Large-scale software and database tools can help private firms and federal agencies verify identities and avoid fraud, even in this online age of fake personas and criminals who front companies online.
Although known as a consumer credit reporting agency, Equifax uses such tools to verify identities as a key part of the credit checking process. Rich Huffman, senior director of product management at Equifax explained the process at this week’s Government Information and Analytics Summit in Washington, D.C.
“We were big data before big data was cool,” Huffman said.
Equifax maintains proprietary data on over 572 million consumers, 81 million businesses worldwide and 200 million employee files. The company also operates and manages five proprietary data exchanges. All of these tools and capabilities allow Equifax to get a very good view or a person or business.
Because vetted results are key to getting a good picture of a person or business, Equifax relies on multiple, supporting data points to verify identity. To help make sense of what are often very disparate data points, Huffman said the company uses its proprietary Connexus software tool, to link individuals to home and business addresses. Because it takes time to build up an identity, the software matches an individual against a variety of sources in its files to create a history.
Even unmatched data is valuable. This information is saved separately until it can be linked in context to a subject, Huffman said. By putting all these pieces together, Equifax can create linear and hierarchical relationships for people and businesses, he explained.
When Equifax runs a credit check, it uses a variety of tools to verify an individual or businesses’ identification. There are three things that the firm looks for when verifying an ID, Huffman said:
- Does the identification appear to be real or manufactured? “Are they a carbon-based life form?” he said.
- If the ID is true, has it been compromised?
- Is this person who they say they are?
Besides using big data tools to verify identity, Equifax does several other things that federal agencies are interested in copying. Because the company’s data files and records are such a gold mine for criminals, its networks are constantly probed. Equifax has a system to monitor and flag the Internet Service Addresses of these probes. By using its networks as a honey pot, the company creates a list of bad actors it can warn firms in its network to look out for, he said.
Equifax also conducts checks on the reputation and reliability of computers and mobile devices running transactions on its networks. If a device commits a transaction that ends up in fraud, it is flagged. The device side of the security equation is something that federal agencies and many organizations need to add to their security portfolios, he said.
The company also uses modeling and other predictive techniques to determine the potential for fraud. This risk based approach is an important, dynamic process that can help organizations determine their threat environment, Huffman said. This is a key tool Equifax uses to measure risk in real time for its customers.
“If you don’t measure, you don’t know what you’re doing,” he said.
But while Equifax works with its clients to verify identities and model risks, identity management is something that organizations ultimately have to do themselves to meet their security needs, Huffman said.