Signup and onboarding are important to get right whether you’re a SaaS or online business – while many of your customers registering with you will be genuine, some accounts will be made by fraudsters. While you want to stop these users from registering with you, deep customer vetting during the onboarding process can cause user experience friction as it often involves asking for documentation or too many questions. Some B2Cs avoid customer vetting for that reason, but one key frictionless method of checking security at onboarding includes data enrichment. We’ll be going into detail about how this works and how it can protect you against suspicious customers.
How at risk are B2Cs when it comes to fraud?
When it comes to B2Cs, the e-Commerce sector is particularly at risk of being targeted by fraudsters. (And SaaS companies have a lot to learn from this too.) According to Finances Online, e-Commerce sites have to deal with an average of 206,000 attacks every month. The same article also found in another survey that: “companies that implemented fraud prevention programs were able to reduce their fraud attack response expenses by 42%, their remedy expenses by 17% compared to companies without such programs in place”. This goes to show that while fraud is big on the agenda for e-Commerce, implementing fraud prevention software can reduce your expenses greatly. A good investment surely, but often companies find they’re reluctant to take the plunge because of one important factor that affects customer experience – friction.
As a business, you’re probably looking to avoid increasing friction regarding a user’s onboarding experience. You’re perhaps looking at implementing ways of making the process more streamlined so that there are fewer boxes to tick or fill in during registration (which can put some customers or users off registering at all). However, Profitwell found in their study that good customer onboarding can actually lead to higher retention and willingness to pay – so if you get this right, it could be of great benefit in the long-run.
Unfortunately, one of the most popular forms of fraud prevention technique – Know Your Customer checks which include document or biometric verification for example – can introduce a lot of friction for your customer (and extra costs for you). Some checks like biometric verification are known as hard KYC checks. This means that they’re particularly hard for fraudsters to get around but also provide a great deal of friction to all of your customers in general.
If you ask every customer for document identification, it’s going to not only cost extra time for the customer in terms of them locating important, relevant documentation (such as their driver’s license or passport), but it’s also potentially going to take time to verify that these documents are valid. Verification is also importantly not completely failsafe. Criminals can also find ways around document or biometric verification. This could come in the form of forging ID documents using Photoshop or combining real and fake data to make a synthetic identity, as SEON explains in their guide to synthetic identity fraud.
How to check security without involving friction
Thankfully, there’s another route to safer onboarding, and that’s via data enrichment. Data enrichment handles many different data points along the entire onboarding process, like a user’s phone number, email address, IP address, and device fingerprinting.
Data enrichment isn’t limited to just fraud prevention per se (although this is what we’re interested in here) – it’s generally a means to merge a primary data point with other data sets in order to provide a bigger context for your original data point. For example, you could start with a user’s email address as a primary data point. Using a data enrichment tool on the email address, you can combine it with other datasets out there such as via internet open sources or other records to find out whether it’s linked to any social media accounts.
Uncovering a very limited or non-existent social media footprint using data enrichment on a user’s data points means they’re more likely to be a fraudster or automated attacker. A customer is more likely to be genuine if they have a history of social media that’s over a few years. What’s more, a suspicious user is more likely to be hiding their IP address behind a VPN, using a web browser like Tor, and having a disposable phone number or an email address that’s not linked to any social media profiles. This entire process is known as digital footprint analysis.
These are all clues that create a picture of how likely a user is a fraudster – some fraud prevention tools that enlist data enrichment to find out more about your customers have a “traffic light” system, which involves providing each customer with a risk score. Phone numbers belonging to a blacklist will lead to a user receiving a very high score, as will a user using a Tor browser. You might ban them outright before or during the onboarding process itself, as they’re likely a criminal based on the information you’ve gleaned. When it comes to suspicious users with a high score, you might ask for additional details in the form of a phone call with your customer services, or extra documentation to show that they are who they claim to be.
Blacklisting and flagging suspicious users early means you’re more likely to catch them. When a customer’s been flagged as suspicious, it’s fine to introduce a bit of friction, because you’re trying to decide whether they’re fraudulent or not – most of your regular customers not flagged as suspicious don’t have to undergo this level of scrutiny. This is dynamic friction – in other words, the friction that’s introduced only when it’s deemed necessary, not all the time, and for every single user looking to register with you.
Bringing it all together: by enriching a customer’s email address, and phone number or by looking at the kind of device they’re using, you can find out a lot about their identity during the onboarding process (or even just via them taking actions on your site). You might even be able to use this process instead of KYC-related verification checks to save money and reduce friction overall. That’s because this data can be gained fairly early on – you can even find a user’s IP address and device information just through them taking action on your site.
Using data enrichment to replace KYC is an option if you don’t have to comply with any KYC and AML-related mandates, which you might have to if you’re in the gambling industry. As Experian found, as more people become interested in gambling, this is leading to an increase in fraud targeted at the industry itself.
As we’ve explained above, there are several ways to go about creating a safe onboarding process that doesn’t let in fraudsters. Hard KYC checks like biometric verification can cause the kind of friction that leaves most of your genuine customers unsatisfied. But with the help of data enrichment, you can filter out fraudsters even before they reach the onboarding stage itself.