Identity Management

As government agencies increasingly go digital and have little or no physical interaction with citizens, they’re having to contend with new challenges. Citizens have come to expect online access to services and information offered by their state and local governments, such as filing taxes and applying for benefits. They have little tolerance for hiccups that obstruct their ability to execute transactions or avail services.

Accustomed to using one login and password to gain entry and execute transactions on their favorite e-commerce websites, they anticipate a comparable user experience on government sites. But password management is not identity management. And government agencies looking to replicate that frictionless digital experience could be increasing their vulnerability to fraud and cybercrime.

Potential dangers

Government agencies must strike a careful balance between employing rigorous methods to prevent fraudsters from attacking their programs while ensuring that recipients, citizens and/or beneficiaries receive the services they need. While doing business online provides operational efficiencies and results in better customer service for citizens, it also introduces new risks.

Global criminal networks use stolen identity data to open accounts. Cybercriminals use botnets to instigate attacks that include malicious activities such as unauthorized access and data theft. And fraudsters piece together bits of stolen data like names and Social Security numbers with fictitious facts to manufacture synthetic identities that are extremely hard to detect.

The result is that government programs, such as tax refunds and health and human services benefits, are under continuous attack by a persistent and inventive population of fraudsters. When those fraudulent entities are successful in their unscrupulous endeavors, government agencies risk:

• Making payments to the wrong people
• Failing in their critical mission
• Being non-compliant with privacy and data security regulations
• Damaging their reputation in the eyes of citizens

Identity management is critical to security in providing citizens with the access they need while keeping systems, data and services inaccessible to cybercriminals.

Streamlined access for trusted citizens

The majority of citizens who interact with government agencies are legitimate. They expect convenience and ease of use when transacting with online programs. Ideally, these citizens should be quickly identified as low risk. Then they can be streamlined through the identity management process.

The challenge is differentiating trusted citizens from fraudsters and bots, made increasingly difficult as a growing number of citizen interactions become self-service and take place via remote channels such as mobile devices.

Traditional, stand-alone identity management and verification tools are insufficient in identity proofing when it comes to fending off the onslaught of sophisticated fraud schemes online. A superior approach involves establishing multiple layers of defense.

A multi-layered defense

A multi-layered, risk-assessment fraud defense strategy is the future of identity management and the best way to protect citizens and agencies alike. It optimizes the online experience by combining frictionless, market-leading risk-based authentication (RBA) with low-friction strong customer authentication (SCA) strategies to ensure the person on the other end of the transaction isn’t a fraudster.

The authentication requirements are tailored to each individual user, taking into account three variables:

1. Type of transaction
2. Device being used
3. Associated level of risk

A digital and physical identity database solution correlates identity and transactional information in near-real-time from thousands of data sources to provide a 360-degree view of identity risk. Aberrations from usual behavior patterns throw up red flags.

Trusted citizens have a streamlined experience with fewer step-up authentication interventions. Only their high-risk transactions are challenged and routed to the appropriate authentication or identity verification service for additional research. Cybercriminals and bots are prevented access.

LexisNexis^® Identity Management Solutions

To direct the right money, benefits and services to the right people, government agencies need to have proven identity management processes and technology. Multi-layered identity proofing that incorporates an identity risk assessment offers the best of both worlds—a secure, automated defense against fraudsters and cybercriminals without compromising the citizen’s online experience.