technology components end up being over time, as long as Upgrade continues making data-driven decisions and being creative about how we provide the right speed/security balance point for each customer experience, we should be able to build a platform for the long run.