top of page
Writer's pictureFraud Practice

PRESS RELEASE: Reversing the Identity Authentication Lookup

COMPARISON OF THE IDENTITY AUTHENTICATION AND REVERSE LOOKUP TECHNIQUES

Sarasota, FL, March 15, 2013 / By: David Montague


Merchants selling goods online and in the CNP channel at one point or another will need to apply techniques to authenticate consumer provided data to determine if it matches or goes together. Merchants typically rely on two common techniques: Identity Authentication and Reverse Lookups, or in some cases both. Both Identity Authentication and Reverse Lookups are fundamental fraud prevention and risk management checks. Likewise both play a critical role in the perceived quality and authenticity of a consumer’s e-Identity. Fraud prevention personnel often look at these two techniques as being essentially the same, but they actually are different methods and provide very different “signals” for use in detecting potential fraud as well as in identifying real customers with poor e-Idenitites.


The Identity authentication technique attempts to authenticate an e-Identity by affirming or denying that a specific name, address and/or phone number all go together. For example, it looks to provide a “yes/no” return signal that indicates the name “Robert Smith” is located at “123 Apple Street”. The identity authentication technique is generally not intended to provide any qualitative statement as to the connection; like there are a lot of people at the address, or there are similar names at this address or this address is suspect. The reverse lookup technique attempts to authenticate an e-Identity by returning all of the connections it finds when provided an address or phone number for the merchant to review and consider. For example the reverse lookup technique might return signals of “Robert Smith and Jane Smith” linked to “123 Apple Street”. Likewise the reverse lookup check might return additional qualitative statements about the address such as high risk indicators, family members or the like.


Obviously the return signal data is very different from one technique to the next. While identity authentication provides a consistent data return in size and format making it easier for automation, reverse lookups will typically not provide a consistent data return in size and format and will be more difficult to integrate into an automated process. While reverse lookups may be harder to automate, they do provide richer information for making connections with consumer data within a manual review. This can be especially useful in the case where you don’t get a full match using identity authentication checks. For many merchants, they don’t perform identity authentication on all of their transactions but just on a subset of transactions as part of a manual review process so either technique will work, but for many merchants you will likely find you need to incorporate both methods into your risk operation.


Another major consideration on why you may use one technique over the other or require both is the ongoing issue with data quality and normalization when it comes to consumer data entry. Consumers have data input errors all of the time, especially when coming from mobile devices, which can cause full matches to fail. Additionally, there can be issues with data normalization related to the data source, such as out of date information or looking for matches to the consumer’s full legal name when they are more likely to provide a nickname. There are many potential issues that can throw off the accuracy of identity authentication match results, from “Roberts” that prefer to be called “Bob” or “Billy”, to multiple family dwellings, roommates and cohabitation. In these instances a reverse lookup may be better suited to determine the potential of risk associated with a transaction as it provides more detail on who is associated with an address instead of who is registered at this address with a utility or phone provider.


Matt Woodward, Director, Product and Technology for WhitePages PRO, elaborated that, “A reverse lookup produces extremely actionable results for a merchant as it provides access to unique data points like whether an address is vacant or if there are many people residing within a single household, both of which would help to indicate that a match is less trustworthy.”


In this context, reverse lookups are especially useful for manual reviews. When merchants are not comfortable enough to accept a transaction based on the information and risk signals utilized in automated decisioning, by manually reviewing the transaction and reverse lookup results there may be enough information to validate and convert the sale. This could be through recognizing that a nickname was used, that multiple people with different last names are living in the same household, or other associations.


Both identity authentication and full reverse lookups can be very useful risk management tools for establishing e-Identity for a consumer in the CNP channel and assessing the risk of a transaction. However, merchants should be aware of the differences between these tools, the results and signals they provide, as well as when and how to use these signals. Depending on factors specific to their vertical market, risk management strategy or other dynamics, merchants may be better served to use identity authentication, reverse lookups, or both. But understanding when and why to use these checks in the context of the information or risk signals provided is paramount.

Commenti


bottom of page