Jeff Marshall identifies and evaluates new technologies, solutions, partnerships and acquisitions that present opportunities for business growth for D+H. Prior to his current role, Jeff oversaw software development, security and network operations for D+H’s electronic banking business. Before joining D+H, he developed software for various national industries. He wrote one of the first Internet banking and bill payment systems in the country, as well as one of the first Internet lending systems to include real-time credit decisions.
You are hereResourcesOur ViewpointsNew Customer or Con Artist? : Best Practices to Mitigate Risk with Online Account Enrollments
The ability to open new accounts online enables financial institutions to transition prospects into customers and members more efficiently than ever before – increasing profitability and driving growth in a whole new way. Although designed to make onboarding more convenient for the people you want to attract, without the right safeguards, this emerging channel can also make life easier for criminals – and make your institution a target for fraud.
Why would a criminal open an account at your institution? Most likely, to move stolen money in and out again. In one of many potential scenarios, the criminal goes “dumpster diving” and finds an envelope with cancelled checks from a national bank. He or she now knows the account holder’s name, address, phone number and driver’s license number, as well as the account number and routing number for the bank. Because he doesn’t have the password to get into the account, that criminal needs to open an account at another institution using the victim’s name, and then fund it with an ACH transfer from the stolen account. He or she can then withdraw the money and close the account – leaving your institution with the loss.
Of course, if this criminal had come into your institution to open the account, a member of your staff would have verified the photo I.D. and other credentials. This physical comparison of applicant face to driver’s license photo and the in-person vetting process would have likely prevented the account from being opened.
To protect against fraud and to conform to the Patriot Act and various “know your customer” regulations, you need the electronic version of this vetting process in your online account enrollment solution – with additional safeguards to ensure the individuals applying for the accounts really are who they say they are. The best approach comes by applying both “in-wallet” verification and “out-of-wallet” authentication to the process.
In-wallet verification involves asking the account applicant to input name, address, phone number and driver’s license number, all run through a database to validate credentials. Although this is an important first step, the institution can’t be sure that the person keying in the information matches those credentials or if it’s a person who stole a wallet a few hours before.
But, when you combine that information with an out-of-wallet authentication process that asks questions garnered from public and private databases, the “posers” become far more visible. “What was the name of your college roommate?” “What color was the sports car you drove in college?” “What is your brother’s wife’s maiden name?” Out-of-wallet authentication asks the type of questions that you can’t answer with a stolen wallet or a dumpster dive. Of course, criminals will try to guess. Some might even guess the correct answers.
But, what if you took that one step further and asked fake questions, like, “What is the name of your sister’s husband?”, when the individual is an only child? Criminals might guess, but chances are, they won’t say, “I don’t have a sister.” All of a sudden, the bad guys become easier to spot.
D+H has done a lot of research on online account enrollment and the security challenges surrounding it before bringing our own solution to market. Ultimately, that research led to the acquisition of uMonitor, with a product line that not only automates account opening and funding, but also provides the out-of-wallet identity verification and authentication essential to mitigating risk. The best news is, all of this happens without negatively impacting the customer experience. Most accounts can be opened in about 10 minutes, with authentication.
Implementing an out-of-wallet authentication solution is only step one. To protect against online new account fraud, institutions must continue the monitoring process after the account is opened. By applying a different risk factor and account number code on online accounts, banks and credit unions can monitor these with more scrutiny during the first year, watching for large amounts of money coming in and moving out. Although the focus of this piece has been new deposit accounts, the same scrutiny should be applied to any type of account, including loans, opened through self-service channels.
Online account enrollment provides new opportunities for financial institutions to attract new customers and members, increase efficiency and gain a competitive edge – with the right vetting tools. Using a combination of in-wallet verification and out-of-wallet authentication, and ongoing account monitoring, you can gain the advantages this new channel brings, while significantly reducing your risk.
Read our column Self-Service Banking – Available Anytime, Anywhere to learn more about the benefits of offering online account opening.