Fight Financial Crime With Effective Customer Identity and Access Management

Use advanced capabilities to assure identity and prevent financial crime.

Analyst Perspective

There is more to CIAM than fighting financial crime.

The rapid growth of AI has powered a new wave of crime that has elevated the threats that financial institutions are trying to combat. Among the most challenging is establishing and continually verifying who are legitimate customers and who are technology-savvy criminals.

Many approaches are being used to fight financial crime, but customer identity and access management (CIAM) has emerged as one of the best solutions to the challenges presented by technology-based financial crimes.

Many financial institutions are still using basic security features based on unique knowledge, otherwise known as passwords or pin codes, to verify their customer’s identity. These basic techniques are no longer adequate to protect financial institutions and their customers from sophisticated criminals.

Implementing advanced CIAM capabilities is increasingly moving toward vendor-based solutions. Choosing the right vendor is now becoming a top priority to assure your organization is adequately protected.

Concurrently, modern CIAM solutions are also playing a critical strategic role as a central enabler of open banking, which is reaching an inflection point. As customers begin to be serviced by organizations outside of your organization, the role of CIAM is becoming an important capability enabling the future of federated financial services delivery.

David Tomljenovic MBA LL.M CIM

Head of Financial Service Industry Research
Info-Tech Research Group

Executive Summary

Modern CIAM solutions combine multiple technologies that add layers of protection to assure customer identities can be accurately authenticated. CIAM solutions must develop and deploy AI and ML-based capabilities that counteract criminal use of AI/ML.

Identity-based fraud is an expensive and growing challenge for the financial industry

“Traditional security systems seem to be no match for sophisticated identity fraudsters.”1

Advanced technologies such as AI are increasing identity-related losses.

Identity fraud will cost banks U$30 billion by 2030 1 according to a recent survey by Deloitte Center For Financial Services.

According to the FTC, identity fraud is up 47% year-over-year.4 In the same study, every 22 seconds there is a new victim of identity fraud in the US, and it cost banks US$10.2 billion.4

85% of synthetic identity fraud is not being detected by currently installed systems according to Lexus Nexus.1

Identity fraud in banks was up 34% in the first six months of 2024, and the number of identity-related fraud cases increased to 552,000 over the same six-month period.3

Loan and lease fraud increased by 20% to approximately 96,000 cases in the first six months of 2024.3

Identity-related breaches are high

84%

of respondents said their company experienced an ID related breach in the last year.2

Sources:
1. Deloitte Insights, “Using biometrics to fight back against synthetic identity fraud,” 2023;
2. Ping Identity, “State of Identity 2023: A Pivotal Time in Customer Identity”;
3. ebankIT, 2024; 4. Ping Identity, “Transformative approaches to reduce identity fraud in banking,” 2024

Customer identity and access management (CIAM) systems are a primary defense against identity-based fraud

CIAM systems employ a broad range of capabilities and techniques to reduce fraud.

A new generation of vendor-provided CIAM systems are emerging that employ multiple techniques to identify valid identities from false or synthetically generated ones.

New CIAM techniques include:

• Multifactor authentication where varying levels and techniques are used to authenticate a user's ID.
• Physical biometrics such as fingerprints, eye scans, and facial and voice recognition.
• Behavioral biometrics using multiple data sources to detect unusual behavior patterns.
• Advance risk assessments that consider a broad set of data points such as IP addresses, device ID, location, and social media activity to determine risk context.

Behavioral biometric use is expected to increase and will rely on patterns of behavior that will be captured over time, analyzed by machine learning or AI tools, and become another metric that will be considered.

Progressive authentication is context aware and dynamically adjusts itself. As customers move through their journey with a financial institution, the level of authentication increases.

Layered authentication techniques are being employed. Each level presents more robust authentication requirements.

MFA is being widely adopted

89%

of respondents say they have adopted MFA to strengthen ID security.1

Source: 1. Ping Identity, “Transforming Your Customer Identity Strategy into a Profit Center,” 2023

CIAM solutions must accommodate all customers

As your relationship with your customers evolves, so must your fraud solution.

Your organization has different types of customers with differing requirements.

Existing customers:

• Your fraud system’s primary purpose is to capture essential identity data. It will also connect their identity data to the core systems of your organization.
• The movement of data between your fraud system and core systems is essential to enable progressively deeper multifactor authentication as your customer engages more deeply.

Potential new customers:

• Low friction customer marketing/acquisition will reduce customer frustration with your fraud solutions and onboarding processes.
• Progressive onboarding enables sales by collecting enough information to engage your customers while deeper information is collected as engagement deepens.

External partners:

• Potential product or service delivery partners are also considered “customers” within the context of your fraud system as they also require authentication.
• Federated service delivery is enabled through standard protocols, such as SAML, OpenID, and Oauth, which are how open banking capabilities can be delivered.

Info-Tech Insight

The goal of a modern CIAM solution is to provide a system that delivers an optimal balance between protection for a financial institution and its customers while still offering ease of use to customers.

The implementation of modern CIAM systems has become a strategic priority

Financial organizations are dedicating time and resources to CIAM transformation.

Many organization’s CIAM systems are out of date and are not effective in preventing fraud.

• Many financial organizations have internally built CIAM solutions that have become outdated because of new technology-based threats.
• 76% of survey respondents said preventing ID fraud is their top priority.1
• 90% of organizations are using a CIAM vendor to meet their needs.1

CIAM systems are viewed as strategic enablers of growth and new business capabilities.

• Banks have experienced a 60% reduction in time required to implement open banking.2
• Banks using modern CIAM solution have seen a 300% increase in customer engagement.2

Info-Tech Insight

As you begin to evaluate CIAM solutions, it is important to consider more advanced use cases than your organization may be currently considering. By doing so, you can ensure that your choice of systems will be able to grow with your organization as it grows in size, capabilities, and digital maturity.

Sources:
1. Ping Identity, “State of Identity 2023: A Pivotal Time in Customer Identity“
2. Ping Identity, “Transforming Your Customer Identity Strategy into a Profit Center”

IAM is often confused with CIAM

They share similarities but their orientation and functionality are very different.

Identity and Access Management (IAM)

• IAM systems are an integral part of internal systems’ provisioning and security.
• Account creation and identity verification are less rigorous because they are done by internal sources.
• The number of users or identities is typically smaller and limited.
• The levels of authentication are simplified because of the trusted nature of a user’s identity.

Customer Identity and Access Management (CIAM)

• CIAM systems are focused on external identities and must protect both the users and the organization.
• Account creation and identity verification is very complex because customers are unknown and external.
• The system must be highly scalable to accommodate a potentially unlimited number of users.
• Authentication capabilities must be extensive because users are external and unknown to the organization, and the organization is responsible for protecting itself and its customers.

Info-Tech Insight

Many organizations believe that their current IAM capabilities are suitable for external use with customers. In fact, the trend in the marketplace is to use separate systems for IAM and CIAM applications.

IAM and CIAM are increasingly separate systems

It is important to understand the key differences between IAM and CIAM.

Source: LinkedIn, “Key distinctions between IAM and CIAM