Blog: Fight Fraud without Alienating Customers Using Mobile, Knowledge-Based Authentication

By Michael Boukadakis, Enacomm

White-collar crime is putting American consumers in the red. More than $1.6 billion in fraud-related losses were reported to the FTC last year, and the government agency received more than 1.1 million fraud complaints, a number that has nearly doubled since 2008.

Using stolen identities to open fraudulent credit accounts or making fraudulent charges on an existing account is the second most commonly reported form of identity theft. Fraudsters also are taking these tactics to prepaid—using stolen identities to open fraudulent accounts. In a world where unscrupulous individuals can hide behind computer screens, knowledge-based authentication (KBA), or “out of wallet” authentication, is one of the most effective tools in the technology shed for combatting this type of fraud.

Using a layered, intelligent, dynamic approach, KBA is a nonintrusive way to validate and authenticate legitimate customers and stop fraudsters in their tracks. You authenticate customers by asking for limited personal information and then presenting a variety of questions—drawn from credit and noncredit sources, such as databases for automotive registration, property ownership, etc.—that can be answered easily by the actual person. Advanced technology can change the questions with each customer’s access.

Federal law requires all financial institutions to obtain, verify and record information on each person who opens any type of financial account. And detailed in its “Supplement to Authentication in an Internet Banking Environment,” the Federal Financial Institutions Examination Council (FFIEC) asks that a variety of processes and technologies be used as part of a multilayered approach. Of note, the FFIEC’s requests that financial institutions enhance simple device authentication, such as static cookies, customer derived enrollment information and IP address confirmations. The FFIEC asks financial institutions to move well beyond those measures and to employ more complex, layered device identifications and out-of-wallet verification processes and procedures. Specifically, the FFIEC guidance says, “Challenge questions can be implemented more effectively using sophisticated questions. These are commonly referred to as out-of-wallet questions that do not rely on information that is often publicly available.”

The Snag

While asking a customer for multiple pieces of information and presenting him with various questions satisfies federal guidelines and other legal compliance, it can throw a major wrench in the prepaid card activation model. When consumers set their sights on reloadable prepaid cards, they want to load and use the cards immediately. Approval of a request for a prepaid card may be significantly delayed pending receipt of the requested documentation and subsequent verification, which can result in customer card abandonment, lack of activation or even the purchase of another type of card that can be accessed immediately. Mailing prepaid cards or applications is also extremely expensive, and a large portion of companies’ investments are wasted on cards that are never activated or loaded. Out-of-wallet authentication must be accomplished in real time—and that means mobile.

What does authentication of a customer and activation of his or her account via mobile look like?

Let’s call our “average” consumer Steve. Steve purchases a prepaid card at his local retail pharmacy chain and steps out of line to call the toll free number using his smartphone. He’s greeted by an IVR: “Welcome to the Card Center. Please enter or say your 16-digit card number.” Steve enters his card number using his keypad. “Thank you. I see this is a card that has not been activated. Would you like to activate this card now and join our rewards program? Please press 1 or say yes to activate your card.” Steve says, “Yes”. The system replies, “Thank you. This process may take a few minutes, but then you’ll be able to use your card immediately. For your personal protection, we need to verify your street address. Please enter or say your street number.” Steve enters his street number and is then required to enter or say his five-digit ZIP code and Social Security number.

The IVR prompts could wrap up there, and Steve would receive a confirming voice message or text that his card is ready for funding—but a card company also could inform Steve of the nearest reload centers if his phone has GPS or require additional layered KBA. Steve could be presented with a multiple choice question, for which he must choose the right answer, or even more “Back-to-the-Future,” he could be asked to take a picture of himself and/or his driver’s license, which would be compared to his publicly stored government-issued ID through facial recognition technology.

Laws, industry standards and escalating fraud are making mobile, next-generation KBA a must-have for prepaid. And let’s face it: Many customers are reluctant to call an IVR or interact with a customer service representative. With dynamic KBA, organizations can engage customers in their “mobile moment” with an activation and authentication service that is more comfortable and convenient to use. The upside: reduced fraud, more activations and happier customers.

Michael Boukadakis is the founder and CEO of Enacomm, a provider of technology that brings intelligence to customer self-service with innovative applications and services. With decades of experience driving national organizations focused on call center technologies, he is considered an expert in multimodal, personalized customer interactions. He can be reached at [email protected].