3 Ways to Provide Secure ID Verification Without Disrupting the Customer Experience
The events of 2020 helped drive a dramatic and irreversible shift to the digital world. Many organizations have embraced this challenge with creativity and innovation, resulting in greater speed, convenience and an overall better user experience. But this head-spinning evolution has also offered up new challenges, exposing vulnerabilities in existing security systems that fraudsters have been quick to exploit, leading to a sharp rise in incidents of identity theft and fraud.
For example, Account Takeover Fraud (ATO), one of the most disruptive and costly types of fraud, grew 282% year over year from the second quarter of 2019 to the second quarter of 2020, and 42% of all fraud attempts against financial institutions are ATO attacks. Nearly half of U.S. consumers, meanwhile, have experienced identity theft, fraudulent applications in their name, or ATO in the past two years. Losses associated with identity theft increased by 42% between 2019 and 2020, mainly due to the pandemic, and Aite-Novarica Group estimates such losses will grow to over $600 billion by 2023.
The growing importance of IDV
To combat such incidents, identity verification (IDV) is becoming increasingly important, especially for high-risk transactions that require extra confidence and security – like those in financial services. Liminal found that by improving digital identity, Anti-money Laundering/Know Your Customer (AML/KYC) costs can be reduced by up to 70%.
But with IDV, organizations must balance security with the customer experience – a delicate dance that grows more challenging as financial consumers demand faster, more intuitive and seamless digital experiences, and fraudsters become increasingly sophisticated and dangerous.
According to a commissioned study conducted by Forrester on behalf of DocuSign, the longer identity verification takes customers, the more likely they are to abandon the process, reaching more than 30% abandonment rates once the average customer time reaches 6 to 10 minutes. Among financial institutions, 75% say they would greatly benefit from investing in verification tools that facilitate better customer experience.
Fortunately, organizations today have access to two common and well-established types of authentication – one-time passcode (OTP) and knowledge-based authentication (KBA). And for agreements that require enhanced identity verification due to their value, regulations or vulnerability to fraud–there are newer options for identity verification that make it possible to digitally verify government issued IDs and European eIDs remotely. Finally, there are emerging technologies such as dual-layer biometrics that show great promise, especially for use in the most secure types of transactions.
One-time passcode: Well-established and accepted
One-time passcode (OTP) is a well-vetted and accepted method of authentication. It is effective, easy to use and well-understood by consumers. The method has been proven at scale and is widely offered by financial services institutions and other organizations.
The concept is straightforward. Financial institutions can authenticate a returning user or signer by automatically sending a one-time code via SMS text or voice call to the user’s pre-registered mobile device. This provides additional assurance that the user is actually the individual they claim to be.
However, OTP is not perfect. For one, users must have access to their registered device at the time of application. If they are away from home and without their phone, they will not be able to complete the transaction. In addition, although OTP has long been considered a very secure option, SIM card theft is increasing—a development that is causing security experts to reevaluate the benefits of this method of authentication.
Knowledge-based Authentication: The old standby
Knowledge based authentication (KBA) is an even more established method of confirming identity and is useful for establishing identity for new users whereas OTP authenticates returning users.
KBA requires signers to correctly answer a series of personal questions, compiled from commercially available databases. This method has proven popular in banking, with a majority of top U.S. financial services institutions safeguarding new account openings and more with KBA. It has evolved to become a broad standard, and has the benefit of being fairly quick and practically frictionless for users, with no need to pre-register.
However, with incidents of friendly fraud on the rise, the latest breed of sophisticated fraudsters can mine consumers’ personal data and make educated guesses at their personal information, such as prior addresses, favorite sports teams, and the like. Furthermore, consumers may find KBA questions intrusive or even obscure. Organizations need to ask themselves: Is this level of security good enough for the most secure, sensitive types of transactions?
Identity verification: For higher value agreements
In certain highly regulated industries and other use cases, proof of identity in the form of a government-issued ID or electronic ID is the most secure option. This is often the case for new employee onboarding, new account openings, wire transfer agreements and loan applications. Of course, when the agreement is not executed in person, the signer is not physically present to provide a form of ID. ID verification solutions such as DocuSign ID Verification allows a customer to submit their driver license, passport or electronic ID to prove who they are, from wherever they are, using their preferred device— saving time and helping improve process efficiency.
This method of verification is accomplished by analyzing the unique data sets within an identity document. The name and information on the agreement is then cross-checked with the one on the ID document. This helps ensure that only the correct individual can view and sign the agreement.
Dual-layer biometrics: A new frontier
The future of identity verification clearly lies in the biometric realm. In fact, according to a commissioned study conducted by Forrester Consulting on behalf of DocuSign, biometric data is the most popular method of IDV in an ideal world.
Per the same study, 79% of surveyed global digital experience decision-makers agree that biometric data will become more prevalent in the future of IDV.
Financial services is at an inflection point, with more organizations beginning to evaluate and adopt biometrics to address emerging threats. A key will be financial institutions’ ability to balance customer experience and security, with 78% of surveyed global digital experience decision-makers stating it is “very important” to do so.
One promising area is Synchronous Dual Biometrics, which employs either a combination of two biometric factors— like facial recognition, voice recognition or fingerprint scanning – or the coupling of a single biometric factor with a unique behavior, such as the act of a user creating a signature on their preferred device.
DocuSign has partnered with identity verification firm Asignio to offer just this type of solution. Asignio’s core technology utilizes two biometrics at once to validate a user’s identity through multi-modal biometric identification: (1) combining handwriting recognition with passive facial verification, or (2) combining voice recognition with passive facial verification.
Consumers are already accustomed to fingerprint scans and facial verification on their iPhone or other mobile device. The combination of these authentication measures makes it ideal for very secure transactions, such as those performed within financial services. However, these processes require the user to pre-register their fingerprint or photo—an extra step that could be cumbersome for some users and may contribute to drop-off rates. But financial institutions may be willing to accept initial friction in the process in exchange for extra security. Furthermore, the extra step may also be an incentive for customers to establish long-term, loyal relationships with their preferred institution.
The digital world is here to stay. As organizations look to provide new remote options and improve the customer and employee experience within this new frontier, they must guard against increased fraud and security threats. Fortunately, financial services institutions have multiple options for verifying their users’ identity and ensuring their interactions are positive and safe.
To learn more about DocuSign’s ID Verification solutions, visit DocuSign Identify, part of the DocuSign Agreement Cloud. To discover the latest in innovative biometric identification solutions, including Synchronous Dual Biometrics, contact Extensions@docusign.com