Any business active online will admit that it is always difficult to balance security with user experience.
Part of online security involves Know-Your-Customer (KYC) checks, which can protect you from digital fraud and reduce the risk of chargebacks.
In their simplest form, these allow you to get a good idea of who your customer really is, eliminating fraudsters and other bad actors. For some types of businesses, KYC checks are required by law, to minimize the impact of fraud and money laundering on the economy.
While KYC is an important feature of any effective fraud prevention strategy, the downside is that legitimate customers experience friction. KYC can take the form of two-factor authentication (2FA) or heavier IDV (Identity Verification) checks, such as verifying a form of government-issued photographic ID. Both can weigh down the customer journey and even cause them to drop out of their session altogether, sometimes turning to a competitor that offers less friction (but could therefore be more risky).
But not all users need to go through cumbersome KYC checks during a transaction or login. Dynamic friction is a useful tool that allows us to monitor which customers have reason to undergo KYC checks and how rigid these should be. Let’s take a closer look.
KYC Friction and Cart Abandonment
According to cart abandonment figures published by Baymard, 69.82% of shoppers will eventually abandon their cart, including 17% because the checkout process took too long. As a Hyperion white paper also revealed, 25% of apps in the UK are abandoned due to friction associated with KYC. As it is important to have strong defenses, figuring out how to deal with customer experience issues inflicted by KYC checks becomes a problem for most e-commerce businesses.
Businesses looking to ensure that the customer experience is as optimized as possible while protecting against fraud can look to dynamic friction for a solution. What this does is put in place more rigid defenses for suspect customers, while keeping friction to a minimum for proven customers. So how do you know when it’s good to deploy extra friction?
What is dynamic friction?
As a business, you may be considering refining your checkout flow. The 12 suggestions for a Shopify-optimized checkout process include steps that clearly minimize friction, like allowing guest checkout and reducing form fields. But, implemented without security concerns, these can also cause more fraudsters to fall through the cracks, to the detriment of the bottom line.
Dynamic friction can help flag potentially fraudulent accounts before they even hit checkout. Instead of subjecting all customers to KYC-related friction during a transaction, a good fraud prevention tool can help us draw conclusions from similar data points that customers provide on their own. . What do they provide? Their email address and phone number, for example, as well as easy-to-find information such as their web browser, IP address, hardware configuration, etc.
This is basically a background check. The combination of these data points provides a risk score for each customer. From there, obvious scammers will be blocked outright, while suspicious customers with a medium risk score will experience additional friction compared to a good customer with a low risk score. The latter will benefit from a frictionless purchase journey, subject to the minimum number of checks a merchant is willing to implement.
Data enrichment and its role in dynamic friction
In order to understand how dynamic friction unfolds, it helps to be familiar with pre-KYC data enrichment. Data enrichment helps you learn as much as possible about a customer before you even have to think about introducing KYC checks.
Indeed, each time someone uses your website or registers an account with you, they provide a series of information such as their IP address, email address and certain hardware and software information, such as than the device or browser of their choice.
From these simple data points, data enrichment tools look for additional information related to them. For example, data enrichment may also provide information about social media accounts, if any, that are linked to an email address or phone number that a customer used to create an account with. from you. SEON’s reverse phone lookup tool, in particular, can help you determine if a phone number is disposable and linked to the history of any social media account. It can also tell you if it’s a real number, the country of the operator and if it’s registered with messaging apps.
As many scammers use a disposable phone number, this is an important warning signal. Because it works in real time before any KYC checks, reverse email and phone lookup provides another data point for a user’s overall risk score.
An overall risk score based on these pre-KYC data points can allow you to deploy dynamic friction. As we have seen, buyers with a low risk score will probably not need additional identity checks, unlike a suspicious user with a higher risk score.
Step-by-step detail of how dynamic friction works
Dynamic friction works much like a traffic light system, in which:
– Green would be a good user (allowing them to go through transactions or connections without any friction or just any friction that might be legally required).
– Amber would be a suspicious user, where you implement additional checks to get more information, thus using heavier KYC or even manual review.
– Red is a clearly suspicious user, which you can automatically block.
The higher the risk score, the more likely a user is to be flagged as fraudulent. However, users don’t tend to get flagged for a reason. Overall, they are flagged as fraudulent when their risk score exceeds the threshold defined on the fraud detection platform used. For example, a number of points can be added when a user accesses your website using a Tor browser, disposable email address, or web proxy. Each of these elements will add up. Clients who do not exhibit such behavior or who have very few risk factors will have a much lower risk score.
Let’s take a step-by-step look at dynamic friction:
1) The customer registers an account with your online store and in doing so provides information such as their email, phone number and IP address – as well as their device, if using a web proxy, whether cookies are enabled, etc.
2) Based on these pre-KYC data points and enriching some of them, fraud detection and prevention software can determine a risk score for each user.
3) In real time, your anti-fraud software can decide how much friction to introduce into a customer’s transaction or login experience, based on how suspicious that information is.
4) Non-suspicious digital fingerprints will have, for example, an IP geolocation that matches their payment card information and a long history of social media accounts connected to an email or phone address. If they turn out to be a “good” user, you can let them complete your transaction or login process without too much friction, for example, no additional checks if they are simply an online transaction, or mandatory KYC if you are a neobank.
5) On the other hand, if the user is clearly fraudulent, he can block it. For example, they may have a very high risk score – and therefore be considered clearly fraudulent – if they use a Tor browser.
6) If you are unsure whether a user is suspicious or not, you can include heavy checks (like government-issued photo ID, 2FA, or a phone call with the customer support team), introducing thus a certain degree of friction. This added friction allows you to hold the user back until you have enough information from them to help you decide if they are a legitimate customer. While this slows down the customer experience, it will also help keep a business safe if it is initially unclear whether a user is fraudulent or not. One thing to note is that these suspicious individuals are usually downright stuck if there is no dynamic friction. So, by marking them as “amber” in our traffic light system, we can eliminate false positives where a legitimate good user has a suspicious risk score for other reasons. These sales are not lost and the business is in a better position to grow.
Who does dynamic friction help?
As Dynamic Pre-KYC Friction involves a data-enriched background check that occurs before a transaction or login process, allowing you to customize the amount of friction during the customer experience, it is useful for online stores and other online services to stay safe without turning away good customers.
After all, KYC is expensive on its own: again according to the Hyperion white paper on EU directives mentioned above, individual KYC checks can cost between $13 and $130 depending on the type of KYC check. If you do a lot of KYC checks, it can add up and cost you more money than it’s worth.
Dynamic Friction comes to the rescue, providing a balance between customers having a pleasant journey through the transaction process and ensuring you’re protected from fraudsters along the way. In a nutshell, dynamic friction stops fraudsters completely, while enabling a frictionless experience for your legitimate users with a low risk score. This means that low-risk customers don’t feel like criminals and it optimizes their customer experience.
About the Author
Gergo Varga has been fighting online fraud since 2009 at various companies – he even co-founded his own anti-fraud startup. He is the author of The Dummies’ Guide to Fraud Prevention – SEON Special Edition. He currently works as an evangelist at SEON, using his industry knowledge to maintain sharp marketing, communicating between different departments to understand what is happening on the front lines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.
Featured Image: ©GreenButterfly