You’re fed up with fraud, tired of customer complaints, but don’t want to invest in expensive, clumsy, and time consuming manual processes that test the patience of your tech-savvy customers. Online identity verification is to be the way forward but you’re not sure which direction to take. There are the tried and tested methods which have been around for years and the new kids on the block making bold claims. Who to choose and why? We take a look at three big-hitters of the identity verification and authentication world to see how they stack up against each other.
Knowledge-Based Authentication (KBA)
The simple premise of KBA is that a user is asked questions that only he or she knows the answers to, thereby proving their identity. Static KBA, used for re-authentication, asks questions which were defined by the user when signing up. Dynamic KBA, which asks random real-time questions from public and private databases such as credit agencies, allows companies to use this protocol to verify identities during new customer onboarding as the personal identifiable information (PII) is “secret” and the questions are not pre-determined. When due care is taken in selecting the types of questions, with adequate historical depth and from secure sources, KBA is seen as a robust method.
However, as illustrated by the many publicized data breaches and hacks of ‘secure’ databases in recent years, your private information is only as safe as the houses storing them. From the Equifax breach of 2017 where the sensitive PII of 143 million Americans was accessed, to the mind-boggling 3 billion Yahoo accounts that were exposed in 2013, it raises the question of how secure this verification method is. If these centralized databases, honeypots for the modern hacker, are at risk and potentially hacked, your once secure business will have a systemic breach.
Two Factor Authentication
By asking you to prove access to an owned device, account, or token, two-factor authentication is a widely used protocol, most commonly applied to re-authentication. An example of this is when providing a code from secondary authentication token or fob which only you have access to, and which can also be password protected. But there is is the question of convenience. What if you don’t have your token on you, or have perhaps lost it, or forgotten its password? As smooth and friction-free process, these can prove less than ideal and at worst frustrating.
The most common method for both re-authentication and new customer identity verification is the SMS protocol. Here, users are asked to provide their mobile telephone number to which the business, through partnerships with mobile operators or third parties, send a verification code via SMS. Entering the code proves you are holding the telephone, own the telephone account and can be linked to the underlying credentials. The method is easy to integrate and easy to use. It is also becoming one of the least secure. The method simply hasn’t evolved as fast as the hacker’s ability to spoof SIM cards or intercept the encrypted messages. The risks with SMS verification even moved the National Institute of Standards and Technology (NIST) in the US to recommend it be used less.
Digital Identity Verification
And so to the upstarts of the industry – digital identity verification. With advancements in machine learning, AI and computer vision, this field has sprung on to the scene with much fanfare. The key difference with this solution is that it doesn’t rely on any third party but instead goes straight to the source, and verifies the person themselves. The capabilities are most powerful for the trickier new customer onboarding use case, but can also be used for re-authentication.
Through the eyes of mobile and desktop cameras, the meticulously trained software verifies the authenticity of government-approved ID documents, checking for forgery attempts and the presence of security features in the more advanced solutions. As a next step, these solutions compare the ID photo with a video selfie, complete with a liveness check to protect against fraudsters wearing a mask or simply holding up a photo. There are no databases to hack and no authentication codes to intercept, it’s a real-time shoot-out between smart tech and old-school fraud where the fraudster needs to pass the double-gauntlet of ID and identity authentication.
Some feel that it is too invasive, or too personal asking for a selfie. Ask that to the selfie-stick wielding generation of today – have no doubt, millennials take to this like a duck to water. Not to forget, the selfie component alone is often enough to scare off the lower tier of fraudsters. Other detractors say that the technology has a long way to go, and fraudsters will catch up. However, being part of the highly invested AI and machine learning disciplines gives it a long development runway and potential to continuously improve. Even if it does have some way to go, it is already enabling new capabilities – to securely verify the identity of new customers without needing them to be physically present, thereby driving leaner business models and faster time to revenue generation. That’s not a bad start.
For many industries, from financial services and telco’s to various age-restricted products and services, identity verification is a legal obligation. For others, as with the sharing economy and e-retailers, it’s simply a good idea in order to protect their business and customers from ever increasing levels of identity fraud. In both cases, marketeers face the same challenges to attract new customers and rightly obsess over their onboarding and registration process with the goal of maximizing conversions. In today’s world of insta-everything, these processes need to be fast and friction free, and are the crucial first contact between customer and service provider.
Security checks therefore seem to fly in the face of customer onboarding common sense, and certainly not something for fickle, impatient, online shoppers. It’s no surprise then that many online business owners hesitate before implementing identity verification measures. However, with identity fraud at all-time highs, now is not the time to cut security. Onboarding processes which focus solely on conversions at the expense of security expose the business to malicious online fraudsters. The delicate balancing act between security and conversions is a valid concern, but with a few smart integration strategies and new tech solutions, identity verification doesn’t need to be a conversion killer.
Timing in life is everything
We all know the importance of making a good first impression, the same is true of any brand or business. Asking for proof of identity in step one, before convincing customers of the value you deliver, could result in a false start. Instead, use all your marketing savvy to create that perfect introduction; engage, excite, convince. Once they are legitimately engaged with your product or service and wish to transact or interact with your platform, or have even gone as far as payment, ask them to verify their identity.
Rewards & incentives
Everyone likes free stuff. Using a small incentive to get them over a slight bump in an otherwise smooth onboarding process can be an easy win. A small jump in conversions can deliver huge financial returns over a customer’s lifetime value and so a small gesture upfront wouldn’t be money down the drain. But the rewards need not only be financial. Perhaps its access to certain features, or a special accreditation on their profile, there are numerous way to pull rather than push your customer through this stage of onboarding.
Educate & inform
Identity fraud has become so pervasive that most people are well aware of the subject. Business can use this awareness to their benefit by acting as a guardian, rather than a bouncer, and in doing so earn brownie points and build brand trust. Instead of asking for identity credentials without qualification, explain why. In an age where companies are being publicly exposed for breaches of trust, an opportunity to be seen as the protector presents itself. Showing that you are acting in their best interest can turn a new customer into a fan.
Use the latest digital identity verification solutions
Digital identity verification has matured from a functional, technical capability, to a holistic user oriented experience. Service providers know that onboarding is a sensitive subject for their clients and so package powerful tech into user-centric software solutions. Scanning identity documents with mobile or desktop cameras, followed by a video selfie in order to ensure that the ID belongs to the user, is done in seconds through intuitive identity verification platforms such as Daego by PXL Vision. If you are serious about low friction onboarding, opt for solutions which include functionalities such as zero-interaction liveness checks and automatic ID document detection, emphasizing automation and intuitiveness. By using specialized services as opposed to cumbersome in-house developments the business can focus on what is does best.