Within the payment card industry, financial institutions such as banks and credit card issuers have created sophisticated systems to protect fraudulent behaviour of credit card usage. Typically, these systems are developed on the behavioural profile of the individual who holds the card. For instance, if you’re based in Washington DC, the system could alert and attempt in blocking an untoward purchase in Boston. But this means that modern cardholders who are frequent travellers could find their purchases in a new city declined.
And while it can be highly expensive and labour-intensive for card issuers to execute precise monitoring systems, in some cases false positives can result in damage to businesses and their relationship with customers. According to an Internal Revenue Service white paper on fraud, over two-thirds of credit cardholders that were declined an electronic transaction stopped using the credit card. Further, they discontinued the patronage of the merchant due to a false-positive.
And since the IRS has experienced tax refund frauds, because of personal information stolen from taxpayer victims, the agency has developed a complicated and sophisticated system with multifaceted approaches in addressing identity theft and detecting and avoiding inadvertent fraudulent refunds. Some of the mechanisms include making use of filters, manual analysis, data analytics and so on to raise an alert on potentially fraudulent returns before any refunds are issued. Besides, the IRS is also known to employ other filters known as identity theft business rules starting from 2009.
These business rules are applied to every return that is filed along with the Social Security number and are connected to an identity theft indicator. Until the IRS can review the returns and accounts, such returns are not permitted to be posted to taxpayer accounts and are hence known as unposted bill returns. But this resulted in a very high false-positive rate, up to almost 91%, according to the Taxpayer Advocate Service, in their annual report published in 2016. This meant that over 1.2 million taxpayers had to experience delayed returns by almost two months.
So, as a taxpayer, if you had experienced potential identity theft, you were supposed to call the IRS on a taxpayer protection program hotline. But, the average wait time of 11 minutes in 2016 led to an appalling level of service rated at just 31%. Not only did the high rate of false positives disintegrate staff confidence within the IRS, the program as a whole was also very expensive and that cost was eventually borne by the taxpayers themselves.
Despite institutions and financial organizations implementing additional access controls on Social Security numbers, credit card numbers, passwords and other sensitive information, there seems to have been no respite on identity thefts. This is because all kinds of data are stored on multiple devices and systems that help to facilitate access to classified documents and information.
So, if such devices are stolen, it can become almost impossible to devalue the information thoroughly. But organizations continue to execute additional access controls that can mitigate the risk of unauthorized access to a certain extent. In addition to monitoring efforts, these controls have been seen to be somewhat successful. For instance, in a data breach, passwords have been exposed. But to avoid customer annoyance and irritation, they do not force a password reset immediately; the organization could also choose to execute additional checks in determining whether the devices or the IP addresses have been used in the past by the customer. If there has been historical precedence, the organization could allow the login to go-ahead. Else, the user could be requested to provide additional verification.
From a technical point of view, it can be hazardous to implement additional verification procedures than force an immediate password reset. But because management in companies decide that the risk to business connected to the potential of customer irritation surpasses the dangers of unauthorized access, they follow the latter.
Similarly, financial institutions and credit card issuers become aware that a consumer’s credit card has been stolen in a widespread data breach. But instead of replacing cards in bulk and risking customer ire, these organizations could selectively execute added controls such as call-backs to detect deviation from the normal spending behaviour of the cardholder.
For organizations to build a safe and trusting environment that can protect customer and company digital identities and safeguard crucial data everywhere, it is essential to look into a proactive and modern document security solution.
PDF DRM is a comprehensive document security solution that can enable you to store, use, and share content securely, and ensure that your classified and sensitive information is always secure. By safeguarding your sensitive information, you can drive digital transformation and growth in your company without having to worry about the safety and security of your valuable data. Moreover, PDF DRM also shows you how permitted users are interacting with the information and provides you with secure access and granular control over content use while enabling your organization to continue creating value.