With more services shifting to virtual platforms, consumers and organizations are likely to experience more sophisticated forms of fraud, putting their personal information and finances at risk. Although these threats are cause for concern for both parties, it is up to organizations to ensure that customers aren’t at risk, while also not imposing unnecessary interrogations to prove their identities are valid, which can lead to customer frustration and dissatisfaction. To reduce the likelihood of either scenario, both identity verification and authentication are required — and it’s important to note that they are not the same thing. Organizations that don’t understand and leverage both make themselves vulnerable to increased fraud losses and frustrated customers.
Understanding identity verification versus authentication
Identity verification, also known as identity proofing, makes customer accounts more secure from the point of creation. The combination of a name, phone number, address and email provides organizations enough information to verify that consumer’s identity, forming an initial layer of trust. To build on that trust, this information can then be checked against other documentation, such as utilities or phone carriers, to ensure that the data matches. However, this process does not necessarily mean that the information entered matches the individual who entered it. Criminals use stolen data to create an account or apply for benefits in a victim’s name; this is where authentication comes in and why it is so important.
Authentication processes are often more involved than identity verification, requiring the individual to take several steps to ensure they are who they say they are. Some identity proofing systems may request a selfie and government photo ID for a facial recognition match from new customers. Authentication is an ongoing identity proofing process that checks both the identity of digital users and ensures the integrity of the devices they use. Users often experience authentication processes when, for example, they are asked to perform two-factor authentications, such as entering a one-time passcode to log in to their account.
What organizations can do to ensure customer safety
The confusion between verification and authentication can put organizations and customers at risk. Some solution providers exacerbate the misunderstanding by combining the two, instead of offering two distinct services. Solutions that verify identity can’t necessarily determine that the person supplying the identifying information is the rightful owner of that information. Treating a verified identity (“this identity exists”) as authenticated or proofed (“this user is who they claim to be”) makes an organization vulnerable to account takeover fraud and synthetic identities.
To avoid costly fraud losses, it is imperative for businesses to know the differences and find solutions that cater to both processes. However, these additional protections should not interfere with a positive customer experience. Repercussions from unnecessarily interrogative authentication processes won’t only leave a bad taste in customer’s mouths but can eventually lead to customer attrition.
Avoiding negative customer experiences
On top of being effective, authentication practices need to be friction-right: enabling companies to be competitive while avoiding the ramifications of a displeasing customer authentication experience. A growing wave of industry research supports this sentiment. A CMO Council study found that 61% of consumers say authentication frustration has caused them to quit a transaction they would have otherwise completed. An additional 85% report that a difficult authentication process reflects negatively on a company, including 53% who say it has “major” or “significant” negative impact. And according to TransUnion’s 2022 Global Digital Fraud Trends Report, approximately two-thirds of consumers would switch companies for a better digital experience.
It is the organization’s responsibility to provide safe interactions for customers and to foster trust without providing a negative customer experience. Organizations need to incorporate both identity verification and authentication processes to best protect customers, avoid significant fraud losses, and to ensure a friction-right customer journey.
