The opportunities of identity management

Identity management is often seen as a compliance-driven activity in the pensions industry. However, organisations can reap many benefits by understanding the opportunities unlocked by good identity management.

National Pension Tracing Day, which is fast approaching this month, on the 29 October, demonstrates the significance of lost or forgotten pensions, with an estimated 2.8 million such cases[1].

Traditionally, identity verification occurs during transfer. Conducting this earlier in the lifecycle and implementing strong authentication mechanisms can reduce the number of lost pensions.

By enabling alternative methods of contact and engagement through early proofing and authentication, providers minimise losses and more savers can access and manage vital life savings.

Fraud poses significant risks to individuals’ life savings and pension funds. Pension scams have cost victims over £26.4 million between 2020-22 alone[2]. However, with £26.6 billion in unclaimed, dormant, or lost pension plans (up £7 billion in just four years[3]) the impacts are likely far greater than reported.

The rigour pensions dashboards will introduce regarding identity management could increase risk for providers via their direct channels. If these don’t apply the same level of protection, bad actors will move towards the weakest point of entry.

Previously the pensions industry has lagged in this arena, as noted by Kim Gubler, director and chair of PASA. “From a digital and technological perspective, the pensions industry is very behind the curve. Even though we talk about scams and fraud, until now, we’ve been largely protected from wide-scale digital fraud. That’s about to change as the industry begins to embrace digital transformation.”[4]

Savers’ engagement with pensions, while historically low, is showing signs of positive change. As noted by McKinsey[5], the responsibility for retirement saving has shifted toward individuals. Further, research shows Gen Z and Millennials are engaging with their pensions — particularly Gen Z (only 23% are unaware of their savings amount[6]).

Both generations display more investment activity than other age groups, with boosting retirement funds a key motivation for seeking investment opportunities[7].

This, combined with the increased touchpoints via technology-led engagements could increase overall risk to providers. This needs to be mitigated and balanced against savers’ experiences; which have the power to determine their future investment choices.

Identity management: getting started

When preparing effective identity management practices, it’s crucial to gain a comprehensive understanding of the potential risks associated with individuals misrepresenting their identities. This serves as the foundation for determining the level of identity assurance required to mitigate these risks. 

This risk analysis shouldn’t solely focus on the most used customer journey or ‘happy path.’ It should consider scenarios where these cannot be followed. With this approach, organisations can ensure inclusivity in their processes while safeguarding against vulnerabilities open to exploitation by malicious actors.

What elements make for good identity management?

As outlined in the OIX guide to Identity Proofing and Authentication[8], there are four fundamental elements to consider:

1. Gathering accurate evidence

Obtaining accurate and reliable evidence from individuals is crucial. While employers complete right to work checks, assuming accuracy of all provided information can be a critical oversight.

Providers should diligently verify the completeness of received information, allowing for potential employer corrections. Ensuring accurate information at the point of issuance builds a foundation for reliable future use.

2. Establishing trust in provided evidence:

It’s crucial to establish trust in the information provided by confirming its validity and verifying the identity belongs to the person claiming it. This step should also ascertain the identity is not being claimed fraudulently.

There are several methods which can be used to assure identities; the most effective approaches layer identity assurance and fraud-based checks.

3. Establishing trust in users

Once proof of identity is established, it’s important to establish trust. Setting up authenticators adds layers of protection when savers return for further interactions and serves as a reliable communication channel addressing future contact challenges arising from life events. 

4. User re-authentication, maintaining contact with trusted users:

Managing disparate saver data poses one of the largest challenges for pension providers. The level of trust required, based on the event, should dictate the most appropriate authentication methods. This can enable ongoing or active monitoring, whereby pension providers stay updated on changes regarding savers’ personal and contact information.

By providing secure authentication these changes can be verified by the user and updated for them. These updates allow for lower-risk interactions with savers while increasing satisfaction levels and building brand loyalty.

Viewing identity management under a different lens holds promise as a solution to address the challenges faced by the pension industry today. By introducing identity management into the early stages of the relationships with savers, we can gather accurate evidence and establish trust both in the provided evidence and users themselves. 

Zoe Horsfield is chair of the PASA Identity Management Working Group

 

[1]https://nationalpensiontracingday.co.uk/

[2]https://www.professionalpensions.com/news/4124386/pension-scams-cost-members-gbp26m-recent#:~:text=The%20cost%20of%20pension%20scams,to%20members%20is%20%C2%A316%2C500.

[3]https://www.pensionspolicyinstitute.org.uk/sponsor-research/research-reports/2022/2022-10-27-briefing-note-134-lost-pensions-2022-what-s-the-scale-and-impact/

[4]https://risk.lexisnexis.co.uk/insights-resources/white-paper/digital-pensions-fraud

[5]https://www.mckinsey.com/industries/financial-services/our-insights/capturing-growth-in-the-evolving-uk-savings-and-retirement-market

[6]https://www.pensionbee.com/next-generation-of-retirees-report

[7]https://techround.co.uk/news/gen-z-and-milennials-more-likely-to-invest/

[8]https://openidentityexchange.org/networks/87/item.html?id=386 “OIX Guide to Identity Proofing and Authentication” 2020