What’s new in fraud prevention, and what does a complete capability look like?
A big trend is the adoption of identity verification quizzes. These are not the usual consumer-chosen challenge questions like “What’s the first name of your maternal grandfather?” They are automatically
generated “shared secrets,” such as “At which of these addresses have you lived?” By the way, this is exactly the kind of protection that the IRS had in their “Get Transcript” function. It’s not foolproof because the information is gathered from outside sources, including credit monitoring agencies, where fraudsters
may also be able to access it. Taxpayers give these quizzes mixed reviews. They seem novel at first, a bit
of a nuisance after that, and a real pain if you’ve forgotten some answers or the information generated
is incorrect. These quizzes make tax transactions more secure, but agencies still need a second safety-net
layer to detect frauds that have gotten past them.
That’s just the first piece of a complete fraud prevention capability. Our whole list includes:
• Identity verification system, either as a quiz or an analytically generated risk score
• Pre-payment fraud detection engine that uses both business rules and various types of analytics such as peer-group anomaly detection and predictive modeling
• Post-payment audit selection system that uses both business rules and analytics, and that predicts the likelihood of a fruitful audit
• Employee or insider threat detection capability
• Robust reporting capabilities, both regular and ad hoc, for every level of the organization
• It may go without saying, but full-force systems security