A recent report from Transunion, https://tinyurl.com/TransunionFraudReport suggests a disturbing increase in credit fraud using both synthetic and stolen identities. Here are my thoughts.
There is no more important rule in banking than "know your customer." Unfortunately, this works against the pressure for new accounts. Every banker must learn to balance these.
My credentials folder begins with my birth certificate and my Social Security Card, but also contains my high school diploma, my military discharge, my college degree, my passport, RealID drivers license, my Global Entry Card, my health insurance card and Medicare Card, my certificate of retirement from IBM, my Naval Postgraduate School Identity card, my professional certification, and two Club Identity cards. There is a spread sheet listing all the credentials with their issue date, and the name and address of the issuing authority.
Any and all of these documents are available to support any application that I might make. While any of them might be forged, the chances that the collection is forged is vanishingly small. While few people have all these documents most have some of them.
Most of the issuing authorities can be queried to test the accuracy and authenticity of the document. While some of the documents were issued in the analog age, most of the issuers now use digital systems and records. They could all offer an online verification capability at low cost or even at a profit like the credit bureaus. While it is unlikely that all issuing authorities will ever offer such a service, the numbers will increase as costs go down and value increases.
These documents speak only to my identity and existence, not to my character, capacity, and collateral. For those one must look to the plethora of data about me held by the commercial, financial, and other institutions with which I do business and can use as references. Many, not to say most, of these are customers of and contributors to the credit bureaus that record and sell my credit history.
In short, there is a plethora of evidence that lenders can rely upon to know their customers. There will always be some bad lending decisions, some the result of fraud. Tolerating a small amount will always be more efficient than eliminating it all, but striking the balance is what bankers are paid to do.
Posts
I've long believed that we lack any authentication mechanism adequate for the needs of the contemporary electronic economy. I believe this poverty is grounded in the fact that even prior to electronic commerce, we didn't have adequate mechanisms either. We relied on personal acquaintances for important transactions, and even then fraud was common enough. So, we not only need new mechanisms to support digital commerce, we cannot even adapt prior methods to suit.
ReplyDeleteAn effective solution would need to meet multiple criteria:
* Strong credential binding to reliably associate credentials with real world entities
* Strong digital credentials that resist forgery or misuse, that are also tied to something in the physical world
* Strong systems for simultaneously authenticating the validity of the credential and the consent of the credential's subject at the time of transaction
* All of these need to be implemented creatively to minimize inconvenience (or commercial "friction" if you prefer)
So far as I'm aware, no solution in existence meets these criteria. Earlier in my career, I gave significant thought to designing protocols that might do so, but life ended up overcoming those efforts.