Columns

Friction: Friend or Foe?

July 30, 2019

Thanks to our friends at Urjanet and Entersekt for contributing to this piece. 

For many years now, friction at any stage of a transaction cycle has been somewhat taboo, and not without reason. Friction during the identity verification stage can lead to lower conversion rates and higher transaction abandonment. Once consumers are onboarded, anything less than a seamless experience threatens retention rates.

It’s tempting to make eliminating friction the primary goal, but maintaining security requires putting up barriers: granting access to the right people and preventing access for bad actors. Today’s consumers even demand some level of apparent friction, so they know a service provider is taking their safety seriously.

In short, not all friction is bad. As security priorities change with the digital economy, the rise of a new phenomenon, “friendly friction,” is giving both consumers and financial services providers a new perspective on security and customer experience.

 

The middle ground: friendly friction

On the one hand, service providers’ business priorities are driving demand for enhanced security. Prioritizing digital channels for account opening and access helps providers lower costs related to customer acquisition and support, but it also leaves them more vulnerable to many fraud vectors, including synthetic identity fraud, account takeover, and more. The global cost of fraud hit more than $4 trillion in 2018, primarily driven by cyber-fraud.

On the demand side, consumers are also calling for better security procedures to protect their own assets and information. According to an Experian report, 27 percent of consumers abandoned an online transaction in 2018 due to a lack of visible security. Painfully aware of how much exposure their personal data already receives, they’re starting to show a preference for transacting with secure interfaces – even if it means adding a little friction.

So, while it’s clear that too much friction might raise the risk of abandonment, the absence of friction can be costly too. Without visible, verified security measures in place, businesses can’t maintain the trust they need to attract or retain customers, and customers don’t feel confident enough to engage in transactions.

 

Where friendly friction belongs

Deciding where to deploy “friendly friction” is critical. There are specific points during the customer journey where it makes sense to add additional identity verification or authentication steps to protect transactions. Using a risk-based assessment can help determine when to inject additional friction into a user flow. It’s best to picture it as a spectrum: lower friction for low-risk transactions and higher friction for high-risk transactions.

In high-risk, high-value situations, friendly friction is needed and often expected.

Asking a consumer to go through multiple steps of verification just to open a Twitter account, for instance, would be unnecessary and frustrating. But in high-risk, high-value situations, friendly friction is needed and often expected. A few growing industry segments in the digital economy could particularly benefit from rethinking friction throughout the user journey:

  • Sharing economy – Many gig economy services involve consumers placing themselves or their dependents at direct, physical risk. As a result, 91% are more likely to do business with in-home services that validate identity, like childcare or dog-walking.
  •  Online gaming – Location-based regulation makes proof of address and proof of age especially important for online gambling, as companies are strictly required (and penalized for failing) to confirm that users meet the legal requirements for betting in their region.
  • Cryptocurrency – Emerging markets like crypto exchanges may be difficult to regulate for now, but scrutiny around anti-money laundering (AML) practices is already increasing in many markets, with additional legal frameworks on the horizon.
  • Online lending – Certainly no stranger to KYC and KYB mandates, online lenders nevertheless need to pay attention to their onboarding processes, which may require added verification as digital fraud tactics continue to evolve.
  • Merchant acquiring – In a competitive payments landscape, merchant acquirers feel the pressure to be frictionless at all times. But in a highly regulated industry, they still can’t ignore the costs of fraud to their customers and to them.

 

How it should be applied

Once businesses have determined the key points in the customer journey where friendly friction is beneficial, the next hurdle is determining what that friction should look like to the end-user.  Customers increasingly demand visible security measures as part of a positive user experience, but they also need to clearly understand what types of verification or authentication gateways they’ll encounter and how to navigate them.

An effective application of friendly friction during onboarding should:

  • Make sense to the customer – Authentication and verification processes should be surrounded with relevant context and streamlined with the account opening process.
  • Be timely – Responses to authentication and verification prompts should be provided in real-time or near-real-time, with a clear set of expectations for the customer
  • Rely on up-to-date data Verifying against a stale database will result in inaccurate decisioning and the added risk of data breach.
  • Be automated Manual processes create a long and inefficient onboarding process, leading to transaction abandonment.

Another best practice when it comes to generating the right type of friction is to prioritize consumer sovereignty, a theory that suggests that consumer preferences should guide decisions. And this is where financial institutions’ omnichannel capabilities can offer a strong competitive advantage, even post-onboarding.

Sherif Samy, SVP, North America at Entersekt, says that binding the identity on a device where trust has been established opens up many ways for financial institutions to engage consumers more frequently. “Used properly, they allow consumers to engage with their banks in a number of different ways, which pure tech platforms can’t offer. This core advantage is often overlooked and underutilized,” says Samy.

While providing a seamless experience may sound like an innovative move, a healthy dose of friction actually puts more control in the hands of the consumer, which further establishes trust. Customer control of digital transactions through friendly friction can take a number of forms:

  • Peer-to-peer transactions -The ability to have a request or notification that explicitly asks for user confirmation of the transaction provides a level of assurance in the banking experience.
  • Fraud prevention – here is comfort in knowing a suspicious transaction can be canceled with one tap of a button.
  • Secure account transfers – Partnering with mobile network operators that can use the mobile phone as an identifier makes the re-enrollment process easier. For example, when Samsung releases another phone, a bank can anticipate a new wave of downloads and information transfers. As call centers are managing the inquiries, being able to send a notification to validate a user via the banking app would provide an extra layer of assurance.

The trend toward giving consumers more control over their own identities shows no signs of slowing, and businesses should respond accordingly. Consumer-oriented models will rely on data provided with consent from the end-user, with transparency around how the data will be used and how the user will benefit.

Permission-based models like these are already being implemented successfully, without disrupting the user experience. Plaid and Finicity, for instance, have built leading solutions to provide permission-based banking data. Users essentially opt in to link bank accounts by entering their online credentials, providing businesses with instant access to consumer-permissioned data all through a seamless user interface.

Roommate search app Roomi is another example. The sharing economy service uses Evident’s Identity Assurance Platform in partnership with Urjanet. Urjanet’s user-permissioned model allows users to link utility accounts by securely sharing login credentials, thereby providing up-to-date data to verify name and address. With a little extra friction, Roomi users can confidently choose and move in with new roommates, staying in control of their data every step of the way.

 

Walking the line between risk and revenue

“At the end of the day, financial services providers still need to balance risk mitigation with revenue expansion,” says Sherif Samy. “Friction is necessary and even welcomed in certain transactions, but only if applied in the right place with the right methods.”

 A trusted customer shouldn’t be penalized with high friction. Likewise, new applicants who have failed initial verification should be treated with caution, but a second chance to prove themselves may be beneficial for both the customer and business alike. Genuine users will be willing to take a few extra steps to get secure access to the services they need, so businesses will benefit from being prepared to give them that opportunity. 

The good news is that tools available today to enhance identity and address verification are more fruitful than ever. Financial institutions can reduce risk and raise revenue with automated, user-permissioned verification data and ongoing user authentication for select lifecycle transactions. In other words, a little friendly friction can go a long way.