Identity Verification Flows and Machine Learning in Fintech

From IIW
Jump to: navigation, search

Identity Verification Flows and Machine Learning in Fintech


Wednesday 2G

Convener: Maxwell Blumenfeld

Notes-taker(s): Garrett Schlesinger

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if

appropriate to this discussion: action items, next steps:


Problem: credit bureaus are authorities for which identities on file, but how, given a consumer file,

can we determine that the actor in a browser actually is the identity on file.

Potential flows:

  • Prove that a person owns a mobile phone (challenge/response) registered to an entity with the same name (using data from telecomm companies on that phone number).
    • Issues: stale/inaccurate data. Family/company plans.
  • Email verification
  • KBAs from some authority
    • issues: "Google-able" answers
  • Physical ID verification
  • Human labeling


Proposal: 90/10% operational/experimental split with ID verification flows. 10% experiment gets

random assignment of verification flows at the time of requesting a loan.


There will be some drop-off. Need to measure at each flow. Important to do in an a/b context.

Ultimately, you want to get an idea of which verification flow will have the best ROA, conjoined with

intuition around what provides a friendly user experience.


Would success in KBA boost our confidence enough to approve a loan? Does the cost of KBA lead to

negative expected ROA?


In the photo id space, more interesting signals exist. E.g. liveness (turn 25% and take another

photo).


Based on historic drop-off labels, you can then sort ordering of verification flows to actually make a

difference in the outcome of fraud labeling.


Other things to look at: UK verify. Does it purely based on online

behavior. https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify


https://www.digidentity.eu/


Social/location-based data (localized photo tags)


Raytheon riot http://www.zdnet.com/article/raytheon-riot-defense-spying-is-coming-to-social-networks/


Impermium


On the physical id front: MorphoTrust and AssureTec are the two working from source. No direct

interface to government. Summary: keep expectations low until there's good government

interfacing (~7 states have these already).


Huge body of research form google on effectiveness of UX flows for verification, recovery,

etc. https://sites.google.com/site/oauthgoog/