Getting the balance wrong can have profound impacts on the customer relationship. Clearly, customers want to know they are being protected. Recent research found that 88% of consumers reported that security is their greatest priority (Source). But, at the same time, 42% of customers report abandoning an onboarding flow due to friction (Source). While valuing security, customers will get cold feet when presented with too uch friction.
This ongoing conundrum facing businesses and customers could prove lucrative as some are challenging the security status quo and putting an end to the impossible choice between fraud prevention and customer experience. Could there be a reinvented authentication process from onboarding onwards that proves friction-free and won’t compromise security?
In today’s authentication landscape, both customers and companies might find themselves in an inversion of the proper order: everyone is presumed guilty until they prove themselves innocent.
As a customer, proving you’re not a fraudster might involve myriad steps taken multiple times a day, sometimes with the same company - SMS one-time passcodes to complete, multi-channel authentication to navigate, and even scanning your identity documentation.
Sadly, even some of these security measures can be exploited by fraudsters and further be used in attempts of account takeover or identity fraud.
However, much of this friction that disrupts the customer experience is simply targeted at confirming ta customer is in current possession of their phone number and that it hasn’t been compromised with a SIM swap or number port.
And mobile devices and their unique SIM identifiers have become the de facto identifier for almost all forms of online identity authentication. By leveraging the deterministic data from mobile carriers, fraud solution providers could help prove the innocence of genuine customers. This can even be done silently, in the background, and without their input, weeding out questionable customers for further checks.
Around the world, billions of people trust mobile carriers to keep rich deterministic data about who they are, their SIM card ID, and their individual phone numbers - all in exchange for access to their networks. Between them, carriers verify identity billions of times every minute so people are free to connect and communicate, shop, work, and play to their heart’s content. Connection is seamless and silent and customers trust the billing, whichever networks they jump between, will always be correct.
What makes this carrier data so powerful for fraud teams is that it can be leveraged in the customer journey to verify genuine customers automatically and silently. The game changer here is to connect to mobile carrier APIs around the world and almost instantly background check if a valid mobile number, device, SIM, and username are being used in any login or transaction.
Tapping carrier data in this way during the sign-up process, onboarding, or any other transaction, can identify if a SIM has recently been swapped. Oftentimes, that’s a normal occurrence, as customers can change mobile phones and carriers from time to time. However, - if it happens shortly before a large purchase, it’s a red flag for SIM-jacking fraud.
Interrogating carrier data can also determine if the phone number provided (and the SIM connection) are engaged in an active data session with the carrier at exactly the point in time that the customer is asking to be authenticated. This confirms, with no input required by the customer, that only one phone number is accessing the network. In essence, no fraud attack is occurring.
Where data is inconclusive or incomplete, the prospective customer can be placed in a different authentication process. Cue more friction in the form of fail-over technologies such as biometrics or knowledge-based authentication. Legitimate customers meanwhile experience a new standard of seamless customer journey.
Authentication with these next-generation security solutions takes 2-5 seconds, a saving of up to 28 seconds on the average time authentication currently takes. For customers, it’s like swapping coach for a private jet. Once they experience it, they won’t want to go back, and fraud solution providers that still use legacy authentication will be forced to change their modus operandi, or else they won’t remain in business for long.
Finally, fraud teams should be recognised as the heroes they are within their companies - protecting customers and smoothing their experience. In other words, fraud teams can deliver better security while also improving customer acquisition and reducing churn. At Twilio, we predict the impact on businesses will be profound, both for those that get onboard quickly with this next-generation of authentication solutions, as well as for those that don’t.
Visit Twilio’s website for more information on how carrier data is transforming account security: https://www.twilio.com/solutions/account-security.
Aaron Goldsmid is Twilio’s VP of Account Security, who previously served in product leadership roles at Facebook, Amazon, Microsoft, Twitter, and, most recently, as GM/CPO of Kiva.org, where he built the National Digital Identify for the nation of Sierra Leone. Built fully on the block chain, this product was awarded Global Prize for the 2020 World Bank Mission Billion Challenge.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now