Identity Verification Partner

Viewing 6 reply threads
  • Author
    Posts
    • #292540

      This SIG Member from the Buy-side is currently sourcing an identity verification partner. A copy of their requirements and RFI questionnaire are listed below.  

      The Member is seeking insights on available providers; specifically,  

      • Pros/cons of the service provider 
      • Success rates of the service provider in matching details and catching fraudulent activity 

       

      Please reply to this message to share your insights about identity verification partners/providers.  

       

      Service Requirements and Provider Questionnaire:  

      Bank Account Numbers and Routing Numbers Verification  

      Customer Identity Verification 

      Phone Number Intelligence 

      • When was the phone number created? 
      • Has there been any fraudulent activity associated with this phone number? 
      • Is the phone number associated with a person (customer)? 
      • Do you provide a phone number risk rating? 
      • What attributes make up the risk rating? 

      Email Address Intelligence 

      • Can you tell when the email address was created? 
      • Has the email address been involved in any fraudulent activity? 
      • Is the email address associated with a person (customer)? 
      • Do you provide an email risk rating? 
      • What attributes make up the risk rating? 

      Other 

      • Can you provide an IP address for someone trying to access our data? 
      • Do you provide Knowledge Based Authentication (KBA) services? 
    • #295567
      Anonymous
      Guest

      So perhaps, finally, a business reason for blockchain technology. There’s a company called chain yard that focuses on supplier identity along the lines of the RFI. 

       

      https://chainyard.com/

       

    • #295568
      Anonymous
      Guest

      Experian is the best

    • #295569
      Anonymous
      Guest

      My company is not checking such details as we collaborating only with trusted big companies.

      We do a check with Intelligence companies about financial , risk , reputation standing of partner.

       

    • #295570
      Anonymous
      Guest

      I know we looked at ThreatMetrix, which TransUnion purchased in the past couple of years.   I’m pretty sure FICO has similar capabilities.

    • #295571
      Anonymous
      Guest

      Happy to share some insight here. I don’t mind the below being aggregated into general feedback for the requester, and I’m happy to privately discuss this with the requester as well.

       

      Our organization uses GIACT for both bank account and identity validation. It’s a useful tool for some things, but limited in many respects.

       

      For example, banking validation is limited to US institutions; there’s currently no capability (at least in our service package) for international account validation.

       

      Likewise, identity validation is limited to US individuals. Additionally, GIACT is not particularly good at validating cell phone numbers. We notice that there are a high rate of false negatives for US cell phones, meaning that the phone number is legitimate (we can call it and reach the intended individual), but GIACT tells us that it doesn’t match their records.

       

      Email address is likewise tricky. GIACT (and, I would imagine, other services like it) are essentially limited to the information provided on account creation, so there’s always a risk someone could create an account under a fake name. GIACT does tell you when it first saw an email account in use, so there’s some safeguard against recently-created accounts, but it’s up to the user to determine what to do with this information (i.e., determine whether it’s an issue in the context of the inquiry). GIACT also tends to mark many consumer and corporate email accounts as having some degree of fraud risk, but they don’t explain why this is.

       

      On that last note, I would caution any organization against taking risk scores, like those GIACT offers, as the sole source of information about a given identity. There may be gaps or inaccuracies in the underlying data, and GIACT does not offer good insight into what factors contribute to a risk rating or alert, especially for individuals. Bank account response codes are a little more thoroughly documented, and we’ve used those response codes to positively ID and block attempted fraud (largely due to mismatches in account ownership).

       

      On the “other” capabilities, I’m not sure. IP logging and authentication seem to me to be a separate issue from identity validation of the kind that GIACT and comparable service providers offer. The former are point-of-authentication controls to make sure that an entity authenticating to a system is legitimate, whereas the latter I view as back-office or workflow tools to vet entities prior to engaging in business.

       

    • #295572

      The only one I know is “OKTA” 

Viewing 6 reply threads
  • You must be logged in to reply to this topic.