Is bank-verified digital ID the secret weapon against payments fraud?

The digitisation of the economy has delivered enormous benefits. In e-commerce, levels of convenience, flexibility, reach and scalability that until recently would have been thought astonishing have become the norm. However, the nature of the online economy’s architecture – and often its sheer novelty – has also created opportunities for fraudsters and other malicious actors to exploit its openness and anonymity.

Verifying a customer’s identity online is one of the key systemic vulnerabilities criminals exploit, and it’s big business: in 2020, losses to fraudulent transactions on payment cards alone cost businesses £574.2 million GBP. One in 13 Britons admit to committing at least one fraudulent act in 2021 (the real number is likely higher), with 56,000 cases of the misuse of bank accounts in the same year. The UK has been host to around 28 million data breaches every year for the last decade, costing the economy an estimated £3.7 billion GBP 

Regulatory innovations like SCA (Strong Customer Authentication) have been introduced to meet this threat across e-commerce and online banking, but they have their limitations. 
 
This is how bank-assured ID verification can further increase security in the payments ecosystem, in the process reinforcing consumer trust and hence increasing the likelihood they will complete a transaction.

 
Banks deliver superior security

Bank-assured digital ID (BAI) works by facilitating the sharing of user data via API (Application Programming Interfaces) so that the customer can prove that they are who they say they are.
 
For obvious reasons, banks have a strong incentive to ensure the integrity and accuracy of their account holders’ data. SCA regulation means they have already confirmed their identity via the validation of confidential information like a PIN number, sharing an identifying document like a passport or driving licence, and in some cases biometric data like a fingerprint.
 
Once the customer is verified, their name, address and date of birth are captured, and the bank must keep this information up to date.
 
All of this means that banks are already expert at ensuring they know who their customers are with confidence; BAI allows them to extend this confidence throughout the payments ecosystem.
 

Limited exposure

 
During the BAI validation process, user data is shared in real time, and only in support of the relevant transaction. No third party, whether a retailer or the provider of the BAI solution itself, is able to retain or store a customer’s identifying information. 
 
In ring-fencing any and all sensitive data within an already secure environment, its exposure is severely curtailed and opportunities for its duplication or otherwise abuse is limited. Data is put at far less risk of compromise, with clear benefits around security and privacy.
 

Consent and control

Consumer data can only be shared after their explicit consent: they themselves determine what is shared as part of a given transaction. Cutting down on decision points and centralising them around the user themselves limits the exchange of data, meaning there are fewer options available to fraudsters seeking to impersonate another individual. 
 

Expansion of security provision

 
SCA, as we mentioned above, has its limitations. Merchant-initiated transactions like direct debits and other recurring subscription payments are exempt, as are transactions identified as low-risk, usually those of lower values. Payments to trusted beneficiaries can be also de-selected by consumers, facilitating repeat business but also opening up opportunities for abuse, especially around consumers who may lack in understanding of the risks or may not be technically adept. Also, if a bank involved in a transaction is outside the UK or EEA, SCA does not apply, and it does not cover anonymous payment instruments like pre-paid gift cards.
 
BAI can serve to fill some of these gaps, delivering broader coverage that exceeds regulatory requirements and can add more security to the digital payments system overall.
 

Transaction monitoring to reduce risk

 
As part of a suite of capabilities delivered by open banking, digital ID services can enable the continuous monitoring of transactions. This means banking providers can spot and isolate fraudulent activity in real time, especially when supported by machine learning solutions ‘trained’ to spot the tell-tale signs. 
 
On the bank side, a full audit trail is recorded, including the customer’s consent validation, details of the merchant and relevant financial institution, a token identifying the customer identifier, an anonymised attribute list of the data shared, and all associated timestamps.
 
This more complete view of customer behaviour and transactions and greater visibility on suspicious indicators allows faster and more agile responses to fraud, and – ultimately – improved risk management. 
 

Reduced manual intervention

 
Whether in automating the whole ID attestation process or in cutting down on the number of failed transactions that need to be followed up with by a customer service team, BAI cuts down significantly on the need for manual intervention.
 
Optimistically, this can cut down on human error – or, to take another view, it cuts down on opportunities for the payments system to be abused. 
 

Innovation facilitated

BAI could serve as the nucleus for more reliable and secure identity verification in fields outside payments. It’s not just banks that stand to benefit from the guaranteed confirmation of ages, addresses and other information, and it does not have to be just individual customers who validate their data. Banks’ business customers stand to benefit as well as they are empowered to make transactions with greater faith. 
 
The digital economy is interconnected to an enormous extent; growing trust in the system benefits all stakeholders, as well as individual nodes in the system. BAI could act as ‘ground zero’ for the spread of efficient, safe and user-friendly methods of ID verification in a huge range of contexts, adding value in a huge number of ways.
  
If you’d like to learn more about how OneID® can help your organisation fight payments fraud with bank-assured digital identity, click here.

We have also created a report, intrinsically linked to this topical matter: ‘How digital ID can deliver for British consumers and businesses – and how banks can play a lead role’. This report highlights the opportunities that a Digital ID system holds for UK banks, businesses and consumers. Themes covered include: fighting fraud, consumer trust, and modernising payments. It also discusses what Digital ID will deliver and the role that banks play in digital identity.