Identity verification (IDV) is part of virtually every online transaction. As consumers, we encounter verification processes when we open our smartphones, log into banking apps, apply for mortgages online, get accredited for online courses, become Airbnb hosts, and more.
When done right, the process is seamless and barely noticeable. When done poorly, with little regard to specific individuals and transactions, it can make or break the customer experience.
We’ve all been there. You attempt to make an online transaction, but it takes ten tries before your selfie is recognized. You're about to pay for something, and the app rejects your credentials. You're trying to process an urgent loan application, only to receive a message saying "we could not confirm your identity" — and you wait days to get a call from an agent.
IDV today is riddled with friction and inconsistencies, largely because it's solely viewed as a means of fraud prevention and security, rather than as a core component of the customer journey.
Friction during IDV can create a poor user experience that can break trust with your customers and result in abandoned transactions. The bottom line: IDV must fit each unique situation and user.
Strong security + good CX = happy and trusting customers
There are two major problems with the way companies treat IDV today:
1. Seeing it purely as a security checkoff — a mechanism to stop fraud or satisfy compliance requirements. That's an essential role, but the fact is most interactions are legitimate. If you focus solely on making your IDV process as difficult as possible to weed out fraud — well, soon you might not have customers to verify.
2. Thinking of IDV as a single, static touchpoint at onboarding. In reality, IDV comes into play throughout the customer's relationship with your brand. Businesses need to ensure the individual taking various actions post-onboarding is the same individual who opened the account, especially when an interaction is higher-risk. In some instances, consider parsing IDV into stages along the customer journey. For example, onboarding with an e-commerce site might require basic info, but the company may request more information when purchasing a high-priced item. Browsing customers or those having lower-stakes interactions won't encounter all the stages, which can reduce friction caused by IDV and keep customers happy.
In short, UX teams live by the mantra of personalizing and customizing the customer journey, and IDV could stand to take a page from their playbook. Three words: personalization, personalization, personalization.
The nuance with IDV, however, is personalization is not only based on preferences, but also on risk assessment. A lender might make the IDV experience for a customer with perfect credit as seamless as making an Amazon purchase. On the flip side, they might add more layers for someone applying from an IP address far away from their residential address.
The key is implementing IDV carefully and making sure it's seamlessly meshed into the customer experience. Users shouldn't ever have to think about the flow, and they shouldn’t have to provide more information than needed. Continually reassess their experience. Be sure that any instance of IDV — whether it's during onboarding or right before a major purchase — is a seamless, painless interaction with your brand, not an ordeal for them to remember.
Continuously adapt to security needs, customer expectations, regulations, and use cases
Identity processes should vary depending on the risks associated with the customer and action. Some interactions with your customers are simple one-and-done onboarding procedures; others require multiple steps. They vary in security rigor and, therefore, in potential user friction. When individuals are just browsing stock charts, for example, little IDV is needed. Withdrawing funds or trading large sums of stock, on the other hand, should require the customer to pass a higher bar.
To complicate matters further, situations change. A customer might create an account to order alcohol but end up also filling prescriptions. You also can't assume someone who passed IDV during onboarding is the same risk level (or even the same person) the next time they interact with your brand. IDV isn't a one-off static transaction, and it's important to continually assess identities throughout the customer lifecycle so you can catch suspicious activity — like someone being added to a watchlist or attempting to perform a transaction using a burner phone — and take necessary action.
Different countries and states can also have varying compliance regulations, so the IDV may change for a customer booking a stay in different areas because the local government might require additional documents.
Remember: Identity is personal. Think through the nuances of each situation and create a tailored journey, where needed, for each individual customer.
Personalization requires user data — just be sure to ask nicely
Data informs personalization. The more you know about a user, the better you can personalize. At the same time, if you want users to complete IDV, it's vital not to overload them with friction by asking for too much data. Instead, businesses can rely on existing data, third-party reports, and passive signals to personalize IDV processes accordingly.
Take geolocation from the user's IP address. If the user isn't an American citizen, you can skip requesting an SSN, creating less friction. Or, when your verification of a driver's license confirms the user is over 50, you can automatically increase font size. Another common example is when companies pre-fill user information they already have within forms, which makes the process faster and more convenient.
IDV is crucial to building trust with your customers. Personalize the customer journey and treat IDV as more than security. Use it thoughtfully and wield it carefully. In the end, you'll build greater trust with your users as they'll see it as a security effort — not just another tedious task to get through.
This article was originally published on Forbes.