Mitigate Risk in Financial Services with Digital Identity Methods
As institutions use digital agreements to deliver customer experiences, they must determine which ones warrant an extra layer of authentication or verification
Table of contents
Over the past few years, the financial services and insurance industry has witnessed a rapid uptick in digital transactions. Today’s consumer has come to expect digital convenience. Creating and delivering customer-centric experiences, whether through mobile-friendly or self-service experiences, tops the agenda of most financial institutions (FIs). Yet FIs today must contend with a heightened risk landscape. Banks have reported more sophisticated attacks since the onset of COVID-19, and consumer losses due to fraud have reached an estimated $5.8 billion.
Recognizing these growing risks, financial services regulators have issued updates to their guidelines and rules encouraging FIs to strengthen their risk management practices. In August 2021, the FFIEC issued updates to their best practices regarding effective authentication and access risk management principles. Subsequently, in October 2021, the FTC issued updates to their Safeguards Rules, with all provisions slated to go into effect by December 2022.
A core component of these updates involves applying more rigorous authentication throughout the customer lifecycle. Both the FFIEC and FTC note that FIs should conduct periodic risk assessments to inform whether single-factor authentication is inadequate and whether multi-factor authentication or controls of equivalent strength should be applied instead. To determine where these methods are warranted, FIs should identify customers engaged in high-risk transactions and consider risk factors such as sensitivity of data collected or likelihood of fraud in their decisioning.
Assessing the risk of digital agreements
At the heart of many of these high-risk transactions are agreements. If a customer wants to change beneficiaries, open or close accounts, update their name or address, or initiate payments out of the institution, they are often required to first sign an agreement to process such requests.
As FIs scale their use of digital agreements to deliver customer-centric experiences, their risk officers and business leads should collaborate to determine which agreements warrant an extra layer of authentication or verification and what method is most appropriate. This process may vary and look different at each institution.
Sandra Bell, vice president of enterprise transformation at M&T Bank, shares how M&T Bank approaches this risk assessment process and the factors at play below, including type of agreement, delivery method, recipient type, and more:
Certain transactions pose a greater fraud risk than others. For example, if money is moving outside of the institution via payments or transfers or beneficiaries are changed on a plan, these transactions can be considered riskier than, for example, a stop payment. The type of customer can make a difference too–a retail customer compared to a wealth management customer with a longstanding relationship to their advisor poses a different set of risks.
Next steps for digital agreements
To streamline the signing and identification process for their teams and customers, FIs should embed digital identity methods into the e-signing experience. With Docusign Identify, FIs can draw from a range of authentication and identity proofing methods to secure their higher risk use cases. Signers can authenticate via SMS or phone and can verify their identity by using their government-issued photo ID, answering knowledge-based questions, or entering their bank credentials.
When it comes to account servicing, many FIs still rely on their call center or post static PDFs on their website that customers must download, complete, and upload to initiate requests. To drive an easier self-service experience, they can use Docusign PowerForms to convert these PDFs into interactive forms with embedded eSignature and identity verification in the process. For forms that live behind a portal or log-in, FIs can also use SMS authentication to support multi-factor authentication and an easier signing experience. The result is a more convenient experience that puts customers at the center while mitigating the risk of digital transactions.
To learn more about the evolving identity verification landscape, read our report: Identity Verification Accelerates Digital Transformation: A Spotlight On Financial Services.
More in this series:
Manas Baba is a product marketing manager for the financial services industry at Docusign.
Related posts