Can you imagine going a day without going online? No email, no social media, no silly cat videos, no 24-hour news cycle…it seems almost impossible because we spend our lives connected to the internet. In fact, the average number of hours that users go online has reached a new high at 23.6 hours per week, according to a report by the Center for Digital Future at USC Annenberg. That’s almost one full day per week spent online, and it’s also more than double the 9.4 hours reported in 2000, according to the report, a time when internet usage was already the norm. U.S. mobile device usage (on smartphones and tablets) has also increased dramatically in recent years, going from 0.3 hours per day spent with digital media in 2008 to 3.3 hours per day in 2017, according to the Kleiner Perkins 2018 Internet Trends report.
In alignment with this increase in internet usage, companies from Google to Uber and Airbnb have redefined what we expect from a user experience. We now expect the online experience to be simple, intuitive, mobile-optimized and fast, and we’re increasingly frustrated by any experience that does not deliver a speedy and streamlined experience (like being able to use your smartphone to summon an Uber driver in a matter of a few seconds).
But, it’s not all about speed and ease of use. As we’ve learned through high-profile data breaches, there are risks to life on the internet. Personal information from these breaches can be easily bought and sold on the dark web by fraudsters, in addition to the answers for the knowledge-based questions (KBA), which means that fraudsters can easily get around traditional forms of identity verification. And thanks to man-in-the-middle attacks, man-in-the-browser exploits and social engineering, SMS-based two-factor authentication (2FA) has become vulnerable and is no longer endorsed by the National Institute of Standards & Technology.
It is because of these data breaches and the threat of cybercriminals lurking around every corner of the dark web that trust is in increasingly short supply. In response, businesses across all verticals must employ stronger methods of authentication to verify new online users. This means organizations are often forced to add steps (translation: more friction) to the sign-up process.
How do businesses find that sweet spot where they’re able to let the legitimate customers in while keeping the fraudulent ones out?
It’s a delicate balancing act between friction and the user experience. On one side, prioritizing fraud detection adds incremental friction to attain higher levels of identity assurance. If you have too much friction, conversion rates drop off and you’re left with disenfranchised prospects. On the other side, focusing on conversions often means reducing the friction during the account creation process. This translates to lower levels of assurance and fraud detection, which means more bad actors access (and pollute) your organization’s ecosystem.
The illustration above depicts the tradeoffs organizations have to make when establishing the genuine digital identity of their customers.
- The Disenfranchised: These are the folks that your organization drives to a branch office to create an account. Most people just won’t do it — they will take a pass and move to a bank where they can create an account online.
- Fraudster Heaven: If you do a poor job of fraud detection and you make the experience clunky, you may end up with a disproportionate number of fraudsters because they’re the ones willing to go through the extra hassle of creating an account because of the possible ill-begotten gains that can be tapped once they’re let in.
- Nirvana: This is obviously the ideal where you have managed to make it easy for your good customers to create online accounts without too much grief, but you’ve built in enough intelligent friction to keep the bad seeds out.
- Polluted Ecosystem: If you effectively let everyone into your tent, you’re just asking for trouble. These are online websites that offer little to no barriers to entry (like many online dating sites) — if you can fog a mirror, you can create an online account. But, that opens up the entire ecosystem to potential fraudsters and scammers.
The best way to separate the wheat from the chaff is through intelligent friction — applying the right amount of friction when enough fraud signals are triggered.
There are a couple key ways the right identity verification solution can introduce intelligent friction while building customer trust and delivering a positive engagement experience, thus enabling organizations to win new customers without compromising the safety of their ecosystems.
Identity verification solutions should defend against fraud, plain and simple. Robust solutions understand the fraud signals that would call for intelligent friction. For example, if someone tries to create a new U.S. banking account from Romania at 2 a.m. and uploads a photo of their ID instead of using a smartphone-based solution to take a real-time scan of the ID, this might trigger a step-up identity authentication. Just the act of demanding a selfie during the identity verification process is a form of intelligent friction and has a chilling effect on a would-be fraudster who would prefer not to have their likeness defrauded by the company they’re attempting to defraud.
Biometrics-based liveness detection technology is another form of intelligent friction offered by robust online identity verification solutions to better thwart fraudsters who are increasingly using spoofing attacks to acquire someone else’s privileges or access rights. They do this by using a photo, video or a different substitute for an authorized person’s face. Scanning a 3D face with a standard 2D camera (like those built into most smartphones) ensures that the real customer is physically present and that they match the government-issued ID provided during the onboarding process.
In addition to protecting against fraud, intelligent friction also means not making the onboarding process too onerous for new customers. It’s a sliding scale — you want to let your good customers through with the least amount of friction. But, at the same time, your verification solution should introduce more friction when more fraud signals are present. This means limiting the number of screens that a customer needs to complete, providing clear rationale why and how you’re verifying your customers, and providing real-time feedback to users if, for example, they provide a blurry, out-of-frame, or poorly-lit image of their ID document or selfie. Don’t make the process unnecessarily complicated, thus adding friction that could deter legitimate customers from completing the account-opening process.
Modern online identity verification solutions provide the checks and balances necessary to increase conversions and reduce abandonment rates while protecting an organization’s ecosystem. The right ones also know when and how to apply intelligent friction in order to properly vet new customers and confidently let the right ones in.