How to verify user identities without generating CX Friction

Account takeovers can cost both businesses and customers money. How can companies verify user identities without causing CX painpoints?

According to Javelin Research’s annual report “Identity Fraud Study: The Virtual Battleground,” account takeovers grew 90% from 2020 to 2021, growing to an estimated $11.4 billion in losses (roughly a quarter of all identity fraud losses that year) .

An account takeover occurs when a hacker gains unauthorized access to a compromised account. The purpose is to gain access to the data associated with that account such as names, addresses, emails and even banking information.

From a business perspective, account takeovers are making authentication a bigger problem than ever. Authenticating or verifying the identity of users ensures products and refunds go to the right people. But creating too many verification frames for customers to jump through could mean losing them to the competition.

For example, customers do not want to re-authenticate their identities during interactions that are transferring from a bot to a human or from a bot to another bot. They want a simple, no-fuss experience.

Consider the four ideas below if you want to authenticate customers with relatively little friction.

1. In-Journey Authentication

Organizations looking to strategically balance security and customer experience should look at authentication, said Christopher Schnieper, senior director of fraud and identity at LexisNexis.

They should also understand the risks of the customer journey, he added, “which can range from checking account balances to making infrequent high-value purchases.”

Schneiper added that companies should put the authentication function where the consumer is on the journey.

“An example of this would be app-based authentication when the consumer is in the company’s app. Alternatively, the organization could use text-based authentication when the consumer is using a mobile web browser. This allows a business to tailor the interaction with the right level of friction for each consumer and risk of each transaction.”

According to Schneiper, businesses can use a returning customer’s digital footprint to determine the device used — mobile, laptop, desktop. You can also use details like IP address, device usage time, or email address associated with identity to reduce authentication issues when someone logs in.

Related article: Developing CX requires a connected customer journey

2. Call Risk Assessment

Phone companies collect large amounts of metadata from phone calls, including:

  • Type of phone (smartphone, VOIP, landline)
  • The phone numbers you call
  • The phone numbers you call
  • The duration of the calls
  • Your location

That information, when combined with AI, can provide basic authentication, said Dan Raup, Verint senior director, strategic business development. Under this system, each interaction is flagged green, yellow, or red, with a green flag only requiring an additional authentication factor, such as the last four digits of an account. Yellow requires two additional factors, and red requires several more or is rejected.

Call Risk Assessment also uses STIR/SHAKEN authentication standards to provide a secure way of verifying caller ID. The Federal Communications Commission requires most phone providers to adhere to these standards to quell the onslaught of spam robocalls, particularly from overseas locations.

3. Voice Biometrics

What companies haven’t done well, according to Dan Spohrer, vice president of product strategy at Verint, is authentication expectations.

Leave a Comment