In the half-year since Plaid announced a
The latest is Beacon, a collaborative anti-fraud network Plaid announced Thursday that notifies participating fintechs and banks when a new user or account signup contains personally identifiable information that has already been associated with fraud on other platforms.
The service aims to blacklist fraudulent identity details that are often used over and over to perpetrate fraud. Sometimes fraudsters use this information to commit account takeover or to steal funds, make purchases and launder money through accounts created with stolen identities. In other cases, they commit theft through synthetic identities that are fabricated with a combination of real and fictional users' details.
Beacon's goal is to break down silos that exist between organizations and create a consortium for fintechs and banks to cut short the ability of fraudsters to re-use stolen identity data, according to Alain Meier, Plaid's head of identity. Meier joined Plaid 18 months ago after nearly nine years as co-founder and CEO of identity-verification startup Cognito, which Plaid acquired last year.
"The idea of fraud consortiums for banks isn't new, but so far there hasn't been a concept enabling both fintechs and banks to get broad visibility into the specific details of fraud that organizations across the ecosystem are seeing in real time," Meier said.
Among Plaid's customer base of 8,000 organizations, the majority are fintechs, and with Beacon, the company hopes to add more banks, Meier said.
Beacon works through a set of APIs, through which participating organizations feed specific identity details connected to fraud into the Beacon API or Plaid dashboard. Those details become part of a database that Beacon uses to automatically assess whether a prospective new user or account from a participating organization contains any identity information that has already been flagged as fraudulent.
Before onboarding each new user or account, Beacon automatically compares the identity against its database to find any details that have previously been associated with fraud or fraud attempts, and, if so, instantly notifies the fintech or bank so they can investigate.
In such cases, participating organizations receive a report specifying which identity points were used for fraud and in which industry the fraud occurred, along with the time of the incident and how many times the fraudulent data was used. To ensure security, Beacon does not share the name of the affected organization or the underlying identity details, Meier said.
Participants are required to pay a small, undisclosed fee to scan all new users and accounts against the Beacon network, similar to Plaid's existing business model for other financial data-sharing services, according to Meier.
There are no guarantees that Beacon will catch every fraud attempt, but in the past few months the service has proven "very effective" for several fintechs and a handful of financial institutions testing it, including Tally, Uphold, Possible Finance, Uplift, CreditGenie and Veridian Credit Union, Meier said.
"The vast majority of identity-fraud attempts fintechs are experiencing have been seen before by another organization, but everyone has slightly different fraud-detection models, so the odds are quite high that a fraudster will succeed if they keep trying at one fintech after another," he said.
To be effective, the system requires that all participants remain vigilant in feeding examples of identity-fraud attempts into Beacon, Meier noted. Plaid sets benchmarks for the amount of identity-fraud examples each organization would likely generate based on its scale, and monitors them to ensure participants are sharing all available fraud data.
"You have to give to get, and those who don't share fraud data won't get reports," he said.
Beacon's data also reveals when customers are using their own identity to commit repeat first-party, or so-called "friendly," fraud, he said. It also flags cases of duplicate account signups that sometimes occur due to confusion or human error.
Like many other fraud-detection programs, Beacon also correlates new identities with existing data to ensure that data hasn't been manipulated or changed when consumers move or change their names by automatically matching data across fields.
Plaid said banks have expressed strong interest in adopting Beacon, Meier said.
But banks' appetite for investing in a shared new identity fraud-detection database is not clear, since they have been collaborating for years to battle identity fraud, said Julie Conroy, head of risk insights and advisory at Datos Insights. She pointed to Early Warning Services, owned by the nation's largest banks, which operates a shared fraud database that includes the identity attributes of known frauds.
"Financial institutions pay a vast number of third-party vendors today for controls to help with synthetic fraud detection. Many have also leveraged enterprise fraud analytic platforms to build bespoke synthetic models that help to bring all of these point solution inputs together," Conroy said.
Beacon is the latest of a series of payments-related products Plaid has rolled out recently. Last month Plaid introduced an identity-verification shortcut for consumers who have previously verified their identities through Plaid. At companies offering Plaid Identity Verification, consumers who qualify can skip the identity-verification process by clicking a box.
Plaid launched a service late last year that provides a
With Beacon, Plaid's goal is to extend the service to Plaid's 100 largest customers, which presents a fast path to build an effective net that could catch the use and re-use of fraudulent identity elements, according to Meier.
"What sets this service apart is that we're not giving users a probability factor of fraud — we're providing examples of actual fraud that's occurred and blocking it from happening again."
