What is identity?
It is defined as the fact of being who or what a person or thing is. For the purpose of this article, however a better question is ‘How does one prove identity?’
In the physical world this is a straightforward process. You must present a physical, primary ID, such as a passport with your photo, which matches who you say you are.
Proving your identity online is not as simple because fraudsters can fake or spoof identity very easily. There are plenty of avenues: click farms, spoofed devices and IPs, burner phone number and fake emails. Platforms need a reliable way to keep users safe.
As the world economy shifts more online, digital fraud has become one of the most important enemies that platforms face. Opportunistic fraudsters are constantly looking for security holes to exploit in the way of bulk account creation, synthetic identity fraud, financial crimes and content abuse. But before we look at the solution, let’s evaluate the problem.
How big is the digital fraud problem?
Simply by looking at one leading social media platform we can begin to see the tip of the iceberg. In the past 18 months, this platform has removed billions of accounts. For scale, that’s roughly 2.5x the amount of legitimate user accounts. These fake accounts are used to do things like spam good users, perform bulk phishing attacks, commit promo abuse and leave fake reviews.
In fact it’s estimated that 40% of the reviews you read online are fake, existing only to trick an algorithm to prioritize or deprioritize an item’s listing. The same methodology is used to disseminate ‘fake news.’ By having thousands of bot accounts ‘like’ certain stories, these can be pushed out to good users who could be influenced by the content. This can swing an election or otherwise destabilize governments. Long story short, fake accounts are quite bad.
Onboarding users in a digital world
If we accept the hypothesis that fake accounts do harm, how do we reconcile that with wanting to grow a platform securely? For that we turn to digital identity at registration, a crucial, yet seamless step at getting users onboarded quickly and increasing registrations.
The process looks like this:
Validation: At the first step we ascertain one thing. Is the user real or fake? At this step digital identity can weed out bots, a crucial step in the right direction but there is still some work to do.
Verification: During the verification step, digital identity looks to see if the registration credentials used match an actual identity in the real world. This weeds out fraudsters using fake information in the way of synthetic identity fraud and also those who are trying to create duplicate accounts.
Authentication: In this step we add a layer of security in the way of multifactor authentication. By relying on something the user has on their possession such as a phone, we prove that the user is in control of their account. This is important as we cannot rely only on username/password alone in the post breach world.
Dynamic risk assessment: In the final step, we perform a risk assessment based on user behavior. Identity verification cannot be considered static anymore due to breaches, we need to stay ahead of Fraudsters and leverage machine learning techniques to understand fraudulent patterns at a global scale. Fraudsters always leave a signature behind, understanding that behavior using this knowledge helps us predict synthetic identity abuse proactively. Based on these behaviors, we are able to deliver actionable insights to platforms on the likelihood that the registrant is a bad user.
It may seem like a fairly robust process, but in reality, good users can be verified in a matter of milliseconds.
Global growth vs. fraud
One thing businesses are constantly grappling with in regard to onboarding is scalability and user friction. Balancing the equation is often difficult and is driven by customer maturity and business lifecycle. Platforms want to ensure secure, global growth and also reduce friction. TeleSign aims to allow end users to create accounts globally without adding friction, while minimizing fraud and compliance risks.
This means not only does onboarding protection enable a frictionless experience, we ensure the right balance for fraud prevention and sustainable growth. Using Digital Identity at registration has been shown to increase sign-ups. Meanwhile, fake accounts are reduced and the user experience for a good user is improved drastically.
The fraud problem is not going away, in fact the scale and velocity of attacks is increasing. Roughly two thirds of businesses choose overly simplistic registration processes with little to no security. These companies put their business and their legitimate users at risk by not verifying each new user. On average, organizations surveyed in TeleSign’s fraud report spent $4M per organization to respond to spam or fraud committed by unverified users.
By getting ahead of this problem and implementing digital identity solutions, businesses both protect their users and themselves while laying the groundwork for explosive growth. We help our customers utilize digital identity to simplify the onboarding process for legitimate users while identifying and blocking risky users before they can do harm. Simple as that.
A one-time passcode sent to a good user can verify them almost immediately. Refusing to send one to a fraudster can cost your company millions.
TeleSign is the pioneer in phone-based verification and provides Digital Identity solutions and Programmable Communication solutions for the largest web properties in the world. We connect online and offline identities to protect platforms and users in the digital world.