Jun 09 2020
Security

How to Improve the Customer Experience While Reducing Identity Risks

Well-designed identity and access management is critical for state and local agencies as they reduce fraud.
Mike Yeschek
by

Mike Yeschek is senior director in the state and local division at LexisNexis Risk Solutions. In this role, Mike leads the company's digital government initiatives, with an understanding that digital identity capabilities are mission-critical. 

State and local governments want to improve the online delivery of services and information by easing the barriers to access. Citizens expect government websites to provide the same experience as their favorite online shopping sites, where one login and password gives them access to everything on the site, from products and services to customer support. 

For agencies to deliver the same nearly frictionless service to customers, they need to ensure the validity of user identities. At issue: lower-friction transactions have an increased risk of fraud and cybercrime.

In the past, transactions with the government had been location-centric: at the department of motor vehicles, the courthouse or the permitting office, for example. But a user’s online physical identity presents a different set of risks, as it could be more easily manipulated in the digital world — especially by global criminal networks using cutting-edge technology and harvested stolen identity data. Botnet growth is on the rise and is a fast-growing source of account creation attacks. Meanwhile, the FBI’s Internet Crime Complaint Center reports losses in 2019 of more than $3.5 billion. 

The stakes are high for government agencies at every level. Risks include: 

  • Making payments to the wrong people
  • Failing to meet regulatory requirements for privacy protection and data security
  • The inability to fulfill necessary societal obligations, such as delivering Medicare and Medicaid benefits, Supplemental Nutrition Assistance Program benefits or tax refunds 

A harder to measure — but just as real — risk of online identity fraud is the loss of trust and confidence from the citizens they serve.

Improving customer experience (CX) is a top priority for federal, state and local agencies. Reducing friction is a significant part of those efforts. In fact, according to the National Association of State Chief Information Officers, CX and identity management are among the top 10 policy priorities for state CIOs, and identity management is among their top 10 technology priorities. Federal agencies have been moving toward zero-trust security — essentially setting up “microperimeters” around resources. This allows for access provided the user has express reasons and permissions to enter the system at a given point. 

StateTech Insider StateTech Insider

A Broader, Deeper View of Identity Management

While strides have been made toward better online identity authentication, there are numerous barriers to success, some of which are self-imposed. For instance, some agencies may still rely on self-reported, internally collected data to verify identity, despite the fact that in the first half of 2019, 4.1 billion records were exposed. Other agencies use multifactor authentication, including logins and passwords plus codes sent by text. While this can help enhance security, it doesn’t account for how previously unknown users behaved in all aspects of their digital lives and whether or not they are threats.

The solution lies in a multilayered approach. Much more than a password or a single piece of identifying information — such as a birthdate or Social Security number — digital identity authentication can look at an array of factors, including:

  • Behavioral biometrics
  • Location
  • History
  • Device
  • IP address
  • Social media presence 

All of these elements can help determine who is on the other end of a transaction.
The benefits are substantial, as the private sector has seen. Companies utilizing a multilayered solution approach could realize an approximately 30 percent decrease in their cost of fraud, which is significant. And with digital identity intelligence and behavioral biometrics layered in, organizations can expect to lower the true cost of fraud even further.

Creating a complete profile of users during account creation is critical to ensuring the integrity of your system. But that profile depends on many disparate bits of data and requires a combination of internally collected information and contextual data from third-party databases to verify a new user’s digital and physical identity. A digital and physical identity database solution correlates identity and transactional information in near real time from thousands of data sources to find patterns of behavior. Agencies can leverage the results to streamline customer access, improving CX while maintaining trust in the system.

Here’s a real-world example that illustrates this approach. 

A driver’s license is the gateway to identity, so it is crucial to ensure licenses are issued to legitimate users. Instead of physically going to a building to renew a license, a user now goes online. The department of motor vehicles can compare the information provided when creating an account against a global digital identity intelligence network to see if the user is who they say they are, based on the user’s digital footprint. As a result, the DMV can instantly determine if the user is trusted or if there is a level of risk that calls for an additional layer of security to be applied.

READ MORE: Find out how security software often gathers information that empowers a manager to disseminate tips to stakeholders.

Frictionless and Risk Appropriate Access Management

Many states and local jurisdictions are looking at a centralized access model — a single sign-on platform that opens the door to all services and information. Some states and cities have already begun the process. Centralization requires new workflows, and the challenges for many jurisdictions involve everything from vision and planning to the budget process and advocacy. 

On top of that, it often entails finding the right technology partner to develop and integrate a solution. Still, the benefits of implementing a more risk-appropriate, centralized environment outweigh these challenges because it can better protect citizens and agencies alike. Reducing fraud, protecting data and people, and reducing friction all save time, money and resources — as well as frustration. Ultimately, these platforms need to ensure trust, confidence and integrity. 

However, achieving this means countering bad actors of all types. 

Global cybercriminal networks — state-sponsored or not — have ever-changing technology and intrusion methods. In addition, they have data purchased off the dark web and harvested for years, making detection less likely by the person who truly owns the stolen identity. To defend themselves, the private sector has benefited from having access to a global digital identity intelligence network that goes beyond what cybercriminals can harvest themselves. 

Ensuring the trust, confidence and integrity of a single sign-on platform requires an identity verification/authentication strategy that utilizes global digital identity intelligence and linked physical identity data that can provide real-time physical identity verification and authentication. It takes a linked digital and physical identity network to fight a global cybercrime network.

Vertigo3d/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now