The OIX/TISA Fraud Control Working Group aims to identify the required Fraud Controls that should be put in place by IdPs, RPs and the TISA Digital ID Scheme itself in order to protect users and RPs against Identity Fraud.  This will be across the whole Digital ID ecosystem and not limited to Financial Services.

In Scope:

• Requirements for:​
• Consumers
• IdPs​
• RPs​
• Scheme / ID Broker​
• Type of fraud: Identity Fraud – including ID theft, mulingand synthetic IDs. ​
• Points in process:​
• Fraud at point of registration​
• Account takeover​
• Fraud at point of logon​
• Data to be assessed: user provided PII, user provided data for ID validation and verification, ID Risk indicators, meta-data about the transaction.​

Deliverables:

1. Fraud Risk Assessment and Controls Design

• An ID fraud risk assessment and recommendations for mitigating actions and processes. Including recognised residual risk​
• A high-level fraud controls design for the ecosystem, showing the logical components and roles of each party. ​

1. A requirements and processes document that can be used as part of the Trust Scheme that fully describes the fraud controls required, the obligations on each party, and the processes to be followed. ​

Next Steps:

• For the for the following use cases, map the journey and identify fraud risk threats at each stage of the journey:
  • Onboarding
  • Asserting (log-in/reuse of Digital ID)
  • Managing (change of address, etc)
• These journeys are to be split into the following swim lanes:
  • Consumer
  • Relying Party
  • ID broker
  • IDP
  • Identity evidence issuer
• Risks will then be modelled and mitigations developed within and across swim lanes.

If you’re interested in joining this Working Group, please email stephanie.meli@openidentityexchange.org