Why Reducing Customer Friction Does Not Increase Fraud

Mobile and online banking have redefined user experience expectations for most customers. None more than millennials and Generation Z users who expect instant gratification, especially in digital channels and transactions.

There are roughly 75 million millennials in the United States, and roughly 65 million Gen Zers. One report estimates that Gen Zers will account for 40 percent of all consumers in the U.S. by 2020.

The wholesale push by banks to eliminate friction has by and large not contributed to greater fraud at every stage of the customer lifecycle. This can be attributed to important advancements in digital identity authentication. It has, however, backed fraudsters into a corner where the window of opportunity is much smaller. More on that later.

One of the primary reasons why less friction has not led to more online fraud is the use of biometric authentication methods (facial and fingerprints). With the heavy lifting already provided by device manufacturers, bank application developers can easily plug a simple restful API into their application workflows. These unobtrusive security capabilities have enhanced the user experience while significantly reducing friction and fraud. They are also relegating passwords and knowledge based authentication (KBA) to the background where they rightfully belong.

Meanwhile, a new web standard, known as FIDO2, is poised to bring these same friction-less authentication capabilities to the web channel. FIDO2 is comprised of the W3C’s Web Authentication specification and the corresponding Client to Authenticator Protocol (CTAP) from the FIDO Alliance.

FIDO2-compatible mobile and desktop browsers will enable users to transparently authenticate to online services in a variety of ways including password-less, second-factor and multifactor for the highest levels of assurance. Password-only logins will be replaced with embedded biometrics such as facial and fingerprint recognition, iris scans and/or portable security keys.

So while these advanced authentication mechanisms dramatically reduce friction and the risk of fraud, their chain of trust is predicated on accurate identity verification at the account opening or service enrollment stage. Otherwise, even the most sophisticated biometric or multi-factor authentication method cannot prevent fraud.

Due to these advances in authentication for known users, identity verification of new customers has emerged as the new fraud battleground in digital banking. Addressing the challenge of closing this remaining window requires the same type of innovation and infrastructure that has been developed for mobile authentication and is coming to web browsers.

For example, traditional approaches used for identity verification, such knowledge-based authentication (KBA) do not provide reliable fraud detection and often add friction to the application process which can frustrate and even deter applicants. For example, KBA typically asks the applicant to answer several so-called out-of wallet questions to prove their identity. However, the answers to these questions can often be found online via a search of public information sources or are for purchase on the dark web after being harvested in one of the countless data breaches that have occurred in the U.S. over the past several years.

Instead, users have come to expect the same “low level of friction” in new account opening that they are accustomed to when authenticating to their existing accounts. Providing the seamless experience requires new capabilities that do not force the applicant to supply onerous amounts of personal identification information (PII) and can ascertain the veracity of their identity from their digital breadcrumbs.

Fortunately, advances in artificial intelligence (AI) are making it possible to source live digital data and correlate thousands of data online and offline data points in real time to create a holistic, accurate customer identity model. From these digital breadcrumbs, a score can be calculated to enable businesses to make very high probability decisions about an applicant's identity and fraud risk.

These type of technological innovations are achieving reliability levels that match or even exceed the ability of human fraud analysts to approve applicants — and in the process are relegating KBA to the background for good.