You’re fed up with fraud, tired of customer complaints, but don’t want to invest in expensive, clumsy, and time consuming manual processes that test the patience of your tech-savvy customers. Online identity verification is to be the way forward but you’re not sure which direction to take. There are the tried and tested methods which have been around for years and the new kids on the block making bold claims. Who to choose and why? We take a look at three big-hitters of the identity verification and authentication world to see how they stack up against each other.
Knowledge-Based Authentication (KBA)
The simple premise of KBA is that a user is asked questions that only he or she knows the answers to, thereby proving their identity. Static KBA, used for re-authentication, asks questions which were defined by the user when signing up. Dynamic KBA, which asks random real-time questions from public and private databases such as credit agencies, allows companies to use this protocol to verify identities during new customer onboarding as the personal identifiable information (PII) is “secret” and the questions are not pre-determined. When due care is taken in selecting the types of questions, with adequate historical depth and from secure sources, KBA is seen as a robust method.
However, as illustrated by the many publicized data breaches and hacks of ‘secure’ databases in recent years, your private information is only as safe as the houses storing them. From the Equifax breach of 2017 where the sensitive PII of 143 million Americans was accessed, to the mind-boggling 3 billion Yahoo accounts that were exposed in 2013, it raises the question of how secure this verification method is. If these centralized databases, honeypots for the modern hacker, are at risk and potentially hacked, your once secure business will have a systemic breach.
Two Factor Authentication
By asking you to prove access to an owned device, account, or token, two-factor authentication is a widely used protocol, most commonly applied to re-authentication. An example of this is when providing a code from secondary authentication token or fob which only you have access to, and which can also be password protected. But there is is the question of convenience. What if you don’t have your token on you, or have perhaps lost it, or forgotten its password? As smooth and friction-free process, these can prove less than ideal and at worst frustrating.
The most common method for both re-authentication and new customer identity verification is the SMS protocol. Here, users are asked to provide their mobile telephone number to which the business, through partnerships with mobile operators or third parties, send a verification code via SMS. Entering the code proves you are holding the telephone, own the telephone account and can be linked to the underlying credentials. The method is easy to integrate and easy to use. It is also becoming one of the least secure. The method simply hasn’t evolved as fast as the hacker’s ability to spoof SIM cards or intercept the encrypted messages. The risks with SMS verification even moved the National Institute of Standards and Technology (NIST) in the US to recommend it be used less.
Digital Identity Verification
And so to the upstarts of the industry – digital identity verification. With advancements in machine learning, AI and computer vision, this field has sprung on to the scene with much fanfare. The key difference with this solution is that it doesn’t rely on any third party but instead goes straight to the source, and verifies the person themselves. The capabilities are most powerful for the trickier new customer onboarding use case, but can also be used for re-authentication.
Through the eyes of mobile and desktop cameras, the meticulously trained software verifies the authenticity of government-approved ID documents, checking for forgery attempts and the presence of security features in the more advanced solutions. As a next step, these solutions compare the ID photo with a video selfie, complete with a liveness check to protect against fraudsters wearing a mask or simply holding up a photo. There are no databases to hack and no authentication codes to intercept, it’s a real-time shoot-out between smart tech and old-school fraud where the fraudster needs to pass the double-gauntlet of ID and identity authentication.
Some feel that it is too invasive, or too personal asking for a selfie. Ask that to the selfie-stick wielding generation of today – have no doubt, millennials take to this like a duck to water. Not to forget, the selfie component alone is often enough to scare off the lower tier of fraudsters. Other detractors say that the technology has a long way to go, and fraudsters will catch up. However, being part of the highly invested AI and machine learning disciplines gives it a long development runway and potential to continuously improve. Even if it does have some way to go, it is already enabling new capabilities – to securely verify the identity of new customers without needing them to be physically present, thereby driving leaner business models and faster time to revenue generation. That’s not a bad start.
For many industries, from financial services and telco’s to various age-restricted products and services, identity verification is a legal obligation. For others, as with the sharing economy and e-retailers, it’s simply a good idea in order to protect their business and customers from ever increasing levels of identity fraud. In both cases, marketeers face the same challenges to attract new customers and rightly obsess over their onboarding and registration process with the goal of maximizing conversions. In today’s world of insta-everything, these processes need to be fast and friction free, and are the crucial first contact between customer and service provider.
Security checks therefore seem to fly in the face of customer onboarding common sense, and certainly not something for fickle, impatient, online shoppers. It’s no surprise then that many online business owners hesitate before implementing identity verification measures. However, with identity fraud at all-time highs, now is not the time to cut security. Onboarding processes which focus solely on conversions at the expense of security expose the business to malicious online fraudsters. The delicate balancing act between security and conversions is a valid concern, but with a few smart integration strategies and new tech solutions, identity verification doesn’t need to be a conversion killer.
Timing in life is everything
We all know the importance of making a good first impression, the same is true of any brand or business. Asking for proof of identity in step one, before convincing customers of the value you deliver, could result in a false start. Instead, use all your marketing savvy to create that perfect introduction; engage, excite, convince. Once they are legitimately engaged with your product or service and wish to transact or interact with your platform, or have even gone as far as payment, ask them to verify their identity.
Rewards & incentives
Everyone likes free stuff. Using a small incentive to get them over a slight bump in an otherwise smooth onboarding process can be an easy win. A small jump in conversions can deliver huge financial returns over a customer’s lifetime value and so a small gesture upfront wouldn’t be money down the drain. But the rewards need not only be financial. Perhaps its access to certain features, or a special accreditation on their profile, there are numerous way to pull rather than push your customer through this stage of onboarding.
Educate & inform
Identity fraud has become so pervasive that most people are well aware of the subject. Business can use this awareness to their benefit by acting as a guardian, rather than a bouncer, and in doing so earn brownie points and build brand trust. Instead of asking for identity credentials without qualification, explain why. In an age where companies are being publicly exposed for breaches of trust, an opportunity to be seen as the protector presents itself. Showing that you are acting in their best interest can turn a new customer into a fan.
Use the latest digital identity verification solutions
Digital identity verification has matured from a functional, technical capability, to a holistic user oriented experience. Service providers know that onboarding is a sensitive subject for their clients and so package powerful tech into user-centric software solutions. Scanning identity documents with mobile or desktop cameras, followed by a video selfie in order to ensure that the ID belongs to the user, is done in seconds through intuitive identity verification platforms such as Daego by PXL Vision. If you are serious about low friction onboarding, opt for solutions which include functionalities such as zero-interaction liveness checks and automatic ID document detection, emphasizing automation and intuitiveness. By using specialized services as opposed to cumbersome in-house developments the business can focus on what is does best.
The shared economy business model has been with us for many years now, with the likes of Airbnb and Uber being the largest examples of how successful and disruptive these business models can become. While their journeys, and others like them, have been impressive, the road has not been without its twists and turns. The effects of fraud, theft, and damage to goods and property, perpetrated by strangers with an unverified user account or identity, can have serious impacts to the business and individuals within their ecosystem. With identity fraud at record highs, reaching 16.7 million cases in the US alone according to recent numbers from Javelin strategy, shared economy businesses that fail to establish methods to verify the identity of their users could face challenges of their own.
Trust & Customer confidence
Trust is hard to build but easy to break, and is the cornerstone of shared economy marketplaces. Many traditional businesses are obsessive about creating a trusted product, service or brand, however, this is intrinsically more challenging in the shared economy as companies reply on unknown third parties to deliver on the promise printed on their shop window. Conventional business would balk at the idea of an unvetted person or supplier representing their brand, yet this is precisely the dynamic for many shared economy businesses without identity verification measures in place.
Ratings and reviews are a step in the right direction towards building trust, but with the rise of chatbots and fake reviews these risk being as questionable as the underlying unidentified user. While some would argue that businesses cannot be held responsible for all fraudulent activity on their platforms, those that distance themselves from these failures without taking a degree of ownership, or pass the risk on to their customers with the caveat, “We cannot confirm each members identity”, are taking the easy road and will ultimately pay the price as customers favor more trusted platforms. In fact, a recent report by Experian showed that 66% of surveyed consumers actually like security protocols when they interact online as it makes them feel protected. Just as brick and mortar business introduce more services and customer protection to win the retail battle, the shared economy will be vying for loyalty by putting the needs of the customer first. Trust is a key battle ground.
Fraud, not frequent but costly
One of the key strengths of the shared economy business model is its ability to generate value, to both customer and business, at a relatively low cost. Whether it be by sweating an owned asset or utilizing idle assets of third parties, capital is used very effectively. If efficiency is the name of the game, fraud costs are the outlier. It may not happen frequently, but when it does it can become a very costly affair. Elaborate scams by fraudsters who are emboldened by the cloak of online anonymity can very quickly siphon vast amounts of value from the business or members through deceit, damage or theft. Companies who support the victims of fraud take on this financial burden or pay the price in insurance premiums. Those who don’t have lost a community member and this source of value, further to reputational damage. Either way, if the business becomes notorious for its lack of security or oversight, it risks becoming a honeypot for online criminals, accelerating the problem.
Digital Identity Verification: The trust enabler
Thankfully, with new emerging technologies it often doesn’t take much to deter fraud and the costs associated with it. Simple digital identity verification solutions are available which are fast, secure, and non-intrusive. By simply scanning ID documents and comparing a video selfie from the user, the authenticity of ID documents, and whether they belong to the person submitting them, can be verified instantly. Knowing that this is a requirement is often enough to prevent fraudsters from entering the ecosystem – commit a crime with your ID and face in full view? Those who are not deterred and try to enter with forged or stolen documents still need to pass the gauntlet of trained identity verification tech, complete with advanced fraud capture capabilities such as liveness detection, the ability to detect whether the video selfie was recorded by a live person versus a recording, or whether a person is holding up a still image or wearing a mask. Simple yet powerful identity verification services such as Daego by PXL Vision not only reduce the instances of fraud and the costs related to them, but are available as cost effective SaaS products which make implementation and ongoing operation compatible to the lean, green business model of the shared economy.