Identity industry rethinks fraud-versus-friction tradeoff

If you spend enough time with the biometrics and identity crowd, you will eventually hear someone whisper fretfully about the F-word – friction. Friction, the logic goes, is the foe of efficiency, seamlessness, and a smooth customer experience. For some, even the tiniest grain of digital sand in the onboarding shorts is too much friction to bear.

The other F-word in identity is fraud. It is, ostensibly, why friction exists: security measures that add steps to an onboarding journey are there to protect against fraud attacks. Deepfakes, injection attacks, synthetic identities and other tools and techniques enabled by generative AI have industrialized fraud, not to mention destabilized the fabric of reality. For some, fraud is the great white shark in the identity waters, gobbling up data, revenue and trust.

The territory between friction and fraud is the topic of a recent webinar hosted by Shufti Pro and Biometric Update. Featuring Shufti Vice President of Product Management Tom Gadsden, James Eastham, CEO of Scion Compliance, and Sayed Khalid, CEO of global compliance consulting firm Fincheck, the panel delves into the central question of whether the fraud-versus-friction tradeoff is still relevant in modern identity systems.

From the get-go, the binary is contentious. Friction can be a matter of perspective, says James Eastham, who tends to work with ultra high net worth individuals. He notes that removing friction does not mean removing controls, and that people and companies working with huge sums of money want to feel secure. “They want to feel like you have asked them those questions,” he says. “You can get drop off because it’s too easy as well.” The key is frontloading friction, so that once money starts moving, it can move quickly and without obstacles.

When compliance means friction, it is often framed in terms of how it affects the bottom line. Drop-off is the point at which friction becomes terminal. It translates to losses, which can translate to disaster. This is the fear that undergirds friction: what if everybody jumps ship? Or, more accurately, what if the ship is too hard to get on in the first place?

Enter the pirates, to hijack the ship.

Generative AI and the ‘boiling frog’ moment

Today’s fraud is both industrial in scale and highly sophisticated in execution. Gadsden says that while a layered attack ecosystem is not new, as evidenced by tools like presentation attack detection and injection attack detection, the target surface is growing to encompass “relatively benign targets.”

“So, you know, down to 50 dollars of bonus, say on a gaming site, or a money transfer business where there is no direct fraud, but it has value as a muling account. People are deploying one-time machines, beautifully stood up with almost zero footprint.”

“Stepping back, I really feel like we’re all a bit in that boiling frog moment – we’ve all sort of got used to the sense that, oh, it’s fine that every time I get a text message, I need to look at it very carefully. If I get a phone call, it’s probably a scam. It’s become a kind of wild world.”

If there is a truth in the identity industry akin to death and taxes, it is that fraud will always exploit the latest technology. We are nowhere near a world in which everyone simply decides not to commit fraud, and the temptation is surely greater when the technology to do it is readily at hand.

But throwing everything at the problem at once is not necessarily the most effective strategy. “You don’t necessarily have to put seven layers of solutions in front of it,” says Gadsden, “because I’ve seen that done and you lose 5 percent to 10 percent at each layer, and suddenly half your customers are being turned away.”

His answer is to bake quality into the product. That means factoring risk and regulation into the larger equation, and being nimble enough to react to new developments in fraud. Risk-based approaches allow for flexibility in deployment.

“Friction is not binary. It’s basically a dial set by a risk signal,” Khalid said. “Compliance and growth should read the same signal and not fight over the same gate.”

Noncompliance can be costlier than friction

As is often the case, the issue depends on how you frame it. Too much friction can burn. But losses from drop-off must be weighed against the cost of noncompliance. Friction, says Khalid, can be seen as a safety net, protecting businesses from steep regulatory fines and reputational damage.

In the end, the fraud versus friction showdown may be another case of fragmentation – in this case, the leftover fragments of legacy approaches. Compliance continues to consolidate: KYC, fraud prevention and AML are increasingly overlapping concerns. Each brings with it assumptions and mindsets about what friction means. But they may be false – especially in an ecosystem and a market that offers so many options. Businesses who put the work into finding quality providers can alleviate pain points, like a salve applied to creaky joints, and apply friction as needed for high-risk transactions.

Digital ID, biometrics ushering in new era of authentication

The global spread of digital ID also has implications for what Tom Gadsden calls “KYC FRAML.” Biometric authentication through digital ID opens new possibilities, new configurations and effective solutions. Machine learning also brings new capabilities. Friction – the great gnashing threat – may be losing its teeth.

“I think we’re actually in a really exciting world where consumers have got a lot more choice as to how they onboard customers,” he says. “Clients can provide better options that are becoming more and more practical each day. And Shufti and others are bringing solutions through that mean that the risk of your, you know, hobbyist trader who turns out to be a money mule is more easy to track and trace through the life cycle.”

The broader shift may be away from static onboarding flows toward adaptive identity orchestration, where biometrics, digital ID and risk signals determine how much friction is applied in real time.

Article Topics

AI fraud  |  authentication  |  biometrics  |  digital ID  |  fraud prevention  |  onboarding  |  Shufti