A new industry: Identification, Verification. Authentication and Authorisation
In today’s world computers and smartphones are used for many everyday activities. This includes services in conjunction with online banking and payments in general. After the early years in this century when companies started with limited services that offered just some online banking features or certain special services, nowadays many (challenger) banks offer complete suites to give the user means to conduct all money related tasks. With people moving their sensitive information more and more into the online realm, fraudsters are not far that try to rob identities to grab the hard-earned money of unsuspecting users.
At PayRetailers we work together with some partners that make sure that the user is really the one he claims to be. This new identity verification sector grows strongly and involves many companies that offer an outsourcing-service to companies like PayRetailers that handle sensitive information. Let’s start by clearing up the differences of some important terms every user encounters.
In the online world, users need to identify themselves. They type in their name, email, address and phone number. Additionally, they might enter their credit card number. So, we see, that a fraudulent impersonation can take place very easily if the fraudster just types in the details of another other person.
Hackers can get access to these details quite easily with a successful hack. Often they circumvent the security features of the databases and download huge amounts of datasets of millions of real persons. Imagine the damage they could impose with just typing in such a data set (manually or automated with scripts). To prevent this from being successful, the next steps have been introduced.
One of these steps is the identity verification which makes sure that the person registering with a set of details really exists and is a real person. The verification is linked to the rules set by the Anti-Money-Laundering (AML) and Know Your Customer (KYC) regulations and the verification methods depend on the local regulation law that varies between jurisdictions. The usual measures taken with this step are a proof of identity where the user needs to take photos of their ID card and fill a questionnaire about certain intentions linked to the service he registers with.
Linked to the verification is the authentication. This step asks if you are who you say you are. The purpose of this step is to make sure that the person has the right to access a service.
In addition to a username and password there are additional measures like one-time-PINs that will be sent to the users phone or mail-address, authentication apps on the users smartphone or biometrical measures like face detection or fingerprint sensing. The combined login-functionality is called 2FA or 2-Factor-Authentication. One factor is the username-password-combination and the other is the PIN or fingerprint, or whatever 2nd option the user has opted for.
After being logged in, the authorization is a functionality within a system to prevent a user from access to the admin area or other pages not meant to be accessed by the user. In the online world we see that authorization always follows the verification process because a company needs to make sure that the person is real before giving any access.
Now, let’s look at some types of fraud that occur in the payment service sector.
Phishing: Fraudsters try to mimic a real website or email and call the user to type in personal information related to the website. This way, fraudsters get access to data we talked about in the identity section.
Identity theft: Cybercriminals hack firewalls or security systems or just record data on public Wi-Fi networks. They use the obtained personal data to impersonate themselves as another person.
Page jacking: Hackers can reroute the traffic from a website and redirect the user to a fake site. The fake site may contain forms for personal data or viruses that get installed on the users’ computer.
Merchant identity fraud: Fraudsters set up a merchant account with fake identity data and stolen credit card details. They conduct business and receive items or services for a short period of time until the cardholder or other business party discovers the fraud. But nobody can trace back who conducted the fraud.
For PayRetailers the mentioned steps and prevention of the fraud types are especially important. We need to protect the financial assets of our clients and consumers. A data breach or malicious activity can hamper our reputation in the long run and therefore affect our growth negatively. Our partners and us know that well secured services are very important, and we use the latest technology available to protect our product suite.
Please contact us if you want to expand your business to Latin America. We are your payment service provider of choice, currently operating in 12 countries and counting.