Understanding Fraud and Risk in Identity Decisioning
In today's digital landscape, managing fraud and risk in identity decisioning is crucial for businesses. Identity fraud is on the rise, which raises significant challenges for organizations that operate primarily online. Laura Spiekerman, co‑founder of Alloy and listed in public profiles as Alloy’s CRO and/or President, offers practical, market‑proven perspectives on strategies for tackling these challenges. She helped build Alloy’s go‑to‑market, revenue, and partnerships strategy and has spoken widely about company culture, risk, and scaling in fintech. Prior to Alloy she led business development and partnerships at an early payments startup and was the first hire at Kopo Kopo. Spiekerman has been profiled by Forbes Councils, AlleyWatch, and Medium.
This article expands on her approach to effective identity decisioning, exploring data strategy, authentication layers, real‑time monitoring, and organizational culture.
The Current Landscape of Identity Fraud
Identity fraud can take various forms, including account takeover, synthetic identity fraud, and application fraud. With advancements in technology, fraudsters have become more sophisticated, making traditional identity‑verification methods insufficient. Spiekerman emphasizes that businesses must develop a proactive approach to managing these risks to remain competitive and protect their customers.
- Account takeover occurs when a fraudster gains access to an existing account using stolen credentials.
- Synthetic identity fraud involves combining real and fake information to create a new identity that passes initial checks.
- Application fraud is when bad actors submit falsified or stolen information during onboarding or loan applications.
These threats demand layered, adaptable defenses rather than one‑size‑fits‑all solutions.
The Importance of Data
To effectively combat identity fraud, companies should leverage data strategically. Spiekerman advocates for a comprehensive understanding of customer data and points out that relying on only one source can lead to vulnerabilities. Using a myriad of data sources helps organizations verify identities more accurately and thoroughly.
Key elements of a robust data approach include:
- Aggregating signals from third‑party verification services, credit bureaus, device and network telemetry, and public records.
- Enriching those signals with internal behavioral data—how users interact with an app or service over time.
- Applying machine learning models to detect anomalies and patterns indicative of fraud while continuously retraining models to reflect evolving tactics.
By combining third‑party verification, machine learning, and behavioral biometrics, businesses can enhance their identity decisioning processes and reduce false positives that impede legitimate customers.
Multi‑Factor Authentication (MFA)
Spiekerman highlights implementation of multi‑factor authentication (MFA) as a crucial element. MFA adds layers of security beyond usernames and passwords, making it harder for fraudsters to gain unauthorized access. Well‑designed MFA balances security with user experience—using context to determine when stronger authentication is necessary and when friction can be minimized.
Best practices for MFA adoption include:
- Implementing risk‑based or adaptive MFA that increases authentication steps only when signals indicate elevated risk.
- Offering multiple authentication methods (SMS, authenticator apps, push notifications, hardware keys) to accommodate diverse user preferences.
- Ensuring fallback and recovery processes are secure so that legitimate users are not locked out or exposed to social engineering attacks.
Real‑time Monitoring and Analytics
Real‑time monitoring is another core recommendation. Fraud evolves quickly; detecting and responding in near real time reduces loss and limits abuse. Spiekerman stresses the importance of analytics pipelines that can ingest streaming data, score risk in milliseconds, and trigger appropriate actions—ranging from additional verification prompts to rejection or escalation to human review.
Combining automated decisioning with human oversight allows teams to handle edge cases, tune rules, and investigate emerging attack patterns. Observability into decision outcomes also helps measure the business impact of fraud controls and guides iterative improvements.
Building a Risk‑Aware Culture and Partnerships
Beyond technology, Spiekerman emphasizes the role of people and partnerships. Building a risk‑aware culture means cross‑functional collaboration between product, engineering, compliance, and revenue teams so fraud controls do not unnecessarily block growth. It also requires clear KPIs that balance conversion and fraud prevention.
Strategic partnerships—with data providers, fintech platforms, and industry peers—can broaden visibility into threat patterns and accelerate response capabilities. Spiekerman’s experience building go‑to‑market and partnerships strategies at Alloy underlines how external relationships complement internal controls.
Conclusion
Effectively managing fraud and risk in identity decisioning requires a multi‑layered approach: diverse and quality data, adaptive authentication, real‑time analytics, human oversight, and a cross‑company commitment to risk management. Laura Spiekerman’s practical guidance—rooted in both startup experience and leadership at Alloy—highlights how organizations can scale secure identity decisioning while maintaining a positive customer experience.