Close the Online Trust Gap With Identity Proofing

Written by

One major frustration that many people have experienced since the beginning of the pandemic is the “trust gap,” the discrepancy between the percentage of customers that companies can trust and greenlight immediately in-person vs. how many they can trust online.

Take a common process like opening a new bank account: while nearly 100% of in-person transactions could be approved assuming that applicants have the required information, similar new customers are much less likely to be approved for the same account in an online process.
Companies are subject to more fraud on remote channels, and have put in place more hurdles to approve transactions. Unfortunately, this causes friction for millions of good customers in an effort to catch a few fraudsters, hence the “trust gap.”

With the rise in remote transactions, there are several high-profile examples of potential fraud that expose the trust gap, and also provide insights for companies that are hoping to close it with better “identity-proofing.” This is the process of determining if someone exists, and if the applicant is truly that person, and if they are doing what they are supposed to be doing. 
Finding Identity Proofing Holes
Voter fraud has been the subject of many heated debates this political election season. University of Chicago professor Anthony Fowler recently wrote in an article: “In theory, it could be easier for someone to fraudulently vote on behalf of someone else or for someone to tamper with the ballots in a vote-by-mail system.”

While experts generally agree that the likelihood of voter fraud is low, many elections are determined by only a few votes, and so it is an important element to consider and protect against.
In order to reduce identity fraud, the Federal Election Commission needs to step up their identity proofing capabilities. To identity-proof successfully, they would need to prove that someone exists, that the person is actually the one interacting with them, and that the interaction can be cross checked against other interactions tied to that person.
Generally the government is good at determining that a person actually exists, but they have more trouble ensuring that someone is who they say they are, and connecting a particular interaction to other interactions. For example, having a second channel such as a mobile text or call to a unique number to verify a ballot number, or checking ballots across state lines to look for duplicates outside of local jurisdictions. 
For many companies, the risk of fraud is statistically low, but also carries very high risk. Companies must think about their own “identity-proofing” holes. For example, a company might not be very good at determining that someone on their website is who they say they are. This creates opportunities for fraud. As a result, many companies clamp down with draconian identity requirements. 

At the least, it slows down the user experience. At worst, it stalls a transaction all together if someone can’t produce what is requested. 
Automating and Scaling Identity Proofing
Another form of fraud that has made headlines recently is related to unemployment benefit fraud. Again, as the volume of unemployment claims spikes, unemployment agencies see their normal processes start to break down. Their staff normally would flag and manually review any suspect claims, but that process is simply not scalable during a pandemic.
Companies, too, have started to see spikes in online transactions that require a brand new way to think about how they serve their customers. For example, upgrading banking app technology to allow people to deposit checks using the camera element of their smartphone has significantly increased remote deposits. This same phone-based approach can be considered when automating and scaling identity proofing for anything from opening a new account to making a purchase.
Brands should consider the following steps when it comes to better identity proofing:

  • Determine the parts of the customer journey that invite fraud: Zero in on the key customer touchpoints that are at risk, such as login, purchases, applications and such. 
  • Expose the elements that create a poor customer experience: If people must enter a login name, password, and answer a security question, that is a significant amount of time (and memory!) needed to move through a transaction. Similarly, if someone must upload a PDF version of something, that could require technology they don’t have at home.
  • Expose the elements that could make the company vulnerable: For example, if loan applications need to be manually reviewed over several days, a sudden spike in requests would create a backlog and potentially lower the quality of that review.

Once all of these insights are collected, it’s time to plan for improvement. The goal is to balance a better customer experience with a strong company position. For example, if a company looks into technology that replaces the need to scan documents, such as a mobile phone camera, they would want to test the technology for accuracy and fraud-prevention.

Similarly, if a company wants to streamline a customer log-in process, they should ensure that the technology still can successfully “identity proof” someone without cumbersome passwords and security questions.
The mobile phone is in fact a growing element that many companies are starting to incorporate into automated identity proofing across a wide variety of customer transactions. New innovations using elements like mobile-phone-number based authentication on a call or online site offer a reliable, real-time authentication process that can streamline a customer experience and scale quickly. 

Companies must start to adjust to the new normal of increased online transacting, and look for ways to close the trust gap with automated identity proofing. Customers judge any brand by the best transaction they most recently had.

Retailers must work to offer a similarly smooth checkout process as Amazon, for example. As one company in a category improves the online loan process, others must follow. McKinsey pointed out that shopping for and opening a credit card was the single worst customer experience online. The company that streamlines that process first will attract more interested customers.

What’s hot on Infosecurity Magazine?