Skip to Main Content

Fraud Starts With Identity—So Should Your Defenses

Fraudsters can’t steal what they can’t fake. That’s the core idea behind Peter Carroll’s recent piece in The RMA Journal, which lays out why improving digital identity practices—especially at onboarding and login—can significantly strengthen your bank’s fraud defenses. 

Target the Right Touchpoints 

According to Carroll, partner at Oliver Wyman, most customer-side fraud—synthetic IDs, account takeovers, card fraud, and person-to-person scams—hinges on manipulating or hijacking identity. That makes identity verification critical at three key points: account opening, login, and transaction authorization. 

At onboarding, banks need to collect and verify identity elements that can be cross-checked—without frustrating applicants. “Optimizing the degree of verification while maintaining a comfortable user experience is critical,” Carroll writes. Balancing anti-money-laundering rules with fraud prevention requires thoughtful design and smarter risk models. 

At login, most U.S. banks still rely on usernames and passwords (UNPW)—a system Carroll calls “weak,” noting that “compromised credentials are still the most frequent source of internal hacks and breaches.” Even two-factor authentication isn’t always enough. Instead, Carroll urges a shift to passwordless login approaches that tie authentication directly to the verified identity established at onboarding. 

Shift From Defense to Prevention 

Right now, transaction-stage fraud defenses mostly rely on risk models that don’t reverify identity. But if you’ve locked down onboarding and login, you’ve already eliminated the majority of bad actors before they even try to transact. That lets transaction-stage risk models zero in on edge cases like first-party fraud or card takeovers. 

Take Advantage of What’s Available 

Carroll outlines several tools that can help banks strengthen digital identity without degrading the customer experience: 

  • Cross-verification of identity credentials from global sources 
  • Digital identity wallets and reusable credentials 
  • Passwordless logins using biometrics like facial scans or fingerprint readers 
  • Identity-based authentication tied directly to verified onboarding data 

The result? “Far lower” chances of fraudulent access—and better fraud modeling overall. 

Bottom line: It’s not just fraud protection—it’s fraud prevention, and it starts with knowing who you’re really dealing with. “A focus on improved digital identity, driven from the C-suite,” Carroll writes, “can deliver big improvements in banks’ bottom lines.”  

Want more? Watch Carroll in the recent Risk Readiness webcast “Fraud, Digital Identity, and Bank Profit.