Let’s examine how to balance security and a frictionless user experience for digital onboarding.
You might know them as neobanks or challenger banks. Or maybe simply as online banks. Regardless of the name, companies like Revolut, Transferwise, and Monzo operate solely via apps and online platforms.
And their popularity is surging: neobanks have been growing at a CAGR of 20% between 2017 – 2020.
In this post, we’ll look at what makes them attractive to users, why digital onboarding needs to be fast and seamless, and how to ensure it is nonetheless secure enough to block fraudsters.
The Right Place at the Right Time
Following the 2008 global financial crisis, many banking customers laid the blame on well-known financial institutions. Public trust in banks had been on the decline for years, but confidence reached an all time low in Europe around 2009.
At the same time, a number of progressive financial regulations were launched in the EU. The original Payment Service Directive, quickly followed by PSD2, were aimed to break down the big bank’s monopoly on financial services and products.
These directives helped open the door to a new generation of banks operating mostly online, the neobanks.
Putting User Experience Front and Center
Another reason Neobanks are growing so fast? These companies have taken a leaf from the book of Silicon Valley startups when it comes to outstanding user experience.
This is immediately apparent when looking at the design efforts these companies have made, both for their online services and mobile applications. The clean lines, intuitive menus and easy to use features are designed to help everyone know exactly how to use the platform.
And then, of course, there’s the ease of registration that lets anyone get started in minutes.
A Frictionless Digital Onboarding Process
The onboarding process is quickly becoming an important battleground for Neobanks. Maximizing traction is a priority for these fintech companies, and if users cannot register with them fast and easily enough, they will go and do it with a competitor.
So what does a frictionless digital onboarding experience look like? It has to be:
- Easy: nobody wants to have to fill long forms and answer in-depth questionnaires to access a new service these days.
- Fast: no long delays to accept the application process. That means a clear understanding of the steps required, and giving expectations of how long the whole thing should take.
- Seamless: any lengthy security measures can put off new users by creating churn. Collecting additional documents like a selfie with ID document, or even more complex, a video chat conversation, can be a barrier for those who want to quickly sign in.
A High Target For Fraudsters
Unfortunately, Neobanks cannot just let anyone sign up to their services. This is because they are a high target for fraudsters, and the digital onboarding process is a particularly vulnerable stage:
- Money launderers hope to open an account in order to tumble their funds.
- Fraudsters use them to cash out, for instance, by signing up with a payment gateway, processing stolen card payments, and cashing them out via bank drops.
- Converting funds to crypto, when the neobank account acts as a “middleman” that lets fraudsters wire money to cryptos exchanges.
- Fundraising / ecommerce / marketplace scammers also use them to give themselves a legitimate-looking account, and receive deposits for services or goods they will not deliver.
- Promo and bonus abusers will open multiple accounts to take advantage of registration bonuses and referral programmes.
Account resellers will go through the application process and sell the login details on the darkweb.
Example of neobank accounts opened by fraudsters available for sale on the darknet
To add insult to injury, these fintech have more to lose than just a few bad users if they remove fraudsters from their platforms: they could suffer from a loss of reputation, not to mention heavy fines from regulatory bodies.
Stolen and Synthetic IDs Fueling The Problem
All of the criminal attacks mentioned above can be solved by using the right ID verification methods. But as we’ve seen, neobanks must ensure that these authentication processes aren’t getting in the way of legitimate users, while also being secure enough.
It’s also worth noting at this point that document verification is a legal requirement for Neobanks. KYC processes (know your customers) are highly regulated, so there is already a safety net in place at the legal level.
Still, the problem remains due to fraudsters’ ability to steal identities, and create fake ones, also known as synthetic IDs.
Stolen IDs: are the source of most problems relating to online fraud. Data breaches show no signs of slowing down, and darknet marketplaces make it easy to purchase bulk IDs, sometimes as full packages designed to open online bank accounts. Fraudsters also go to great lengths to acquire personal data via phishing, fake job openings or plain old hacking.
Synthetic IDs: use a combination of real and fake personal data. For instance, fraudsters often use stolen ID details from children with clean credit records, and create accounts with them to apply for loans.
Example of real ID scan that can be used for identity theft
Moreover, the growing popularity of AI-based technology such as deepfakes, which allow criminals to create a video or audio recording of people without their permission, raises new questions about the relevance of ID-based authentication.
Leveraging Alternative Data For Security
So how can Neobanks ensure their customers truly are who they say they are? By creating a profile that relies on people’s digital footprint as well as ID verification.
In fact, there is a surprising amount of questions companies can answer simply by looking at four key data points:
- Email address: is the user using a fake address? Did they just create it recently? Is it linked to any social media profiles – and if so, do they appear legitimate?
- Phone number: Have they used that phone number for social messaging services? Social media? Is it a landline or a mobile number, and where is it in the world?
- IP address: Are they using a VPN? Tor? Or are they logging in from a public server?
- Device used to login: Are they using an emulator to spoof a device? Or does it look like a real phone or computer?
While every single data point can be falsified, red flags should be raised if too many points appear suspicious. Understanding what looks suspicious and when users should provide additional information is the job of the fraud prevention team (which can be greatly helped by an AI-driven tool).
Conclusion – Better Digital Onboarding = Flexible Security Measures
Circling back to our point about onboarding friction, we can now see that balancing security and user experience is key for neobanks. Yes, they want to grow their user base as quickly and easily as possible. But they don’t want the door to be open so wide that anyone can enter.
The answer therefore lies in flexible and adaptable security tools. Balancing light and heavy KYC processes will help reduce fraud without creating obstacles for users with a clean record.
While there is always an element of trial and error to balancing security and easy onboarding, we believe fraud analysts have a large role to play in that important business process. This is why we have created a wide range of tools that gives them full control over risk thresholds, automated flagging, and ML-assisted decision making.