Last week, Unit21 was invited by the California Department of Financial Protection and Innovation (DFPI) to discuss the Fraud prevention industry, emerging trends within the space, and the merits of shared data and Consortiums in the prevention of fraud at scale.
Unit21 presented as a guest speaker to internal employees at the DFPI to share our perspectives and get into the details on our products and services, specifically the Unit21 Fraud Consortium.
Let’s dive into some of the key topics.
What are fraud consortiums? Who are they for? What problems do they solve?
A Fraud Consortium is a joint effort between multiple financial institutions to share information securely about instances of fraud and illicit activities to prevent the proliferation of these activities across the industry. Consortiums, in general, aren’t new; in fact, there are several examples of Consortiums in virtually every industry. E.g, Automobiles. Closer to home, fraud data sharing has been in practice in the US since the early ‘90s, when some of the country’s largest Banks got together to combat instances of fraud with Early Warning Services (EWS).
Fraud consortiums are not new. Why are more service providers like Unit21 now adopting the consortium model?
As we discussed, Early Warning (EWS) was the pioneer for this industry when it comes to Consortiums. If you’re not familiar with them, they were the team behind Zelle payments as well, so they are industry veterans when it comes to large-scale banking products.
Further, the idea of Consortiums wasn’t on pause because of EWS’ scale (2800+ institutions part of EWS); it kept on growing and companies were building Consortiums to provide intelligence in various areas; for instance, Emailage is a very popular email Consortium that provides signal on the age and legitimacy of email addresses.
Outside of this, there are so many more contemporary Consortiums being built out by platforms like Socure, which provides aggregated data on the identity of an individual and is built on top of onboarding signals (CIP/KYC process).
When we entered the market, we saw a couple of big gaps
- EWS was built by & for Banks and doesn’t service Fintechs.
- Consortiums like Emailage (while useful) are point solutions and not whole products; In fact, they are a part of Socure’s KYC suite.
- Newer solutions like Socure’s First Party Fraud (FPF) consortium do not take into account actions that occur after onboarding, i.e., at the Transactional level, and thereby wouldn’t be able to help in instances of Scams or bust-out fraud cases.
And that’s what we went after.
How does end-user / customer data stay secure?
The good news here is that Unit21 only asks for data from end users (that is handled securely first of all) that is already being collected: Name, Social, DOB, Email, and Phone. We’re able to use these basic elements to form an identity in our Consortium and provide signals to our members.
Taking a step back: When we did the market validation for our product, we saw the gaps in the industry. When we dug a little deeper, the big theme we saw emerging was that people in the industry were familiar with Consortiums and loved the fundamental idea but were apprehensive about sharing data due to threats of data breaches and also the threat of competitors in the same system using their data to target customers.
So, from a product standpoint, this became a showstopper for us and had to be resolved before we moved forward with anything else. We did a lot of research on the topic of secure data sharing and eventually came across how this works in the healthcare industry: Due to HIPAA guidelines, in the instances of (say) organ transplants, data about the subject(s) on either side is shared by expressing the patient as a set of properties, rather than identifiers like their name. Using this as our base concept, we built a way of securely encrypting (‘hashing’ → 1 way encryption) the customers’ data as a set of parameters.
For instance, rather than hash a name or a social, we used them in combination with other data like DOBs to form a set and then hashed the set. This helps us not only secure the underlying data itself but also maintain accuracy in the system. Further, we don’t hash these records directly; we also do ‘bit rotation’ (jumble them) to ensure that they are hard to read even if the hashes are reversed (which in itself would take ~1600 years of computations).
We obtained a patent for this in October 2024.
What types of fraud are members struggling with?
In the majority of cases, we are seeing a lot of usage for reporting Scams and Elder exploitation, particularly in Crypto. The interesting side benefit of a Consortium that supports all types of customers is that we have Credit Unions that are reading from this database and placing added security measures on their Elder members, ensuring that their funds are secure within these CUs. We also see a fair amount of Victim reporting, i.e., reports of customers that have been defrauded previously as one of our major typologies.
Can you share any success stories about Unit21’s Fraud Consortium?
We set out with our USP being that we will build a Consortium for all types of organizations. The idea took off when our neobank customers like Chime asked us to look into how we can utilize the deep insights and data we have on our customers to prevent fraud via a Consortium. Then, we saw that we had built out a technological advantage: a secure data-sharing mechanism that would protect members in the instance of breaches.
Eventually, it became clear that the biggest advantage of all is the fact that banks, crypto platforms, neobanks, sponsor bank platforms, etc, are in the same data-sharing network that is truly powerful and transformational. Seeing, flagging, and helping mitigate a live fraud ring in Crypto ATMs directly affecting Credit Union customers in November 2024 was one of our proud moments so far.
We are very excited to add more to the Consortium, such as a bank account/routing number number Consortium that will be used to identify fraudulent payment destinations in the instance of Scams, as well as to keep deepening the insights we get from our customers and enriching them, as we build out solutions like device intelligence in our overall platform.
Best part of all this is that our Fraud Consortium is free to join. Simply a give to get model. Join us today!
Subscribe to our Blog!
Please fill out the form below:
