ID Verification, Fraud Prevention & More with Alloy's Jason Ioannides
ID Verification, Fraud Prevention & More with Alloy's Jason Ioannides
Celebrating One Year of Fintech Business Weekly
Hey all, Jason here.
I’m writing this from Greenpoint, Brooklyn, on what is possibly the most perfect fall day. I’ll be in New York for the week, primarily to attend CB Insight’s Future of Fintech event and a handful of other meetings (if you’re at the event, let’s grab a coffee!) There’s something undeniable about the energy of this city — it reminds me that even though many of us have spent the past 18 months working remotely, there is a spirit of being in a shared place — a city, an office — that is impossible to capture or replicate via Zoom.
If you’re an early stage fintech looking to raise equity or investor looking for deal flow, I may be able to help. Get in touch: jason@fintechbusinessweekly.comNew here? Subscribe to get Fintech Business Weekly each Sunday:
You're Invited: The Beyond Digital Online Summit
Sponsored content: A new era of collections is here, and it’s inspired by the scale, intelligence, and consumer-obsessed innovation of the world’s greatest ecommerce brands.
TrueAccord is hosting a free virtual summit on Thursday, October 14, to share the blueprint for this new era of intelligent debt collection — one that reduces costs, increases collection rates, bolsters brand value, and retains consumer trust and loyalty. Session topics will include:
What Collection Leaders Can Learn From the Masters of E-Commerce — featuring speakers from leading global brands
Understanding Consumers in Debt in 2021 (and Beyond) — featuring Experian
The Power of Moments: Creating Consumer Experiences That Drive Trust, Commitment and Resolution
Plus, there will be opportunities for networking, live Q&A, small-group discussions with industry leaders... and a few surprises.
Exclusive: Q&A on Identity Verification, Fraud Prevention and More with Jason Ioannides, Manager, Solutions Consulting at Alloy
Frequent readers of this newsletter will recall that I recently had my identity stolen. In the course of researching and writing that piece, I dove into the emerging crop of identity and fraud service providers used by banks and fintechs alike for digital account opening and transaction monitoring.
One such company is Alloy, which bills itself as an “identity operating system” for financial services. The company just announced it has raised $100 million Series C, valuing the startup at $1.35 billion.
I had the chance to talk with Alloy’s manager of solutions consultation, Jason Ioannides, about the challenges, opportunities, and trade-offs in how financial institutions approach identity management and fraud screening. What follows is our written interview:
Let’s start with a quick level set: what is Alloy, and what does it enable its customers to do?
Alloy is the Identity Decisioning Platform that helps banks and fintech companies automate their decisions, approve more good customers and outmaneuver fraud. Alloy’s platform ultimately democratizes banking and financial services by helping traditionally underserved financial institutions, like small credit unions and local banks, expand their digital product offerings to better serve their communities.
Our technology allows financial institutions to remove the bias in decision-making by providing easy access to alternative data sources to help verify applicants who might not have traditional identification, such as a driver's license. Our mission is to create a future in which banking is accessible for all.
How does validating identity and screening for fraud differ in the physical bank branch context vs. digital account opening?
Generally, third party fraud is more common in the digital onboarding space while first party fraud is more common in the physical bank branch. In a bank branch, it’s easier for an individual to change a part of their application while keeping the rest of it accurate. For example, someone applying for a loan may claim to have a higher income in order to get more favorable terms.
In the digital space, individuals are more readily able to use another person’s identity to access banking products and services for fraudulent purposes. Because they’re not physically in the branch, an unsecure onboarding process could make it easy for a bad actor to open an account in somebody else’s name by using stolen information.
Amerant Bank, one of the largest community banks in Florida, recently selected us to improve efficiencies during its in-branch business onboarding process by strengthening and automating its KYB capabilities and ultimately approving more business bank accounts. As a result of implementing Alloy Onboarding, all of Amerant's 25 banking centers in Florida and Texas will harness the power of Alloy's dashboard for real-time decisioning for business and individual account verification. Amerant will also leverage the tool for its online personal banking account opening.
What additional considerations must financial institutions take into account when opening accounts for businesses vs. individuals?
The information that needs to be verified for each different entity type differs pretty significantly. For individuals, we need applicant PII (name, address, DOB, a government issued identification number like SSN) whereas for businesses, we need business data. That includes business name, address, FEIN, etc.
When verifying businesses, it is also typically necessary to verify individuals associated with that business like shareholders or authorized signers. That means that in the course of verifying businesses, we have to run individuals as well.
What are the differences between common types of fraud financial institutions need to defend against?
First party fraud: an individual misrepresenting something about themselves, like their income. There are multiple data sources that can be used to verify information about individuals applying for bank accounts. Institutions should leverage these data sources to confirm information about an applicant before doing business with them.
Third party fraud: an individual using a stolen identity to access a banking product or service - fraud detection services are useful in identifying these sorts of bad actors who primarily act through online account opening channels.
Synthetic fraud: Partially or fabricated profiles used by bad actors to access banking products or services. There are specialized fraud tools and scores that can be used to identify this expanding sector of malicious behavior in the financial services space.
What are some of the most common identity fraud “red flags,” and what kinds of tools can be used to detect them?
In other industries, fraud mitigation focuses mainly on the transaction, with KYC or onboarding being much less important. With fraud in financial services, it’s important to look at somebody holistically – from onboarding to ongoing financial activity – to get a complete picture of the person’s identity and risk profile and continuously evaluate their level of risk.
A financial services fraud solution like ours typically also monitors for smaller, non-transactional events like account logins from new devices or geographic locations, changes in address, etc. Most industry-agnostic fraud solutions do not take such a granular approach since they are mostly monitoring transactions.
As a result, using a financial services fraud solution allows you to build an identity and risk profile for the person, making it easier to evaluate their ongoing risk moving forward. For example, if a client had no red flags at onboarding and has been in good standing with your company, but then all of a sudden starts making unusual purchases from unusual locations, this could indicate fraudulent activity. All of this information builds on itself to continuously update your customer’s identity and risk profile to help you catch fraud sooner.
How does the volume of data compromised in data breaches shape how companies should approach fraud screening?
The volume of data being compromised by recent data breaches only speaks to the importance of fraud detection efforts. Financial institutions need to create a comprehensive fraud policy to prevent individuals who have access to the huge amount of PII exposed by these breaches from harming their customers. Ready access to customer profiles on the dark net makes it easier for bad actors to commit fraud.
What are the opportunities, barriers, and risks in financial institutions sharing data (directly or indirectly via shared vendors) to fight identity fraud?
A number of data sources do exactly this - share information between multiple financial institutions in order to create a network of fraud prevention. The way that they reduce risk of data leakage to the applicant/customer is by exposing risk level as a score rather than exposing the consortium PII directly. That score can then be used by network financial institutions to risk-rate applicants.
In what ways has the increasing sophistication of technology made validating users’ identity easier vs. more difficult?
When a person physically goes to a bank to open a bank account, they bring multiple forms of identification the bank confirms and then are able to open an account. When doing this digitally — it’s much more complex. And because of the need to stay home, doing it digitally has become increasingly the norm. Digital identity is constantly evolving. Because of that, fraud exists far beyond initial customer onboarding.
To support these new challenges, Alloy's increasingly sophisticated technology will help financial institutions combat fraud and money laundering much easier. After a customer opens an account, Transaction Monitoring takes over to continuously review their financial activity, flagging risky behaviors for review - behaviors like excessive transactions in a given timeframe. With this extended capability, Alloy's API-based platform can help build a complete identity profile that encompasses the entire customer lifecycle.
I’ve heard many describe trying to stop identity fraud as a game of “cat and mouse,” with bad actors continually probing for weaknesses and trying new techniques. How does Alloy keep up with ever-changing fraud vectors?
Alloy constantly monitors the marketplace for new products that can be used to fight against these emerging fraud threats. New and novel techniques for stopping fraud (biometrics, device data, synthetic fraud detection) are being created by new entrants to the fraud prevention market. We analyze and integrate these data sources as quickly as we can to stay ahead of the wave.
How should companies think of trade off between stopping more identity fraud vs. inconveniencing (or blocking) legitimate users?
It’s hard to answer this question on behalf of a financial institution without knowing more about their applicant pool and the inherent risk level therein. More generally, we can think of this problem as a lever that can be pulled between “less risk” and “easier/faster application.”
If we pull the lever in the direction of “less risk”, we incorporate more anti-fraud techniques like ID verification or a selfie check. These anti-fraud processes add friction to an onboarding pathway. With more friction comes an increased chance that an applicant will abandon the process. No matter how good a customer experience is, we’ll always experience some amount of abandonment. More friction raises the risk that we’ll lose some good customers along with the bad.
On the other side of the coin, if we reduce friction in order to reduce abandonment, we increase the inherent risk to the bank by reducing the number of checks that we’re performing on a given applicant. We’ll onboard more customers in general, but more bad actors could be included in the cohort.
Apple recently announced it will begin supporting state-issued identity credentials, like driver’s licenses and state IDs, in Apple Wallet. How could this impact how financial institutions and Alloy approach identity verification?
Device-based licenses and IDs, assuming care is taken to prevent fraud, are a great way of helping individuals who may not have access to physical IDs gain access to banking and financial products. Apple has already proven that it’s capable of creating a secure, easy to use product with Apple Pay so I’d bet that they’ll do a similarly great job with ID documents.
A highly secure digital ID would help mitigate fraud by handling the “something you have” leg of the “something you have, something you know, something you are” security question.
What role (if any) could blockchain have in re-inventing identity management?
In the future, we may see more governments issue digital forms of identity on blockchains. These “digital identities” are mutually beneficial for users and financial institutions in that they are 1) more secure than their physical counterparts and 2) provide a way of opening banking to the underbanked.
Digital documents that live on the blockchain don’t necessarily fall prey to the same forgery concerns that you see with physical documents because of the blockchain’s cryptographic security. The security guarantees of blockchain-based digital identities will leave financial systems less prone to fraud while onboarding their customers.
Digital identities can be accessed through a smartphone, and with global smartphone penetration rate rising, we could issue digital identities to people across the world who lack physical forms of identification, giving them access to financial systems that require identification
Verifying identity at account opening is just one step of detecting and preventing fraud; legitimately opened accounts can be used for potentially fraudulent transactions. How does Alloy’s transaction monitoring work to mitigate that risk?
While our original focus was helping financial services companies automate identity decisioning during the onboarding process, our mission to evolve how identity decisions are made took another leap forward this year, adding transaction monitoring capabilities to our platform. This serves as the next step in creating a complete identity decisioning profile that paints a 360-degree picture of any customer’s identity and associated risk throughout their entire lifecycle with a financial institution.
Transaction Monitoring automates decisioning on high-risk events and transactions, helping financial institutions flag suspicious activity to fight fraud and meet BSA/AML requirements. FIs get a holistic view of their customers’ ongoing risks with real-time API activity monitoring, and easy-to-use case management lets them identify and act on flagged activity right within Alloy.
Coming out of its beta phase, Alloy had already processed over 70 million transactions for clients, and this number is increasing daily. The Transaction Monitoring benefits only increase when paired with Alloy’s Onboarding solution. The information captured during onboarding, when viewed with ongoing transaction and account activity, helps our clients build an ever-evolving picture of their customers.
At Alloy, we strive to help banks and fintech companies use data to automate decisioning and get the full picture of their customers. With the addition of TM to our Identity Decisioning Platform, we’re bringing more pieces of digital identity into a centralized platform so our customers can make better decisions.
Reflecting on One Year of Fintech Business Weekly
It’s hard to believe I’ve already been publishing this newsletter for a full year. I sent out my first issue to my then-list of 59 subscribers on October 4, 2020.
I didn’t have a fully formed vision or detailed business plan, just the confidence that if I offered an informed and well-argued point of view on what’s happening in financial services, I would create value for my readers and (hopefully!) opportunities would flow from there. I can happily say that has been the case, with numerous introductions, conversations, and opportunities stemming from this project.
I want to take a quick minute to thank you, the folks reading this; everyone who has taken the time to reach out and provide encouragement or feedback; those who have helped me research or answer questions for stories; those who have collaborated on interviews or other content pieces; and of course my amazing sponsors, without whom this wouldn’t be possible. The fintech ecosystem has proven to be a welcoming and encouraging community, and one I’m happy to belong to and contribute to.
So here’s to seeing what unexpected, exciting, challenging directions the next year holds — hopefully you’ll come along for the ride (and tell your friends to subscribe!)
The World's Largest Fintech Meeting Event
Sponsored content: Fintech Meetup distills the conference experience down to its most valuable core: meeting and networking with other industry professionals to create opportunities. Its online platform is unparalleled in enabling you to easily identify and get meetings with the people most relevant to you -- including senior execs and decision makers. The inaugural event facilitated more than 19,000 one-on-one meetings for professionals across financial services, banking, and payments.
Fintech Meetup 2022 will facilitate 30,000+ meetings for more than 3,000 participants, and spots are limited to just 4,000 attendees. Taking place online, March 8th - 10th, 2022, this event is sure to sell out. Qualifying startups can get special startup rate tickets, qualifying banks and credit unions are eligible for FREE tickets.
Learn more about the event, a limited number of sponsorship opportunities, and get your tickets here:
Other Good Reads This Week
Square Partners with TikTok To Capture The Creator Economy (Ron Shevlin/Forbes)
No Time to Die: China Banks Edition (Net Interest)
The internet isn’t buying Robinhood’s GameStop Story (Protocol)
Fintech Business Weekly Resources
Early stage startup looking for equity investment, debt facility, or bank partner?
I may be able to help: jason@fintechbusinessweekly.com
Interested in advertising in Fintech Business Weekly?
Email me: jason@fintechbusinessweekly.com
Anonymous tip or story suggestions?
Reach me on Signal or Telegram: +1 (316) 512-1571