How to Protect Your Users From Fraud Without Hindering Customer Acquisition

Identity fraud isn’t only reserved for consumers — company executives should be alert about the possibility of fraud and how it could affect their customers. This may be especially applicable for small companies with less protection policies in place. According to a recent global fraud study, 28.8 percent of companies with less than 100 employee are victims of fraud, with an average loss of $154,000.

“You need to build a system that minimizes friction for legitimate users and that causes friction for potential fraud,” says John Dancu, CEO of on-demand identity verification company IDology. “You can’t lose the fight of the fact that most of us are legitimate and want to do commerce quickly, without a lot of hassle. On top of that, you need to make sure that you’ve got the necessary tools and layers that will help you ferret out the fraud.”

IDology provides on-demand self-service solutions for entrepreneurs to verify the identity and age of their customers to prevent fraud and meet compliance regulations. Dancu joined IDology as CEO in 2005; since then, he has served on the Internet Safety Technical Task Force led by Harvard’s Berkman Center and led the company to be named one of 2017’s Best and Brightest companies to work for in Atlanta.

Dancu shares more on how you, whether you have a company of two or 100 employees, can protect your customers and employees from identity fraud, without hindering customer acquisition, in a time of massive cyber hacks.

Fraudsters often work in teams

Fraudsters often collaborate, says Dancu. There are Internet forums where fraudsters help each other communicate on how to commit fraud. They give advice and then, when they find weaknesses, they’re happy to publish them so that other people can exploit them.

Set up a solution with layers of protection

There’s not a silver bullet for these issues, says Dancu. “You have to employ layers of technology to solve the problem. These layers give you the ability to conduct commerce with your legitimate customers, which is what entrepreneurs are really focused on.  We want to make sure we drive legitimate customer accounts, whether that be selling product or opening accounts, while deterring fraudulent transactions,” says Dancu.

Basic personal information verification is no longer enough

“When you open up a certain account for financial purposes, there’s regulatory guidance that you need to make sure you use third-party sources to verify that the name, address and the year of birth are verified by those third-party sources,” says Dancu. “And we do that. But that’s no longer sufficient because of the fact that fraudsters have been purchasing breached data through all the billions upon billions of records that have been breached in America over the last decade.”

“Some of the security layers include consortium data — we give them the ability to look for repeat activity that’s happening across the network, across all the customers. We’re looking at the ability to see that certain transactions and attributes that lend themselves to repeat activity that may look suspicious,” says Dancu.

Prioritize cybersecurity resources

“Those resources can be multiple layers of items that improve your security and improve how you validate customers when they initially come in, and then how you validate customers once they are on your platform. The problem doesn’t end when you onboard an account. Once you onboard an account, then fraudsters are actively trying to steal those accounts for account takeover,” says Dancu.

Train personnel on cybersecurity processes in your company

You, as a founder, need to make sure you’re confident on your personnel to establish the company’s security actions. New companies need to position themselves from the get-go to meet the requirements of  security reporting, no matter how big or small.

Stay compliant with regulations within your industry

“Regulations are dependent on the industry that you’re in. If you’re in the healthcare industry, you’ve got the HIPAA regulations, for example. Regulators are concerned with the protection of the data of the legitimate users and that you’re also meeting the guidelines that they have,” says Dancu.

The number one priority is your customer

“As an entrepreneur, you need to put a layer approach together that uses multiple solutions for doing verification and authentication when it comes to onboarding customers. And not rely on a single-point factor to try to do that because fraudsters will get around that,” says Dancu.