Any company that’s active online will admit that balancing security with user experience is always a struggle. Keeping safe online involves Know-Your-Customer (KYC) checks, which can help keep you safe from digital fraud and reduce the risk of chargebacks.
In their simplest form, these ensure you get a good sense of who your customer is, thus weeding out fraudsters and other bad actors. For some types of companies, KYC checks are mandated by law to minimize the impact of fraud and money laundering on the economy.
Although KYC is an important feature of any effective fraud prevention strategy, the downside is that legitimate customers experience some friction. KYC can come in two-factor authentication (2FA) or heavier IDV (Identity Verification) checks like verifying a government-issued form of photographic ID. Both can weigh down the customer journey and even cause them to abandon their session altogether, sometimes turning to a competitor who offers less friction (but might be more at risk as a result).
But not all users need to go through heavy KYC checks during a transaction or login. Dynamic friction is a useful tool that allows us to control which customers have reason to experience KYC checks and how rigid these should be. Let’s take a closer look.
KYC friction and shopping cart abandonment
According to figures on cart abandonment published by Baymard, 69.82% of shoppers will eventually abandon their cart, with 17% doing so because the checkout process was too long. As a Hyperion whitepaper also revealed, 25% of applications in the UK are abandoned due to KYC-associated friction. As solid defenses are important, working out how to deal with customer experience issues inflicted by KYC checks becomes a pain point for most ecommerce businesses.
Businesses looking to ensure that the customer experience is as optimized as possible while keeping themselves safe from fraud can look into dynamic friction for a solution. This implements more rigid defenses for customers who are suspicious while keeping friction for provably good customers at an absolute minimum. So, how do you know when it’s right to deploy additional friction?
What is dynamic friction?
As a business, you might be looking into refining your checkout flow. The 12 suggestions for an optimized checkout process by Shopify include steps that clearly minimize friction, such as allowing for guest checkout and reducing form fields. But, implemented without security concerns, these can also result in more fraudsters slipping through the cracks – at a cost to the bottom line.
Dynamic friction can help flag potentially fraudulent accounts before they even reach checkout. Instead of making all customers go through KYC-associated friction during a transaction, a good fraud prevention tool can help us draw conclusions from similar data points that customers provide. What do they provide? Their email address and phone number, for instance – and easy-to-source information such as their web browser, IP address, hardware configuration, etc.
It’s essentially a background check. Combining these data points provides a risk score for each customer. From there, obvious fraudsters will be blocked outright. At the same time, suspicious customers with a medium risk score will experience additional friction compared to a good customer with a low-risk score. The latter will enjoy a frictionless shopping journey, subject to the minimum amount of checks a merchant can implement.
Data enrichment and its part in dynamic friction
To understand how dynamic friction is deployed, it’s useful to get to grips with pre-KYC data enrichment. Data enrichment helps you find out the most that you can about a customer before you even need to consider introducing KYC checks.
This is because whenever someone uses your website or registers an account with you, they provide a range of information, such as their IP, email, and some hardware and software information, such as their device or browser of choice.
Starting with these simple data points, data enrichment tools look for additional information related to them. For example, data enrichment can also provide information on which social media accounts, if any, are linked with an email address or phone number that a customer has used to register an account with you. In particular, reverse phone lookup tools by SEON can help you spot whether a phone number is disposable and linked to any social media account history. It can also tell you whether it’s a real number, the carrier’s country, and whether it’s registered with any messenger apps.
As many fraudsters use a disposable phone number, this is a big warning flag. Because it works in real-time before any KYC checks, reverse email and phone lookup provides another data point for a user’s overall risk score.
An overall risk score based on these pre-KYC data points can allow you to deploy dynamic friction. As we’ve seen, shoppers with a low-risk score most likely won’t need any additional identity checks, whereas a suspicious user with a higher-risk score will.
A step-by-step breakdown of how dynamic friction works
Dynamic friction operates somewhat like a traffic lights system, whereby:
- Green would be a good user (allowing them to pass through transactions or logins without friction or just whatever friction might be legally mandatory).
- Amber would be a suspicious user, where you implement additional checks to find out more information, thus using heavier KYC or even manual review.
- Red is a clearly suspicious user, who you can automatically block.
The higher the risk score, the more likely a user will be flagged as fraudulent. However, users don’t tend to be flagged for one reason. They’re flagged as fraudulent when their risk score exceeds the threshold set on the fraud detection platform. For example, a certain number of points can be added when a user accesses your website using a Tor browser, disposable email address, or a web proxy. Each of these will add up. Customers with no such behavior or very few risk factors will have a much lower risk score.
Let’s look at dynamic friction step-by-step:
- The customer registers an account with your e-shop and provides information such as their email, phone number, and IP address – as well as their device, whether they’re using a web proxy, whether cookies are enabled, etc.
- Drawing on these pre-KYC data points and further enriching some of them, fraud detection and prevention software can determine a risk score for each user.
- In real-time, your fraud software can decide how much friction needs to be introduced in a customer’s transaction or login experience based on how suspicious this information appears.
- Non-suspicious digital footprints will, for example, have an IP geolocation that matches their payment card information and a long history of social media accounts connected with an email or phone address. If-So explained in an article that a geolocation lookup tool canvasses public databases to determine the contact and registration information for a particular IP address. If they are shown to be a “good” user, you can let them through your transaction or login process without much friction, e.g., no extra checks if it’s just an e-shop transaction or mandatory KYC if you’re a neobank.
- On the other hand, if the user is clearly fraudulent, then can block them. For example, if they use a Tor browser, they might have a very high-risk score – and so deemed clearly fraudulent.
- Suppose you aren’t sure whether a user is suspicious. In that case, you can include some heavy checks (like government-issued photo ID, 2FA, or a phone call with the customer support team), therefore introducing a degree of friction. This additional friction allows you to hold up the user until you have sufficient information from them that can help you decide whether they are a legitimate customer. Although this slows down the customer’s experience, it will also help keep a company safe if it’s initially unclear whether a user is fraudulent. One thing to note is that such suspicious individuals usually get outright blocked without dynamic friction. Thus, by considering them “amber” in our traffic lights system, we can eliminate those false positives where a legitimate, good user has a suspicious risk score for other reasons. These sales are not lost, and the company is better positioned to grow.
How does dynamic friction help?
As pre-KYC dynamic friction involves a data-enriched background check before a transaction or login process, allowing you to customize the amount of friction during the customer experience, it is useful for e-shops and other online services to stay safe without turning away good customers.
After all, KYC is costly in itself: Again, according to the Hyperion whitepaper on the EU’s directives mentioned above, individual KYC checks can cost between $13 to $130 depending on the type of KYC check. If you’re running lots of KYC checks, this can cost you more money than it’s worth.
Dynamic friction comes to the rescue, providing a balance between customers having a pleasant journey through the transaction process and ensuring that you’re protected from fraudsters along the way. In a nutshell, dynamic friction completely halts fraudsters while allowing a frictionless experience for legitimate users with a low-risk score. It means that low-risk customers don’t feel like they’re criminals, and it optimizes their customer experience.