Become a Subject Matter Expert

In the case of an account takeover, both individuals and larger organizations face serious threats and consequences regarding their reputation and online security. As fraudsters’ tactics become more advanced and sophisticated, it’s important to know the best fraud detection methods, what the motives are behind account takeovers, and methods of detection.  As the world moves increasingly online–both for professional and...

Age verification is a security method by which a company can verify the age of customers before they access websites, content, and e-commerce that is suitable only for adults, including alcohol and tobacco products, gaming/gambling, social media, dating websites, adult content, and more. Proper age verification is crucial to promote the online safety of minors and can include date of...

Anti-Money Laundering or AML refers to a set of laws, regulations, and procedures that target money laundering. The financial industry must comply with these legal requirements to monitor for and report suspicious activities that may be tied to money laundering, meaning they often must implement sophisticated customer due diligence plans. What is Anti Money Laundering (AML)? Anti-Money Laundering (or AML)...

Prior to the passage of the Bank Secrecy Act, there was no legislation of its kind that existed in the United States, offering limited oversight in regard to anti-money laundering (AML). As a result, this lack of regulation provided criminal enterprises with the opportunity to make illicit financial transactions mostly under the radar.  Thus, as a way to bolster the...

Biometric verification technology utilizes physical characteristics, including but not limited to fingerprint, facial scan, retina scan, etc. to identify someone. Biometric technology is increasingly used in security processes to authenticate and re authenticate users to ensure a user is who they say they are. What is Biometric Verification? Biometric verification is a way for individuals to be identified based on...

Buy Now Pay Later (BNPL) Fraud encapsulates any fraudulent activity related to buy now, pay later platforms. BNPL fraud occurs mainly two categories: attacks on payment systems themselves, and fraud during onboarding for BNPL platforms.  The Buy Now Pay Later (BNPL) market has grown substantially over recent years, largely spurred on by the pandemic and increased online shopping trends. In...

The prevalence of credit card fraud is on the rise. In fact, it’s now estimated that 65% of credit card holders have been victims of fraud at some point in their lives. At the same time, online shopping is becoming more commonplace, and individuals no longer have to present a physical card to a merchant to make a transaction. In...

Consent Management is a process, system, or policy that informs users about the data collection and usage practices of companies they do business with or use. It logs and tracks consent collection to comply with current privacy regulations, including GDPR and CCPA. A Consent Management Platform is a solution that helps companies collect and manage this information. A consent management...

Continuous authentication is a way of verifying a user's identity in real-time. It works by collecting data about the user and feeding it into an algorithm. The algorithm then determines whether the user is who they claim to be. With standard authentication, users enter some credentials (such as their username and password) when they begin a session. They are then...

Deep Fake technology is a new and emerging type of AI that can be used to generate unique content for a wide range of purposes. However, the general discussion around Deep Fakes has been about the risks that it poses to society. Even still, there are a number of legitimate use cases for Deep Fakes, which we will discuss in...

A digital identity is an online likeness or an electronic file that contains personally identifiable information, or PII. The Digital Identity is an identity utilized in cyberspace across a variety of communities, businesses, and workflows. It is comprised of attributes including but not limited to username/password, social security number, date of birth, online activities (search, transactions, purchasing history, behavior), and...

A digital identity wallet is an application downloaded onto your mobile device that securely holds and encrypts various identity assets containing private information. The application allows users to access pertinent personal documents without carrying an original, physical copy. Identity validation assets include items like your driver’s license, passport, birth certificate, insurance card, social security card and more. When asked to...

Facial authentication, also known as facial verification, is a facial biometrics category that relies on a "one-to-one" matching technology. Facial authentication matches a person's face to a previously verified image from a trusted source, like a government ID or previously enrolled and authenticated biometric selfie, with the user’s consent. This form of biometric authentication is primarily used for account protection...

Facial biometrics is a broad umbrella term that encompasses both facial recognition and facial authentication. Facial biometrics are ways to authenticate a user’s identity based on their face. Facial biometric software captures, analyzes and verifies identities via comparison to either a database (recognition) or single photograph (authentication). The technology accomplishes this by collecting unique biometric data of each person.

Facial Liveness Detection is the use of a computer vision technology to detect fake or non-real faces when using facial biometric technology/software for authentication. It is the technology’s ability to analyze and detect if it is an actual living person taking a photo or video of themselves in real time.  How Does Facial Liveness Detection work? To ensure the genuine...

Facial recognition is a biometric verification category that relies on a “one to many” match. This form of biometric technology detects and locates the image of a face, captures and analyzes it, converts it to data, and compares it against a database of other known faces. Facial recognition has various law enforcement applications; police, for example, deploy facial recognition when...

Compared to other types of fraud where we envision individuals being the target victims while criminals steal their personal information to perform fraudulent activities, First-Party Fraud is different in that the individual themself is the perpetrator. These individuals are often trying to mislead financial institutions. They may even be working with organized crime rings on a larger scale.  As technology...

Fraud Detection is a process or set of processes that analyzes, detects, and prevents fraud threats to a business. These threats are aimed at obtaining money or property and can include identity theft, fraudulent purchases, insurance scams, cyberattacks, money laundering, and more. Fraud detection is most effective when it is a comprehensive, multifaceted approach that can include one or more...

Fraud Monitoring is the process of tracking all activity across workflows and a customer journey: from initial login and transactions, to ensure no fraudulent activity is taking place. This monitoring evaluates actions and events, including account changes, user changes, transactions, and device registrations. Typically, a fraud monitoring system will flag suspicious activity or anomalies in user behavior to stop fraudulent...

Friendly fraud, also known as first-party fraud, can take many different forms, but it generally entails an actual consumer purchasing goods or services from a business and then making false claims. These claims can include the purchase or the delivery of the goods, the need for a refund as a result of the false claim, or the fact that they...

ID validation, or identity document (ID) validation, is the process of verifying a provided national ID, driver’s license or passport to ensure authenticity and validity. This verification process is completed via software that uses machine vision, AI, and document library, among other sources, to determine authenticity of the identity document. Software will scan and extract content from documents and analyze...

Identity Access Management is the process of managing, recording, and controlling all the ways people interact with your company's network. It's a complex system that controls authorization and authentication, which is essential to minimizing risk. Authorization is when you grant access to certain parts of your company's network and infrastructure to certain people. This can mean giving employees or third...

Identity Assurance Level or IAL refers to the levels of confidence or assurance that a system can have in a user’s identity and credentials. There are three levels used as measurement in the identity proofing process: Some confidence, completed via self assertion, often a password High confidence, two factors of authentication Very high confidence, a combination of two factors of...

Identity decisioning is the process of determining if a customer is authentic in onboarding, transaction monitoring and credit underwriting. Companies in the financial and adjacent industries will need adequate decisioning to meet KYC/AML compliance requirements, mitigate fraud, and evaluate risk when onboarding new customers. Identity decisioning is often automated via an Identity Decisioning Platform, which is a comprehensive system for...

Identity fraud occurs when a bad actor uses stolen personal, private, and/or financial information to make fraudulent transactions. How bad actors can obtain a user’s identity occurs in a variety of ways, including both physical and digital means. A bad actor can utilize a fake ID, false credit card or bank accounts, fraudulent transactions, and a fake criminal record. Identity...

Identity management is how an organization identifies and authenticates individuals for access to its network or applications. This process will ensure individuals and groups have the right access, rights, and restrictions with established identities for these organizational resources while keeping those assets and their data secure. Identity management systems include software, hardware, and procedures used to identify and authorize a...

Identity microservices is a software architecture of small independently run services that can be developed, deployed and maintained individually. Each microservice is responsible for a discrete task and can communicate with other microservices through API’s (Application Programming Interfaces) to perform a holistic solution. Examples of identity microservices include ID data extraction, liveness detection, and ID Capture. Identity microservices make applications...

Identity orchestration is the framework that businesses can use to weave a variety of identities together in a multi-cloud environment. Identity Orchestration allows businesses to enable consistent identity and access to a business’s apps and/or services, regardless of which identity system is used. Identity orchestration requires dynamic user journeys for IAM across the entire identity lifecycle, including fraud detection, identity...

Identity proofing is the process of verifying an individual's identity, either in person or online. It's sometimes called identity authentication or ID proofing. Identity proofing is helpful for any entity that needs to verify the identities of its customers, contractors, employees, partners, and more. Identity proofing may be used for any online or physical system that requires authentication, such as...

A lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate.

Although Know Your Business compliance is relatively new in the United States (since 2016), it plays an important role in upholding the integrity of the economy and keeping crime organizations from getting access to valuable financing. Thus, the implications of Know Your Business regulations are extremely widespread, even concerning public safety. Knowing who your corporate clients are is an important,...

Know Your Customer (KYC) is a set of standards and regulations used by financial institutions to make sure that they're doing business with a legitimate, law-abiding person or entity. When you open a bank account, apply for a credit card, or take out a loan, the financial institution you do business with will ask you to provide some personal information—namely, your...

Knowledge Based Authentication or KBA for short is a security process that requires asking users for answers to personal information questions to authenticate their identity when accessing accounts or services. Users are required to answer questions that only the individual would know the answer to; for example, secret phrases, names of relatives, or prior transactions. There are three types of...

Facial Liveness Detection is the use of a computer vision technology to detect fake or non-real faces when using facial recognition biometric technology/software for authentication. It is the technology’s ability to analyze and detect if it is an actual living person taking a photo or video of themselves in real time.  How does Facial Liveness Detection work? To ensure the...

Multi-Factor Authentication, or MFA for short, is a security system that aims to provide an extra layer of protection for your account. It requires you to confirm your identity in at least two separate ways when logging in to your account: Something you know (like a password) Something you are (like a fingerprint) Something you have (like a code sent...

Passwordless authentication refers to a method that allows users to log in to an application or IT system without the use of a password. By this method, users can authenticate themselves via physical security keys, apps, or biometrics. This process eliminates the need to create or remember a static password to both provide a better, more streamlined user experience and...

A privileged access management (PAM) tool is a solution that mitigates any risk of privileged access via monitoring, detecting, and/or preventing unauthorized access to system resources. As an organization expands and adds new users with new permissions over the years, they can quickly lose sight of all accounts that have elevated privileges and access to sensitive data.  At the same...

Proof of Identity is a very important concept throughout the cybersecurity world. It is an idea that helps maintain the security and integrity of digital systems. As such, it can be applied in a variety of contexts, which we will explore in further detail below.  What Is Proof of Identity? In a cybersecurity context, Proof of Identity refers to the...

An important cybersecurity practice that keeps your online accounts safe, Reauthentication is widely used across the web today and provides various benefits that you may not even be aware of. What Is Reauthentication? Reauthentication is a cybersecurity concept that refers to the process of requiring users to offer additional verification or authentication credentials to regain their access to a system,...

Synthetic Fraud is a complex form of identity theft that occurs when a fraudster uses a combination of both fake and legitimate personal information or legitimate personal information from more than one individual to create a false or “synthetic” identity to build credit, make fraudulent purchases, and more. This process could combine a stolen Social Security Number with a fake...

Two Factor Authentication, also known as 2FA, is a two-step verification, or dual-factor authentication security process that requires users to provide two different types of credentials for authentication. Two Factor Authentication is designed to provide an additional layer of validation than methods that use one (namely a password). This authentication method relies on the user providing a password and a...

Zero trust security is an IT framework that secures all access across corporate networks and environments by the default assertion that no user or application can be trusted. Verification is required from anyone attempting to gain access to a network. Zero trust utilizes continuous monitoring and validation, least privilege access, strict controls on device access, multi-factor authentication, and micro-segmentation. This...

Zero-Knowledge Proofs offer strong assurances of authenticity, integrity, and confidentiality, all while preserving the confidentiality of protected information–which is why they have become so popular in cybersecurity today.  As cybercriminals become more sophisticated with their tactics and traditional username-password methods of Proof of Identity become weaker, the power of Zero-Knowledge Proofs could prove monumental for the industry.  While the definition...