Not all friction is bad when it comes to payments. As Stephen Ritter, CTO at Mitek, tells Karen Webster. The sharing economy presents easy and lucrative targets for bad actors — so a bit of caution, when it comes to verifying IDs, is warranted and may even be welcome.
Platform economies want to make it easy for consumers to join. After all, scale means everything.
But where there’s scale — millions of users and masses of digital IDs — there are, of course, fraudsters lying in wait and plying their trade, stealing IDs and money.
And it may be the case that in the tradeoff between convenience and security, companies would do well to start looking harder into whether identity verification efforts need to be stepped up a bit, even if that means injecting friction into the equation. It turns out the consumer may not mind all that much in return for some peace of mind.
Stephen Ritter, CTO at Mitek, told Karen Webster in an interview that the sharing economy presents easy targets for fraudsters — and lucrative ones, too.
“One of the reasons the platforms are lucrative targets is because they are popular. And among the reasons they are popular is that they are so convenient,” he told Webster.
To illustrate: It may take a while to remember the last time you hailed a cab or rented a car on a business trip — testament to the pervasive inroads ridesharing companies have made into daily life.
The convenience factor presents a bit of a double-edged sword, according to Ritter.
Today, the most bare bones of information is required to establish identity in the digital economy — usually an email, some other personal identifiers and bank account numbers — and commerce is off and running.
The stage is set, then, for fraudsters to conduct their nefarious activities at scale, through synthetic ID fraud and other means. Regulations designed to combat fraud have yet to keep pace with the fraudsters themselves, noted Ritter.
“It’s a perfect storm because there are a lot of sharing use cases, there are a lot of platforms, and there are many users across those platforms,” he said. “It’s all digital, remote and even automatable. The bad guys can automate their attacks.”
Ritter said no company (whether rooted in the sharing economy or not) can fully eliminate fraud, as the proposition is too expensive. But raising the bar higher for fraudsters can be an effective line of defense.
Within certain verticals of the sharing economy, there is mounting pressure to ratchet up security. Ritter pointed to the home- and room-sharing market, where companies providing services to owners and renters (where the owner is the source of revenue) need to ensure that customers and renters have both verified their identities.
Overall, Ritter said, consumers are becoming more and more concerned with how their personal data is being used — and is it secure? And where an ID is a form of security — likened by Ritter to a big piece of the security puzzle — the consumer will often trade a bit of convenience in return for greater security.
The Problem With Friction
The tradeoff, of course, involves at least some friction. Approaching verification, both at a conceptual level and in practice, requires being mindful of the hyper-competitive nature of platform economies, where friction can hinder firms in their relentless drive to scale.
As Ritter noted, email accounts are the first avenues of attack for fraudsters. Gaining access to email gives bad actors an entry point for account takeovers. They can intercept requests for password changes, effectively freeze legitimate users out of their own accounts, and then drain funds.
Additional layers of security, including identity document verification (offered by Mitek and others) may introduce necessary friction into the process, where individuals must look for, procure and photograph their documents.
However, the activity can also add convenience, Ritter said, as Mitek’s imaging and capture technology can prepopulate data from one snap that normally would have to be entered manually by users or may have required several screenshots from a mobile device.
“There can be a beneficial rate of friction where users see that companies are going to the next level of checking identities — as a consumer that the checks exist can help to make me feel safe,” he said.
This claim dovetails with the “Verifying Digital Identity in the Sharing Economy Report” produced by PYMNTS last month, which found that more than 67 percent of consumers asked to verify identities at physical locations are “very” or “extremely” satisfied with doing so, because of the sense of security that can make the leap into the digital realm.
The Funnel Approach
Ritter said a successful digital ID verification/onboarding philosophy can be likened to a funnel, starting off with a low-friction approach, where emails and basic PII can be checked off against credit bureau data and other information sources.
“If everything looks good, let the consumer on board,” he said. “If there are any red flags, then we’ll go to another level of identification several steps down in that funnel, where you are really trying to wring out every last good customer before you give up or determine they are not a trusted identity.”
In some cases, Ritter said, tech and AI-powered ID document verification has gone so well that those demands have been moved up in the funnel, sometimes being cemented as the first step in the identity proofing process.
And, he added, there’s an ancillary benefit. Asking for an ID document upfront, paired with a selfie, stands as a strong deterrent to fraudsters. Call it a significant form of friction for the bad guys.
The challenge for companies like Mitek and others in document capture, said Ritter, is to navigate and work seamlessly with the increasing technological complexities of new devices. In some cases, information must be gleaned from two sides of the document the very first time.
“It may sound simple, but you have to realize this is probably the first and maybe the only time that consumer will be going through a process like this, so they’re not experts at it,” he said. “They have to be guided through it, and the amount of technology and artificial intelligence that goes into that mobile device — into the SDK that we our arm our mobile customers with — is significant.”
For Mitek, it is important to make sure that when the camera sees the image that will work best with the back-end platform to deliver the most accurate result, that it automatically grabs that image.
In one example of how advanced the technology is getting, Ritter told Webster that Apple has opened up access to the tech giant’s near-field communication API, which allows Mitek to read the RFID chips that are embedded in security documents. This allows mobile devices to authenticate the validity of a government-issued electronic identity document. Verifying these e-documents becomes an important next step in increasing security for users.
Although there may be excitement in some corners of technology about the eventual emergence of solely digital IDs (via, say, blockchain), Ritter cautioned that it will take some time before we move fully away from physical documents as trusted sources of identity.
In the end, he said, mobile identity verification seeks to provide the same level of trust inherent in the physical world.
“You have to be able to establish trust online between a buyer and seller,” he told Webster. “If that trust is broken, the entire business model is in question.”