The role of Dynamic Friction in prevention fraud: interview with Kevin Lee, Sift

Kevin Lee, the Trust and Safety Architect at Sift, reveals the role of Dynamic Friction in prevention fraud while not altering the customer journey

There has been a shift lately from mitigating fraud to improving the customer experience. What are the factors influencing this shift?

The shift lies in the fact that customer expectations have changed, so businesses have improved their services to meet those specific users needs. This aspect has thus triggered a lot of competition. Consumers ask for on-demand services, low-friction experiences, and mobile payments methods.

Let’s think about our own usage of apps, either for delivery, travel, finance, streaming etc, and how quickly we expect a response. It’s beyond something that is nice to have for consumers, more than table stakes, and the differentiator is the tailored experience you offer.

Competition is increasing from digital native brands, again, offering those experiences that users expect. Competition can come from digital natives fighting amongst themselves, or for brands with a richer heritage transforming themselves digitally.

Is there any way for users to bypass additional verification, while potentially risky users can get additional screening?

Absolutely – this is at the heart of dynamic friction. So the idea would be for trustworthy users to bypass additional verification. Inherent to this sentiment is having an accurate way to differentiate between good and bad logins, good and bad accounts, good and bad behaviours, and so on. All you need to do is treat them in kind. This is what Sift was created to do and is being leveraged by customers for. This is achieved by utilising data at scale, automating business practices, and learning in real time.

How can dynamic friction be applied in certain fraud use cases, such as account takeover, for instance?

One effective way to combat ATO is to apply additional verification to login events by introducing MFA, biometric verification, and other authentication methods. But many businesses shy away from these verification methods because they introduce friction, which creates pain points for users. For businesses to remain competitive, they must embrace a streamlined approach to combating ATO: MFA + applying it discriminately and intelligently via Dynamic Friction.

As a small case in point, Starbucks just integrated 2FA into its app. While your coffee order may seem of low importance, it can tell a lot about where you are (by what place you frequent), who you may be meeting with (by where you are currently located), and personal habits (based on order history). While Starbucks is currently utilising this feature at the point of login, one could imagine utilising Dynamic Friction at other sensitive interactions like adding a payment method or loading a Starbucks gift card.

Therefore, when applying friction in a smart and strategic way, good users aren’t caught in the net of the indiscriminate application of roadblocks and authentication. Introducing Dynamic Friction into your fraud prevention process is one step on your journey towards a full Digital Trust & Safety transformation – because Dynamic Friction is an application of the Digital Trust & Safety methodology.

Moreover, how can this solution complement a strong authentication method?

We’re moving away from a guilty until proven innocent model. So you want to have less examples of ‘let’s push this authentication to 100% of users’ but more ‘let’s apply this authentication when and where it’s needed’. Friction in and of itself isn’t a bad thing, but your customers will quickly feel that way if you’re not using it appropriately.

For example, I fly with United Airlines over 100k miles a year, this makes me a loyal customer. Everytime I login with their account I have to re-authenticate myself. This is not only insulting as a frequent flyer, but also speaks to the company’s inability to authenticate well. So here is a guilty until proven innocent case.

Is dynamic friction relevant for PSD2’s SCA when it comes to minimising conversion risks?

In the context of PSD2’s Strong Customer Authentication, dynamic friction is crucial. The new SCA requirement under PSD2 adds additional security, but the additional friction can turn away good users. Merchants can work with their payment providers to take advantage of the transaction risk analysis (TRA) exemption, which allows merchants with low fraud rates to apply dynamic friction and request that known low risk users bypass SCA requirements while risky users still receive the required screening.

This editorial was first published in the Fraud Prevention and Online Authentication Report 2019/2020. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

Kevin Lee is a Trust and Safety Architect at Sift who helps customers implement strategies that cross-functionally align risk and revenue programs. Prior to Sift, he has spent the last 14+ years leading various risk, chargeback, spam/scams, and trust and safety organisations at Facebook, Square and Google.

About Sift 

Sift is the leader in Digital Trust & Safety, empowering companies of all sizes to unlock revenue without risk. Sift prevents fraud with industry-leading technology and expertise, an unrivaled global data network, and a commitment to building long-term partnerships with our customers.