Identity Proofing Overview Common challenges and solutions solved
via Precise IDSM
Sal Guariano
Vice President, Experian Government Services
© 2011 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.
Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified,
or distributed in any form or manner without the prior written permission of Experian.
Confidential and proprietary
Experian overview
How Experian can help
Four global business lines
Credit Services
A trusted third party identity
and attribute provider delivering
foundational support in the definition
and promotion of the identity
ecosystem
Identity proofing expertise
Decision Analytics
Marketing Services
Interactive
What sets us apart
Over a decade of providing hosted riskbased authentication services to private
and public sector
Depth and breadth of data assets
Operational and thought leadership in data
management, analytics and technology
Scale and resource capacity required in
enabling Identity Proofing and risk
assessment
Consultative approach to services design,
implementation and evolution
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
Best-in-class analytics and authentication
services suite
2
Common challenges
Common
fraud threats
Account takeover
First party fraud
Synthetic identity
Identity theft
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
3
Common challenges
Common
fraud threats
Common
business
drivers
Customer experience
Hosted and flexible services
Regulatory pressure and outsort rates
New access channels and markets
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
4
Common challenges
Common
fraud threats
Common
business
drivers
Solutions
Real-time decisioning
Holistic customer views
Mitigate fraud and meet security
and compliance requirements
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
5
Common challenges
Common
fraud threats
Common
business
drivers
Solutions
Urgency for
emerging eservices to get
it right
Fraud will migrate to healthcare and
government services that become a path of
lesser resistance
Security standards could drive massive
referral volumes and high costs
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
6
Identity Proofing
Common Challenges in Operational Implementation
 Pass rates
►
Balance customer experience, cost, fraud prediction/prevention
 Out-of-wallet questions
►
Customer awareness and willingness to participate
►
Predictive value
 Risk-based authentication vs. Rules-based
►
Balance use of analytics and diverse data assets with certain regulatory
rules/checks
 Flexible and dynamic decisioning strategies
►
Diverse addressable market segments
►
Varied risks associated with online access and functionalities
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
7
What and why risk-based authentication?
Definition
►
Holistic assessment of a subject and transaction with the end goal
of applying proportionate authentication and decisioning treatment
Core value propositions
►
Efficiency and proportionality in process and transactional cost
►
Risk-assessment performance lift over traditional binary rule sets
and policies
►
Customer / subject user experience
►
Evolutionary adoption of emerging technologies and data assets
►
Flexibility and interoperability with core platforms and third party partners
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
8
Risk-based approach to identity proofing
Four core elements and value proposition
Element
Description
Value
Data
Broad reaching and
accurately reported
data sources
Data sources spanning multiple public
record and/or consumer credit
information
Far reaching and comprehensive
opportunity to positively verify
consumer identity elements
Analytics
Target analytics
Scores designed to consistently
reflect overall confidence in consumer
authentication as well as fraud risk
associated with identity theft, synthetic
identities and first party fraud
Allows institutions to establish
consistent and objective score-driven
policies to authenticate consumers
and reconcile high-risk conditions
Reduce false positive ratio associated
with single or grouped binary rules
Provides internal and external
examiners with a measurable tool
for incorporation into both written
and operational programs
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
9
Risk-based approach to identity proofing
Elements and value proposition
Element
Description
Value
Summary
Detailed and
summary-level
consumer
authentication results
Consumer authentication summary
and detailed-level outcomes that
portray the level of verification
achieved across identity elements
such as name, address, Social
Security number, data of birth and
phone
Delivers a breadth of information
to allow positive reconciliation
of high-risk fraud and/or
compliance conditions
Strategy
Flexibly-defined
decisioning strategies
and process
Data and operationally-driven policies,
including KBA, that can be applied to
the gathering, authentication and level
of acceptance or denial of consumer
identity information
Employ consistent policies for
detecting high-risk conditions,
reconciling those conditions that
can be, and ultimately determine,
the response to authentication
results whether it is acceptance or
denial of access
Specific results can be used in
manual or automated decisioning
policies as well as scoring models
Adjust as operational policies warrant
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
10
NIST SP 800-63 for the four levels of assurance defined
by OMB
Relevant industry capabilities
1. Little or no confidence in the asserted identity’s validity
 Identity proofing is not required at this level, but the
authentication mechanism should provide some
assurance that the same claimant is accessing protected
transaction of data
 User ID
 PIN
 Password / secret questions
2. Requires confidence that the asserted identity is accurate
 Provides for single-factor remote network authentication,
including identity-proofing requirements
 Identity proofing
► Identity element verification
► Authentication and fraud
scores
3. Provides multi-factor remote network authentication
 At this level, identity proofing procedures require
verification of identifying materials and information
 Ideally online
 Out of wallet questions
 Financial instrument verification
 One-time password
1. Provides the highest practical assurance of remote network
authentication
 Authentication is based on proof of possession of a key
through a cryptographic protocol
 Requires personal presence
 PKI digital signature
 Biometrics
 Multi-factor token
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
Addictive layers
Increased strength for increased identity assurance
Levels 1-4
11
Precise IDSM Solution Overview
Precise IDSM combines a wide range of
fraud-fighting and identity proofing tools that
use industry-leading data sources to provide
an accurate picture of each customer in
real-time. It is a powerful and fully integrated
identity proofing tool that combines key
components into a seamless process to
effectively address emerging government
identity proofing and authentication needs.
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
12
Precise IDSM application and use
 Account opening and ID screening relationships
►
Card issuers
►
DDA accounts
►
eCommerce
►
Government
►
Direct to consumer
►
Healthcare
►
Personal loans
►
Mortgage, HELOC
►
Automotive
►
Telco
 Account changes
►
Authentication of consumer during high risk transactions
►
Risk assessment prior to expansion of relationship with consumer
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
13
Experian capabilities and components
Identify
proofing
Risk-based
authentication
Out-of-wallet
data
Public and private
data sources
Risk-based score
– minimum input
Knowledge-based
authentication
Customized
business rules
Real-time identity
verification
Out-of-wallet data
questions
Use primary data
to verify
Cross-industry
identity
information
Progressive
questioning
Seamless integration
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
14
Key Precise ID output
 Fraud and identity risk scores and score factors
 Identity element verification results to include:
►
Match level result codes
►
Additional addresses, associated consumers,
phone, DOB, SSN info
 High risk credit profile conditions
 Historical application checks
 National Fraud Database checks
 Fraud classification types
 IP address verification and detail
 Credit card verification
 Knowledge-based authentication (out of wallet) questions
 Customized decisioning
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
15
Experian ID Proofing
Data source summary
Checkpoint
File One
Shared
Application
Data
National
Vehicle
Database
National
Fraud
DatabaseSM
BizSource
ConsumerView
RentBureau
3rd Party
Partnerships
3rd party
wireless
3rd party IP
Address
3rd party DDA
Negative files
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
16
Identity Proofing Components
1. Precise ID for Account Opening score
►
1 – 999 (higher score = lower risk)
2. Fraud Shield indicators
►
High risk conditions associated with a consumer credit profile and identity
3. Financial instrument verification
►
Association or disassociation of, for example, full credit card with a
consumer
4. Knowledge IQ out-of-wallet question performance
►
Flexibility in # of questions, weighting, categories, and hierarchy
5. Address Verification
►
Address verification to name via residential, phone, DL, or credit profile
information
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
17
Identity Proofing Components
Decisioning
 Initially a conservative approach in healthcare / ePrescribe:
►
All 5 components must pass:
●
Default Precise ID score and Knowledge IQ question – matrix
▲
Conservative score and question thresholds
●
Fraud Shield high risk conditions
●
Credit Card verification
●
Address verification
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
18
Identity Proofing Components
Opportunities
 Performance monitoring
►
Pass rates
►
Fraud forensics
►
Customer experience
 Available ‘dials’ to turn in the decisioning strategy:
►
Score thresholds
►
Fraud Shield indicator combinations
►
Question logic and performance thresholds
►
Address verification requirements
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
19
Current e-Prescribing
Service summary
 NIST Level 3 Remote Identity Proofing using Experian Precise ID and Symantec VIP.
 Multiple form-factors for OTP tokens for multiple platforms (PC, Workstation, and
Mobile).
 Two-Factor Authentication with PIN, OTP and in-the-cloud validation service supporting
authentication of prescribers at time of prescription approval.
Symantec
VIP Token
Experian
Precise ID
(NIST 800-63-1 Level 3)
Symantec PKI
(Cross-Certified Federal
Bridge)
Symantec VIP OTP
Authentication
Service
Prescriber
© 2011 Experian Information Solutions, Inc. All rights reserved.
Confidential and proprietary
Clearinghouse
E-Prescribing
Application
Pharmacy
20
Questions
© 2011 Experian Information Solutions, Inc. All rights reserved.
Experian Public.
21
© 2011 Experian Information Solutions, Inc. All rights reserved.