Is your pursuit of frictionless conversion letting fraudsters in?
In the constant endeavour for a seamless, frictionless, painless customer conversion through remote identity verification and authentication, when do you question if you have gone too far?
As an industry we are often speaking with customers who view abandoned sign-ups as losses. In the age of deepfakes, we can expect MORE fraudulent applicants, so will the business analysts be agonising over increasing imagined losses or counting the bullets dodged? Where does 100% conversion with zero friction lead you?
Over the last few days, team Inverid got together, and the conversation turned to the real-world effectiveness of remote identity verification. In this context effectiveness is defined as the balance of speed/cost and simplicity and security of verification processes in the marketplace.
Part of that discussion centred around the demand and supply of solutions promising, yet not necessarily delivering, the most efficient conversion rates. Note a purposeful difference in terminology here, efficiency in the pursuit of speed or cost minimisation, is not the same as effectiveness. This will usually be described by marketing statement, such as “99% success rate”, “fastest”, “frictionless”; you get the drift. We’ve all seen it.
Now let me make it clear a great user experience is critical, not just for conversion but also to avoid a customer/user trying to find an alternative means of gaining access to your services, possibly through a less secure route. However, technology approaches and solutions that are biased to a “highest conversion” rate may be putting you at risk.
Time for an analogy.
You wake up tomorrow and head to the airport for a long-haul flight for your family’s once in a lifetime vacation. You arrive at the airport with plenty of time to clear security, fearing the friction that you know will stress you and your family. However, on arrival at the airport you see notices as you enter the Terminal building explaining a new seamless travel experience has been implemented, for your convenience.
The bag drop has changed. It’s a subtle change, you are now simply asked to present your ticket, answer a question that you do not pose a safety or security risk and your bags are accepted for travel. No confirmation of what was packed and by whom, no check on weight. After scanning your ticket and placing your bags on the conveyor belt, off they go, into the void. I’ll save the technicalities, but the void behind no longer has any Hold Baggage Screening in place, and the conveyor whisks your bags straight to the aircraft, via a waiting area that’s accessible to the public. The good news? Your bag drop only took 30 seconds instead of the usual 5 minutes.
With your bags dropped you and the family head to the security search area, only to find it’s gone. No more checking passports for border control or ticket presentation. No more metal detectors, millimetre wave, x-ray or computed tomography screening. Just a short unhindered walk from bag drop to the hindered meandering walk through Duty Free (yes, that’s definitely staying – there’s no eliminating revenue opportunity!).
Amazing. That’s just saved you a further 30 minutes.
You’re now sat at the gate waiting to board your flight, wondering what manner of world you have woken up to. You may be wondering if this is some sort of Black Mirror episode.
You ask ChatGPT whether it is okay for all the checks to have been removed. Apparently, the regulatory powers-that-be decided simply asking a question and getting a self-declaration when you drop your bags off meets compliance. Pondering just how seamless and frictionless that experience was, the call to board your flight comes over the public address and it dawns on you, frictionless it may have been, but has the aviation security compliance been dialled down too far? Let’s assume for a moment world peace hasn’t broken out, neither has a global all-pervasive new summer of love erupted overnight; would you in your right mind board that aircraft with passengers, crew, and baggage that has not been subjected to any tested and audited security checks? You are a braver person than I if you can truthfully answer yes.
There is a point where frictionless processes in a security regime can go too far.
In the airport analogy, one bad “account sign up” affects the safety of many innocent parties in a catastrophic event, whereas several bad actors in a bank causes the slow and steady ambient increase of fees charged to genuine users that must cover insurance costs and allows criminal enterprise to flourish – fraud is a tax we all pay in the end.
Pursuit of frictionless conversion in remote identity is perfectly understandable and desirable, we at Inverid live it, every day. However, this must not be at the expense of security; Sadly, many remote verification solutions are based on technology that can only deliver a probabilistic result. Meaning that security can be easily compromised by manipulating the false positive versus false negative fraud detection rates.
NFC document chip verification based on the global standard ICAO 9303 Machine Readable Travel Documents (MRTDs) gives you a deterministic, not probabilistic result. Properly implemented, it delivers uncompromising security while minimising friction to a level that’s just right for your customer experience.
There is a point where frictionless processes in a security regime can go too far.
So please take the time to ask yourself, not just at initial procurement and implementation, but also on an ongoing basis, whether the balance of speed/cost, simplicity and security has the right balance?
In this age of deepfakes, the vendor sales maths of future revenue lost due to abandoned sign up doesn’t add up – and it never did. You don’t WANT 100% conversion – in fact, the reality is you should already be turning away many more false customers.
It’s time to stop asking for Frictionless Conversion and start demanding Fraudless Conversion.
