FB pixel

3 considerations for building an effective intelligent friction strategy

3 considerations for building an effective intelligent friction strategy

By Michelle Hafner, chief operating officer, NuData Security

You don’t expect to have to answer a security question or provide a one-time password (OTP) when you log in to your food delivery service account to order an $8 pizza. On the other hand, you probably do expect additional authentication measures when you log in to an account that stores sensitive information, like your healthcare account.

This is an example of intelligent friction — step-ups that are intentionally and strategically triggered to verify a user’s identity. By balancing user experience (UX) and security, you can protect customers’ information without burdening them with default authentication measures. There’s no one-size-fits-all approach to intelligent friction, but it’s an important component of security since it can have far-reaching effects on your bottom line.

Why friction can sometimes be a good thing

When logging in to any type of account, it’s important for users to prove they are who they say they are — that’s how you keep their personal information secure. And protecting customer data is just as important for you as it is for them. In addition to reputational damage, the average real-dollar cost of a breach rose by nearly 10 percent year over year — the largest y-o-y increase in the last seven years.

But let’s face it: Friction along the user journey can also frustrate users and sometimes even drive them away. More than 80 percent of consumers have abandoned their cart or sign-up attempt as a result of a burdensome login process.

Fortunately, organizations are becoming increasingly sophisticated in terms of making that friction intentional and customized rather than standard for every user — because for certain accounts or situations, friction is a good thing. Consumers tend to agree with this way of thinking. A majority of individuals rated security as “very important” to their accounts.

There isn’t a standard practice when it comes to protecting users’ accounts, but there is a lot to consider when establishing an intelligent friction strategy. Ultimately, it all comes down to striking the right balance between security and providing a positive UX.

How to use intelligent friction to improve authentication

Intelligent friction is an automated user verification process that adapts the level of friction to how trusted or risky the user is perceived to be — and it can both benefit your bottom line and improve your UX.

By protecting the accounts that matter the most with a customized, intelligent approach, you avoid the costly ramifications of data exposures and breaches. Conversely, your users will enjoy the customized experience and build trust with the brand.

Consider these three tips for creating a strategy that triggers the right friction in a user’s journey:

  1. Assess the context. Certain accounts contain sensitive information about users while other accounts only have information like a user’s name and address. You must evaluate the value and risk of each account you manage, determining whether the pros of additional authentication outweigh the cons of a bad actor gaining unauthorized access to the account. For something like a healthcare account, it’s a good idea to err on the side of caution with security. However, if you’re dealing with a user’s food delivery service account that appears to be low risk, you can probably hold off on implementing additional authentication measures to let them get their morning smoothie.
  2. Consider UX. In addition to identifying the context and risk of a company’s users’ accounts, you should place yourself in their users’ shoes to determine the appropriate level of friction they would accept in a given scenario. As a user, you want added friction if it means your healthcare or sensitive financial data will be kept secure. But is it really worth it to fulfill an additional step-up to mobile order a $4 coffee? In that scenario, you would probably just head to a different coffee shop or make coffee at home. If there are alternatives — or rather, if something is easy to not purchase — companies tend to accept a certain level of risk to avoid losing sales as a result of a poor UX. Considering companies lose billions of dollars in sales from false credit and debit card declines every year, prioritizing UX can be a healthy decision for some retailers’ bottom lines.
  3. Tailor step-ups to each type of threat. Not all threats are created equally, so your authentication measures shouldn’t be, either. Let’s say you trigger a CAPTCHA each time suspicious behavior occurs. This method will trip up many bots; however, if the threat is a human bad actor typing in someone else’s credentials, they can easily complete the CAPTCHA, making your fraud prevention technique useless. Instead of this blanket approach, deploy sophisticated security tools that can identify the type of risk. If it is a human trying to gain unauthorized access, you can trigger a step-up that will actually stop them in their tracks — like an OTP.

There isn’t a strict set of rules to follow when building an intelligent friction strategy, and it’s going to look different for every organization. As long as you consider your business goals, your UX priorities, and the risk of the account at hand, you can make a strategic decision about the right amount of friction to insert into a user’s journey.

About the author

Michelle Hafner ia a Senior Product executive with expertise in identifying and building innovative Cyber and Intelligence solutions. She is  currently the COO of NuData Security, a division of Mastercard.

DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


The UK’s election may spell out the future of its national ID cards

Identity cards are back among the UK’s top controversial topics – thanks to the upcoming elections and its focus on…


Challenges in face biometrics addressed with new tech and research amid high stakes

Big biometrics contracts and deals were the theme of several of the stories on that drew the most interest from…


Online age verification debates continue in Canada, EU, India

Introducing age verification to protect children online remains a hot topic across the globe: Canada is debating the Online Harms…


Login.gov adds selfie biometrics for May pilot

America’s single-sign on system for government benefits and services, Login.gov, is getting a face biometrics option for enhanced identity verification…


BIPA one step closer to seeing its first major change since 2008 inception

On Thursday, a bipartisan majority in the Illinois Senate approved the first major change to Illinois Biometric Information Privacy Act…


Identity verification industry mulls solutions to flood of synthetic IDs

The advent of AI-powered generators such as OnlyFake, which creates realistic-looking photos of fake IDs for only US$15, has stirred…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events