Identity Verification – Theft and Fraud

Data Breach Photo

Identity theft and fraud are a big deal – everyone knows it.

Companies are super aware and are now offering identity services. Five years ago, it was enough to know who a customer was online. This is verified by just visiting any industry trade show and the halls will be packed with identity verification products. It seems every company wants to get in on the action.

Why now?

The public is very aware of security incidents that have compromised their data and that of others. And it’s making them ask the tough questions: What does identity mean to them? They will ask who is causing the incidents? They will want to know who has their documents and data. Then they will ask how everything is being stored and secured.

The industry has responded by spawning countless solutions. There is eventually going to have to be regulation covering all these different products. Moreover, there must be some sort of gold standard for identity truth and how to confirm it.

Jumio vice president of products Philipp Pointner is among those experts.

Can I See Some ID?

When a brick-and-mortar store asks to see a customers government-issued IDs they are comfortable with presenting it. Why not have them do the same with online businesses?

Perhaps counterintuitively,

“The key to the future may lie in the past”, Pointner said.

Jumio, the software company that Pointner is president of, can recognize various types of ID from 250 different countries, Pointner explained, including multiple generations of IDs from all 50 U.S. states. The company knows exactly what these government-issued identity documents should look like, from security characteristics to items encoded in the document to how the photo should be held in place (to prevent fake IDs being used).

Where Device Verification Falls Short

Fingerprinting devices can determine whether the device making a transaction is the same one that the user was on when he created the account. When using a fingerprint device it can determine whether the user is on the same device originally used to set up the account. But it cannot account for a device that has been stolen. Or account for fraudsters who are able to make remote web traffic appear to come from a local point of origin.

Location services are now used to show when a purchase is being made from within a reasonable radius of the customer’s usual activity. But it also runs into the same roadblock if fraudsters are spoofing IP addresses.

Biometrics have made huge leaps forward in recent years, Pointner noted. They can confirm that a certain human characteristic (fingerprint, eye print, voice print or other identifiers) is present. These characteristics are used to verify that the same person is conducting the activity.

However, he argues that biometrics fall short at the point of origin: Who is enrolling the fingerprint? Is this person who he or she is claiming to be? Whether it’s the same fingerprint this time. Then, the next time becomes irrelevant if the person who enrolled it in the first place is a fraudster. In that case, Pointner said, a real-world identity check does offer some advantage. Because a merchant or bank teller can hold up a photo ID next to a customer’s face and compare the two.

“The photo is what ties it to the real-world person,” Pointner said. “Jumio does the same thing online, making it a ‘person-present’ transaction.”

From Plastic to Digital Identity

The big question is whether customers would willingly use a method like this? Especially since security researchers have cast doubt on the integrity of Apple’s new Face ID authentication method by fooling it with masks. Pointner still thinks the answer is yes — if not today, then tomorrow.

People have grown used to recording videos of themselves, he said, especially younger generations that are taking a hundred selfies a day. Why not leverage what they’re already doing on Snapchat, Instagram, Facebook and elsewhere to keep their data safer?

Pointner believes physical ID cards will one day give way to digital IDs. Due to Governments experimenting with this approach, he explained. Further stating, others use distributed ledger and blockchain technology to create identity systems, an application that makes sense if innovators can make it work.

These methods will also make a lot of sense to them, as digital natives grow up. Certainly more sense than the paper, plastic and static identifiers that their parents once used.

Do not trash that nice leather wallet just yet…

“Digital identities are definitely going to come,” Pointner said, “but the plastic will stay in our wallets for a while longer.”

Prevent Credit Card Fraud

Credit Card Fraud

When your business address is prefaced by “www” and ends in “.com”, you need all the help you can get when it comes to preventing online credit card fraud. You already pay more in merchant account fees because you deal in CNP (card not present) credit card transactions. So you will want to lower your risk of getting slammed by fraudsters and identity thieves.

Here are 5 suggestions to help prevent Credit Card fraud:

Check whether the order is coming from a “high risk” country. 

  • Any order that comes from outside the U.S. should raise a big red flag, and some of those flags fly higher than others. Granted, just because the order originates in a country on the first list doesn’t guarantee that it’s fraudulent. But, it should motivate you to use other tools to confirm its legitimacy to help prevent credit card fraud.

Beware the free or anonymous email address.

  • These include providers like and, whose email accounts are virtually untraceable. Legitimate customers may well use free email addresses for the convenience and cost savings they offer, but so do most fraudsters intent on remaining anonymous. In the B2B environment, however, most businesses have their own domain names; if not, exercise caution and get additional information, such as the customer’s geographic location, to determine if their order needs to be checked further.

Check the mailing address. 

  • Is it a mailbox or ship-forward service? Fraudsters want to cover their tracks while collecting their ill-gotten booty. A public post office box, private mailbox or drop shipment forwarding address fits their strategy. Think twice before sending merchandise to any of these types of addresses.

Confirm that the address on file

  • Confirm that the address on file with the card issuer matches the shipping address. This service, known as address verification system is offered by many reputable merchant account providers. A thief who’s using a stolen credit card or account number to make a purchase will have the order shipped to their own address or that of an accomplice, not the cardholder’s address. By using AVS, you can quickly confirm this discrepancy.

Contact the issuing bank to verify the card.

  • A quick, toll-free call to the customer service department of the bank that issued the credit card is in order if you have any suspicions about the validity of the account. The issuing bank phone number is based on the Bank Identification Number (BIN), which is found in the first 6 digits of the credit card number.

All merchants — online or off — must be aware of the threat of credit card fraud and be ready to implement security measures like those outlined above.

Total elimination of credit card fraud may be out of reach, but managing your exposure to it is not, especially when you team up with an experienced merchant account provider