What is the difference between validation, verification and authentication?

Now more than ever, businesses need to get the balance right between having the best fraud prevention solutions and still offering customers a quick and seamless digital journey. With the right technology most of the required checks can be done invisibly, whilst onboarding the customer.

The ability to reliably ‘know’ someone is critical to multiple interactions. From protecting online customer accounts, to meeting regulatory and compliance guidelines. How to prove an identity online has changed significantly over the past 20 years. It has been approached in many different ways, but until recently, few have managed to fully achieve verification.

In this blog we look at the core challenges for businesses and explore how checks have changed during the pandemic.

How do businesses link online to offline identities? Here are the three most common ways (identity validation, identity verification and authentication) and how they’ve developed over time.

What is identity validation?

Identity validation is where an individual’s personal information, such as their name, address, phone number and email address, are checked to validate that they exist in the real world. This can be done by checking databases such as postal address files, phone records, or even basic credit data.

For businesses, validating an individual in this way provides an assurance that there’s a real phone number, postal and email address that could be associated with them. However, it’s important to note that identity validation alone doesn’t link that data to the customer.

Once it’s proved that the individual exists, customers are issued with a username and password, to validate their identity when they login to the business’s website.

Identity validation – the benefits

• Identity validation provides less friction in the digital customer journey and is often used to onboard customers for low-risk products. For example, an online retailer may use it to set up a customer’s online profile.
• Less friction can mean less chance of the customer abandoning the activity, while making it easy for them to access products and services online and on mobile.

Identity validation – the challenges

• Identity validation doesn’t provide organisations with the high-level assurance that a customer is who they say they are – just that they exist.
• A fraudster can easily set up a fake account using real data that isn’t theirs, or log into a customer’s account/s.

 

What is identity verification?

Identity verification is the much more in-depth step of linking an individual to the information they provide.

With identity validation, businesses are checking if the data is real. With identity verification, a customer is linked directly to that data, and verified as genuine through additional checks.

These checks usually include using official databases such as driver licence files, electoral registers and credit bureau data.

Organisations often use identity verification when they have a regulatory obligation to prove that a customer exists. For example, as part of setting up a bank account, or applying for a loan.

Identity verification – the benefits

• Identity verification gives businesses a much higher level of assurance that a customer is who they say they are, making it more secure that identity validation.
• Identity verification introduces more friction into the customer journey compared to identity validation.

Identity verification – the challenges

• Fraudsters can get around these checks by stealing an individual’s identity and impersonating them to set up an account or apply for credit – without the victim knowing.
• For example, by getting hold of a document that includes personal information, such as name, date of birth, address and bank account details.

What is authentication?

Authentication is the process of checking a customer’s identity against information that only the user should have, or know. To check they are who they say they are.

It can involve using:

• Existing information already provided by the individual, such as asking a question or set of questions personal to them e.g. name of first pet or mother’s maiden name.
• A onetime password sent to the customer’s mobile phone.
• Biometrics such as fingerprint recognition.
• Whichever approach is used, customers must authenticate their identity before they can log into an existing account.

Authentication – the benefits

• Authentication can introduce friction into the customer journey. However, advances in this area, including biometrics, are improving the customer experience and providing greater certainty for businesses.

Authentication – the challenges

• In a fast-moving world, businesses need to know they’re investing in the right technologies to create seamless and secure customer journeys. For example, artificial intelligence (AI) is becoming a common tool for preventing and detecting fraud, and validating identity.

The latest insights from our 2021 UKI Identity and Fraud Report

Experian conducted research from June 2020 to January 2021 by surveying 900 consumers and 270 businesses across the UK. The trends marked notable changes in consumer preferences and the focus of businesses throughout the pandemic.

The research highlights changing consumer behaviour and preferences and the need for businesses to find ways to continually improve the customer experience, while protecting consumer identities and information.

Below are some of the key findings from this research.

1. Investment priorities

Business attitudes towards fraud detection and prevention have remained constant since before the pandemic, which is good news for consumers. Our research showed that businesses appreciate the benefits of long-term investments in customer recognition to combat fraud.

In January 2021:

• On average, 80% of UK businesses had a digital online identity strategy (customer recognition strategy) in place.
• Rates were highest in retail banking, with 95% of UK businesses having a customer recognition strategy in place.
• In the UK, rates were lowest in financial services, with only 72% having a customer recognition strategy in place.
• Fraud management budgets look set to remain the same in the near future.

2. Common fraud detection and protection solutions

For businesses, common customer recognition techniques include using security measures in customers’ devices, passwords, and multi-factor/two-factor authentication. In January 2021, the use of security questions was the most common approach in the UK.

• 20% use security questions
• 19% use security measures in customers’ devices
• 18% use document verification
• 17% use passwords
• 17% use PIN codes

3. Changing consumer preferences

Consumers remain concerned about fraudulent activity while online. They continue to expect high levels of security and data protection from businesses to counter these threats.

Consumer preferences for online security and fraud prevention methods have shifted towards invisible, frictionless customer recognition solutions. Such as physical and behavioural biometrics, and PIN codes sent to devices.

Passwords didn’t feature in consumers’ top three most secure methods. Consumers’ top three preferences were:

1. Physical biometrics – mostly applicable to mobile devices and include facial recognition and fingerprints.
2. PIN code to device – requires the use of two devices, each connected to the customer’s account.
3. Behavioural biometrics – passively observed signals across browsers/devices requiring no effort from the consumer.

 

Next steps for businesses

Match security measures to customer preferences

Our research shows a disconnect between businesses’ security measures and consumer preferences. Common techniques for businesses include using security questions and passwords, while consumers perceive more invisible forms of identity verification as more secure.

Businesses need to optimise investment in authentication and fraud prevention solutions, by matching them to consumer demand.

Focus on fast, frictionless customer journeys

Consumers consistently say they’ll abandon an online transaction if they have to wait more than 30 seconds for security checks. That means businesses need to make checks as fast and seamless as possible, without compromising their effectiveness.

Understand your customers and build trust

UK consumers are increasingly willing to share personal data with businesses they have a long-standing relationship with. Older consumers (40+) are more willing to share more types of personal data with trusted businesses. Younger consumers are more willing to share biometric (physical and behavioural) data.

How Experian can help you validate, verify and authenticate

Combating fraud relies on incorporating continuous authentication and advanced recognition into your decision-making strategy.

CrossCore is our smart, open, plug-and-play platform for fraud and identity services. It delivers a future-proof way to modify strategies quickly, catch fraud faster, improve compliance, and enhance the customer experience.

We continually invest in data-driven analytics and machine learning for fraud prevention. We can help you build trusted relationships with legitimate customers at every touchpoint. Whether you’re looking for fraud prevention, age verification, online identity checks or a host of other authentication and advanced recognition solutions to keep fraudsters at bay. Talk to our experts about customer identity management in the pandemic and beyond.