The UXtraordinary Experience — Part Two: Measure What Matters

The five fundamental steps to measuring UX more effectively

Shawn Johnson

February 3, 2023

The five fundamental steps to measuring UX more effectively

In part one of this two-part series, we discussed the importance of creating company-wide OKRs (Objectives and Key Results) to align your organization and teams to a set of prioritized objectives and measurable key results to improve your products, services and customer experiences. Once organizational objectives are created and communicated, each team will work together to define a set of accountable OKRs that supports the broader company goals. Tailoring OKRs for teams and individuals provides opportunities to focus on outcomes that are clear, transparent and measurable, creating alignment across regions, time zones and organizational departments.

In part two of this blog series, we will discuss how to measure what matters with new customers, subscribers and users. We’ll also outline the five fundamental steps to creating a measurement framework, along with additional tools and resources to collaborate more effectively and align to your company goals. Using these steps as a starting point to create your own framework will help your teams become more customer-focused.

Step One: Create a Team OKR that maps to your company OKRs and scales easily

The purpose of an OKR is to create an Objective (O) that is simple, clear and specific to enable teams to develop a series of Key Results (KRs). Because CX can positively or negatively impact several touch points across the organization, it is important to ensure that your objective resonates with your stakeholders, and is measurable. For example, take this company-wide objective from Part One: “Achieve Greater Scale by Increasing New Subscription Accounts.” It is easy to see how this objective can easily scale across product, user experience, engineering, security, brand marketing, sales and customer support centers.

A team Objective (O) that maps to the broader company goal would be, “Improve the Customer Experience to Increase Growth.” Key results could then include some of the following:

Increase new account creation by >40%
Increase return user transactions by >50%
Reduce false positive MFAs for return users by >20%
Reduce password reset requests by >50%
Reduce cart abandonment rates caused by authentication by >30%

Pro Tip: Implementing shared OKRs across an organization allows each team to identify where they can improve the customer experience to increase growth, loyalty and satisfaction.

Step Two: Align a cross-functional team of stakeholders that are customer-focused

It’s important to establish a cross-functional team of stakeholders who are invested in this collaborative exercise to identify as many touch points and CX friction points as possible. Once you have identified your stakeholder team, you can begin discussing how to improve the journeys by reducing unnecessary friction for the first-time and returning users caused by identity and security steps.

Pro Tip: Look at the different dimensions of the customer journey including onboarding, return users, product experiences, marketing and support centers to better understand your customers.

Step Three: Create effective CX Journeys to better understand your customers

The third step is to create a set of Core CX journeys that define customer pain points to better understand first-time and return customer needs. User and Customer Experience Journeys help to shape and clarify where your immediate efforts should focus and prioritize areas that benefit from an improved experience that creates business value and maps to the OKRs. There are a lot of online resources to help create your core journeys, and a great place to start is with the Nielsen Norman Group where there are different articles, templates and videos to help guide you through the process.

Pro Tip: It is important to ensure that your teams work together to identify opportunities that will benefit the customer, and even validate hypotheses using qualitative and quantitative methods.

Step Four: Establish scorecards that identify gaps and friction points

After defining your top customer journeys, teams should work together to identify gaps and where improvements can be made. Throughout this process, it’s important to begin developing scorecards for first-time (new) and return customers by assigning values to each action identified. A great example of this is to identify each step, field or scenario that challenges your customers whether that is their first visit or their 50th visit.

Here are examples of scorecards that illustrate some common friction points for new and returning users.

Pro Tip: Identify how many customers are on mobile versus desktop, and whether there are additional steps for individuals who engage across multiple devices, locations and geographies.

Step Five: Align on measurements and impact to deliver outcomes and opportunities

The final step is to align on measurements that deliver positive outcomes and create opportunities. Identifying baseline measurements while establishing scorecards drives transparency and cross-functional visibility within the UX and CX. Real-time product analytics are preferred, along with dynamic dashboards that visualize the data and can be easily shared across the company—from an IC to the C-Suite. As each team will have a different focus, it is important to review the scorecards and data daily to provide a more complete picture of customer experience.

Click here to use the calculator shown below and measure how UX friction is impacting your business.

Pro Tip: Prioritize for challenges and patterns in your CX data that impact multiple areas and/or provide opportunities for continuous improvements for users, the business and brand.

The most important step: Always focus on the customer

Every company and organization is different. It is important to work together to develop a series of OKRs, scorecards and measurements that focus on the customer and create value for the business through transparency, accountability, and shared goals.

For more information about measuring friction in your authentication process, please read our previous blog post here.

New Account Fraud is Everywhere, and Not Going Anywhere

Every company should account for new account fraud. Here’s how to do it.

Mark Gavigan

January 26, 2023

Every company should account for new account fraud. Here’s how to do it.

From basement-dwelling hackers to billionaire cryptocurrency moguls, fraudsters can be anywhere and anyone. The schemes employed by online identity fraudsters come in many forms—account takeover, credential stuffing, reservation fraud—but one subcategory continues to stand out more than others: New account fraud

As the saying goes, “a rising tide lifts all forms of fraud.” The pandemic-fueled surge in e-commerce over the past couple of years ($200 billion in 2021 and 2022) dramatically boosted online fraud, including a ~$2.5 billion hit from synthetic identity fraud in 2022 that’s projected to double by 2024. Expect more of the same this year, and for new account fraud to lead the pack.

Let’s take a closer look at new account fraud, why neglecting it is not a “$mart” idea, and how businesses can onboard new customers faster while neutralizing fraudulent signups.

Are you who you say you are?

So, you’ve ascertained someone isn’t a bot, that they’re indeed a someone. Great! The next step is to make sure this human is a genuine user and not a new account fraudster.

Similar to meeting your partner’s parents for the first time, new account fraud, from a security perspective, hinges on a crucial question: “Who are you really?” Parents want to know their potential son- or daughter-in-law isn’t an ax murderer; companies want to ensure a new customer is legitimate and won’t cost them millions in fraud losses and reputational damage down the line.

The major reason for new account fraud’s ascension is the widespread availability of stolen credentials, including PII (Personally Identifiable Information) data. For peanuts, fraudsters can obtain PII on the Dark Web and open new accounts in other peoples’ names. Or, if they’re particularly creative, they’ll open a new account using a synthetic “Frankenstein” identity consisting of stolen PII from multiple real identities.

Many times, however, security defenses simply aren’t up to snuff. For example, financial organizations reliant on device-based security and PII—otherwise known as static data intelligence—are prime targets for new account fraud. Fraudsters can easily bypass static data-based approaches by hijacking an email then resetting the user’s password, or outsmarting two-factor authentication (2FA) via sim swapping. Even newer security technology such as biometrics can be spoofed. For example, a stolen phone can be unlocked with facial recognition using a photo of the victim’s social media account.

New account fraud is easy for fraudsters to pull off. But the repercussions left in its wake? Those aren’t so easy to come back from.

A nightmare for operations and CX

Whether opening a credit card, applying for a loan, or creating an account to fraudulently splurge on sneakers, new account fraudsters bite B2C companies in a multitude of ways. The pain is palpable. In 2022, 69% of businesses lost over 6% of their revenue due to new account fraud, and 40% of businesses reported 10% or more in revenue loss because of new account fraud.

New account fraud’s nightmarish impact on companies’ operational budgets, bottom lines, and customer lifetime value (CLV) makes sense. In regulated industries, when it’s unclear if a loan or credit card applicant is legitimate, an analyst or investigator is often called upon to conduct the dreaded manual review and slog through loads of flagged applications and accounts, racking up labor costs and wasting precious time. Manual reviews also cause delays that frustrate applicants and potentially lead to churn or abandoned applications.

The customer experience, and by extension the company’s reputation, is equally ravaged by new account fraud—and static data intelligence that hurts more than helps. Exhibit A: false positives. One of the most common false positive scenarios is when someone moves and, upon applying for a loan or opening a new account, is mistakenly red-flagged because the credit bureau or other source has their previous address on file. Imagine applying for a loan you needed yesterday and having to take a selfie with your driver’s license—which also shows your old address, by the way—or worse, jumping on a Zoom call with someone from the bank. It’s easy to see how the added friction of unnecessary document verification steps can turn customer onboarding into customer offboarding real quick.

Thank you for your application. We are reviewing it and will contact you shortly. No thanks.

As long as companies verify new users via physical record checks with static attribute matching, new account fraudsters (and friction) will wreak havoc. Bad actors have every reason to continually outwit fraud defenses at the account creation stage, and one big reason in particular: money laundering. They need all the new accounts they can muster to drop their stolen money into, then move to other new accounts, rinse, lather, repeat.

Another online playground for new account fraudsters is crypto, a market that is weakly regulated and buttressed by funds uninsured by the FDIC. As consumer interest grows and wads of money are transferred every which way, all across the world, fraudsters can create bogus accounts with fake identities while authorities play regulatory whack-a-mole and figure out their security strategy.

In a landscape tailor-made for new account fraudsters, how can businesses fight back, salvage their bottom lines, and prevent genuine customers from jumping ship?

Real-time data: the ultimate truth serum

Scary as new account fraud may be, companies need a steady influx of new, authentic users to spur and sustain growth. But the problem with new users is just that: they are new. In this “first-look” scenario, when your business has no prior history with Nathan Newuser, how do you know Nathan is actually Nathan and not a stolen or synthetic identity, masterminded by some fraudster in his mom’s basement?

Deduce can help companies tell the difference, in real-time. Thanks to our network of 660 million US privacy-compliant identity profiles and 1.5 billion daily user events across 150,000+ websites and apps, in most new account opening use cases Deduce has previously seen 89% of new customers—43% of them mere hours before they enter the new account portal. Deduce’s real-time data, combined with historical behaviors—log in, checkout, password reset, online comments, etc.—help us discern just how risky (or trustworthy) a new user is. And, if we’re looking at a new user and aren’t stricken with deja vu, there’s a significant chance fraud is afoot.

Sure, most companies have a cybersecurity vendor (if not multiple vendors) in place, but the static data provided in the form of an email, biometric fingerprint, and the like can only confirm if a new user is human. Deduce is the additive, real-time component that completes the puzzle. Like a truth serum, Deduce injects its comprehensive breadth of data into the account in question and determines if they’re the genuine article. Remember that wrongly flagged new customer who moved to a new residence? Had Deduce been in the fraud stack, its Identity Insights would have seen online activities from the customer and cross-referenced these with device ID and geospatial data matching their new physical address. Deduce can also pull up the same data for a user’s prior address if need be, further ensuring that real customers aren’t thrown through verification hoops and banks aren’t subjected to pointless onboarding costs and (gulp) churn.

Fraudsters who think they can fake out Deduce will be unpleasantly surprised: they would virtually need to clone themselves to mimic the website browsing and online activity of a profile across multiple devices over an extended period of time—all while living in the same location as their chosen identity fraud victim.

New account fraud is real, really serious, and won’t go away without a solution that consistently identifies real users in real-time. Deduce intercedes at the riskiest fraud stage and stops a potential breach in its tracks, while saving significant time and money during the verification stage and, most importantly, creating a seamless UX for legitimate new users.

Tired of new account fraud? Contact us today and get up and running with Deduce in just a few hours.

The UXtraordinary Experience — Part One: Developing OKRs

OKRs align teams that are critical to customer success

Shawn Johnson

January 13, 2023

OKRs align teams that are critical to customer success

At a recent CXO conference, we had the opportunity to poll top marketing and user experience leaders with a series of questions about their biggest challenges with user friction and security. Our questions uncovered some interesting results and concluded that most organizations do not have effective OKRs (Objectives and Key Results) and measurement frameworks to identify, track and reduce friction caused by security for new customers in the areas of account creation and first-time purchases.

One of the most significant poll results found that 80% of leaders stated there was “little to no” interaction between their UX and security teams. Separately, 70% did not measure the business impact of user friction on the experience, and 65% only tracked users after they had logged in.

As an executive leader in the Design and Product development space, I can attest to the challenges that many organizations face, no matter their size. In today’s digital world, organizations are moving fast and focused heavily on actions to get their launch, iterate and evolve their products quickly. As a result, many do not take the time to establish a set of clear OKRs and scorecards to evaluate customer impact on their acquisition and business during launch and following their product release to market.

OKRs have become widely adopted by many of the largest companies in the world including Google, Netflix, IBM, Microsoft and Amazon, to achieve ambitious goals for the organization, teams and individuals. OKRs are effectively divided into two parts that align objectives with measurable outcomes.

Objectives should define what you want to achieve. They should be clear and concrete, action-oriented and challenging to ensure that everyone is aligned.
Key Results should express how the objectives will be achieved by the organization, team, or individual to create a measurable outcome that is time-bound and challenging.

Now you may be asking yourself, how are OKRs different from KPIs (Key Performance Indicators)? Simply put, OKRs help to establish and set measurable goals for performance and a defined set of actions that lead to outcomes that can scale more broadly and effectively across the entire organization. KPIs are generally a set of metrics used to assess the performance of ongoing activities, features and processes. When developing company-wide organizational OKRs it is important to remain inspirational at a high level in order to define key priorities for the organization. In doing so, it allows managers and team members to set their own OKRs that best align with the company’s objectives and creates both flexibility and autonomy through transparency and accountability.

So, how can you create shared OKRs to measure the impact of security friction on your customers and business? It starts with the UX and Security teams working together with a cross-functional group of product, engineering, marketing and business leaders to identify areas within the journeys that can be improved or eliminated. Every company is different in how it will score and measure friction through qualitative and quantitative methods; however, what is most important is gaining alignment between teams that are critical to the customer experience through a set of shared OKRs.

Here are two examples that will help with context and guidance for you and your teams when creating corporate and cross-functional team alignment.

Example 1: A new fintech company that focuses on wellness apparel, equipment and content is launching a new product that includes retail and subscription services.

Objective (O): Launch a new minimum lovable product for web and mobile users.

KR1: Get 250,000 new account subscribers in the first year.
KR2: Get 25% of first time users to make a purchase within 7 days of account creation.
KR3: Maintain an App Store rating of > 4.5 stars.

Example 2: An online retail company wants to increase monthly subscriptions that convert into higher transactions and return-users as they shift primarily to online digital versus traditional.

Objective (O): Achieve greater scale by increasing new subscription accounts.

KR1: Gain >50,000 new subscribers per month.
KR2: Increase first time purchases by 20% per month.
KR3: Achieve a Net Promoter Score (NPS) of >65%

In order to be successful in this rapidly changing world where customers are at the heart and soul of your company’s success, it’s important to ensure alignment, consistency and transparency through cross-functional company collaboration and goals. When you’re ready to implement OKRs, these three keys will help create positive results for your customers and business.

Encourage teams to work together to create a customer-centered approach.
Define a set of company-wide OKRs, scorecards and measurements for success.
Ensure collaboration, communication and transparency to prioritize customer needs.

Having the confidence and intelligence to better understand your first-time customers before they reach your site or application, and super-serve your returning customer needs, yields two significant outcomes. Not only does it build trust in your brand, but also creates a more meaningful user experience that lowers acquisition costs while increasing customer satisfaction (CSAT) and lifetime value (LTV).

Ready for some more UX nuggets? Check out Part Two of The UXtraordinary Experience: “Measure What Matters.”

Measuring Authentication Friction Early in the Customer Journey

Where should journey analytics begin? The beginning.

Mark Gavigan

November 12, 2022

Where should journey analytics begin? The beginning.

Your first trip to Disneyland. Graduating high school. Crashing your dad’s red Ferrari. Good or bad, our early life experiences stay with us and shape who we are.

A similar logic applies to the online user experience (UX). Sure, logging in to an app doesn’t warrant a page in the family scrapbook, but, for B2C companies, the early stages of the user journey can go a long way in determining if someone leaves a negative review, abandons checkout, or bails for a competitor.

Despite the importance of delivering a positive user experience early on, journey analytics—how companies measure user interactions—are mostly observed later, or post-authentication. Many brands looking to personalize their in-app experiences neglect the beginning stages of the user journey (account creation and login) where churn and cart abandonment rear their ugly heads.

The impact of a negative authentication experience is startling. It’s imperative for brands to leverage journey analytics early on—from the point your customer hits your webpage, or opens your webOS or native mobile application—and prevent users from entering authentication purgatory.

Journey analytics is the key to customer centricity

For those who don’t read the CXO trades, journey analytics is the means by which companies observe and understand the business impact of users’ decisions. An ideal journey analytics platform enables CX teams to analyze user needs and sentiment at every step of the journey with help from surveys, Net Promoter Scores (Rotten Tomatoes for CX), and social listening (monitoring online discussions about a brand).

In today’s landscape, prioritizing journey analytics is central to building a customer-centric business. It’s the most efficient way to gather direct and indirect feedback and track UX issues in real time.

However, companies that solely track journey analytics post-authentication are missing the mark. A holistic approach to journey analytics—measuring user behavior from the time they visit an app to the time they transact—is far more effective and addresses authentication issues that otherwise get overlooked.

Authentication friction: a grisly sight

To further underscore the importance of tracking journey analytics at the authentication stage, let’s check out the quantified impact of login and signup friction for new and returning users.

We worked with Shawn Johnson, former GVP of Global Product and Design for Discovery+, DiscoveryGO, and NBCUniversal, to rank the negative CX impact of various authentication actions. (The higher the number, the more it detracts from CX.)

First up: new customer friction. In the table below, you’ll notice even seemingly minor actions, such as entering and re-entering an email address, or entering a phone number, hurt CX early in the customer journey. Verifying an email or phone number (-25) is a big no-no.

For returning customers, the authentication process lends itself to many possible CX detractors. The two whoppers—locked account following incorrect password, and false positive credit card decline (-50)—deal the biggest blow to users (and user retention).

The multiple actions related to an incorrect or forgotten password add up fast. So do other common snags like incorrect email and reCAPTCHA errors, unextended sessions, and the dreaded false positive MFA challenge, when a legitimate customer is subjected to a multi-factor authentication workflow.

At a recent CXO Exchange event, the CXO of a utility company described how 14 percent of inbound calls to the call center were related directly to signup or login problems. Further, 95 percent of customers requesting signup or login assistance from an agent never used the online, self-service features offered by the company again. At an average cost of $27 per call, this has a significant impact on the lifetime service cost of a customer who calls in for support with security-related issues.

One important callout is that new and returning users continue to favor mobile over desktop. Mobile user experiences are more susceptible to friction, namely at the authentication stage, which can exacerbate these friction scores by as much as 20 percent.

(Note: Feel free to download the tables above and keep track of your own CX detractors.)

The business impact of authentication friction

Companies that ignore journey analytics at the authentication stage fall victim to account creation friction (new users) and interrupted sessions (returning users). These issues result in churn, shopping cart abandonment, and other monetary impacts that deal a significant blow to bottom lines.

How significant? Try $1.2 trillion—that’s how much US businesses lost last year due to misidentifying legitimate customers, far more than identity fraud ($95 billion), a serious issue in its own right. (Use our calculator to see how much account creation churn and interrupted user sessions are costing your business.)

A convoluted signup process will always increase the likelihood of account creation abandonment. New users want to plug and play; asking them to verify by email or one-time passcode is an immediate step in the wrong direction. Returning customers, on the other hand, abhor re-authenticating during a browsing session. Per the FIDO Alliance, 60 percent of consumers have ditched an online cart because of password problems, and an accumulation of such friction could lead them to ditch a platform altogether.

Both of these issues begin at the point of entry. Deploying journey analytics early on is a necessity, but it isn’t the cure-all. The solution lies in identity.

Build a culture that reduces UX friction

Making a conscious decision to remove customer friction is part of a “customer first” cultural decision. As such, this can be measured by a corporate OKR (Objective and Key Result) that is owned by everyone in the organization. Importantly, as is common with OKRs, it requires cross-department collaboration where it may not exist today. Specifically, the Design/UX and security/fraud teams should establish KPIs for UX friction and meet regularly to review results and work on improvements.

Using a scoring system similar to the one discussed earlier, set milestones for both user journeys—new and returning users—and proactively reduce friction to as close to zero as possible. One KPI, for example, could be cutting false positive MFAs by 75 percent.

While monitoring user behaviors early in the customer journey is a necessity, it isn’t a deterrent for signup churn and login issues. The real solution lies in identity, specifically real-time identity intelligence.

Real-time identity intelligence (and a lot of it) is how Deduce neutralizes authentication friction so that customer journeys aren’t cut short before they even start. Our identity graph, the largest addressing risk, fraud, and trust in the US, enables us to know if users are legit prior to signup. Risk and trust signals analyze factors like geography and time of day against a user’s known tendencies, device, and network. If everything checks out, the user can zoom past annoying verification steps.

Some of the trust and risk signals Deduce uses to verify identities

Real-time identity intelligence also enables returning users to continue their sessions unimpeded when they come back to a website or app. These extended sessions—known as continuous authentication—keeps users logged in so they aren’t booted prior to conversion.

If a new or returning user remembers their experience on an app or website, real-time identity intelligence ensures it’s a fond remembrance and not an angry snowball that builds into an avalanche of displeasure.

Journey analytics is a crucial tool for identifying CX issues at the earliest stages. It helps set goals and KPIs for eliminating these issues. But, when it comes time to smooth over verification speed bumps for new and returning users, ultimately real-time identity intelligence is the steamroller.

Want to treat your customers to The Trusted User Experience? Contact us today to get started.

Authentication Time is the New Page Load Time

Fast load times are a given. Now, users desire faster authentication.

Mark Gavigan

September 27, 2022

Fast load times are a given. Now, users desire faster authentication.

You’ve got Mail! Once upon a time, in the America Online years when The Internet Superhighway slowly began to approach Autobahn speeds (you know, 50kb/s), page loading was a big deal. Even into the late aughts, phlegmatic page load times crippled websites. Tech companies and agencies would advertise “More responsive websites make more money” and “You’re losing customers with your page load times.” Website speed was a competitive advantage.

Fast-forward to 2022, and broadband internet in the US is the norm. Dial-up connections are as common as phone books. Page loading times are still important, but not nearly the nuisance they once were. Besides, as of August 2022, the majority of web visits skewed mobile (54% versus desktop’s 46%), and last year 90% of those mobile visits were on apps, not websites. 5G will only tip the scales further.

What does this mean? Simple: it’s time to prioritize user login and authentication. With website page loads no longer a slog, and more users glued to their mobile devices, expediting these processes will ultimately impact retention, conversions, and the user experience at large.

Few things grind a user’s gears like login trouble. The chagrin (and potential for churn) is multiplied exponentially if said user is trying to buy popular concert tickets, capitalize on a time-sensitive online sale, or locate an important email.

A major user experience detractor that strikes at the login stage is multi-factor authentication (MFA). The helicopter parenting of account verification, MFA’s added friction is not worth it when more efficient alternatives to preventing account takeover (ATO) are out there. MFA elongates the verification process and flags legitimate users in what is called a false positive challenge—a nightmare on UX Street.

MFA isn’t necessary when companies can identify trusted users via identity intelligence. This Trusted User Experience also unlocks the passwordless approach to login, which negates another customer pain point: password reset.

We’ve all endured the forgotten password song-and-dance, but this rundown from the Stytch blog illustrates just how painful and time consuming the process is:

Step 1: User forgets password.

Step 2: User clicks “Forgot password?” link.

Step 3: User enters email and requests password reset flow.

Step 4: User opens inbox and clicks the password reset link.

Step 5: User creates a new password with a set of 10 elaborate security requirements.

Step 6: User confirms new password.

Step 7: User is redirected to the original login page.

Step 8: User enters username and new, complicated password.

With logged-in session extensions for trusted users backed by continuous authentication, or a passwordless login approach, users won’t need to remember or create a complicated password they’ll likely forget and need to reset later.

But remember, too, that passwordless login won’t mean squat-diddly if your account creation process is a mess. One QSR company told us that 10 percent of new app signups were lost because of incomplete email verification steps. Speeding up account creation by implementing progressive form-fill and streamlining verification steps is a must—they can’t login if they don’t exist!

Enabling Continuous Authentication

Once a user creates an account and logs in, a CXO’s job is to keep them logged in. Enabling continuous authentication for trusted users helps do just that, and prevent login issues that can lead to abandoned shopping carts, churn, and reputational harm. Amazon’s continuous authentication feature is perhaps the most well-known example. (Can you remember the last time Amazon asked you to login?)

Continuous authentication may give security teams the heebie-jeebies, but the same real-time identity intelligence that allows for passwordless login ensures that only real customers are let back in. Various real-time signals across the risk and trust spectrum determine if a customer warrants a session extension cookie and can be sent to checkout.

Companies that utilize Deduce’s continuous authentication enjoy an additional benefit: a user’s identity is alway secure, even when they are not actively using a given website or app. For example, If a user’s credentials are breached on another platform within our network—the Deduce Identity Network—that user’s session extension cookie is revoked and they’ll need to reauthenticate. The same logic applies to users who have authenticated elsewhere on our network.

For apps trying to facilitate the customer journey it all starts with identity, and continuous authentication, like its passwordless cousin, hinges on identifying genuine users—fast.

The common thread: identity intelligence

The entire turbocharged authentication machine—expedited account creation, passwordless login, continuous authentication—doesn’t work without identity intelligence. In the same way broadband internet disrupted the dial-up/page-loading conversation, real-time identity intelligence marks a true before-and-after moment in the annals of the user experience.

Joining the instantaneous authentication revolution requires real-time identity intelligence, yes, but companies also need dump trucks full of it. Garnering enough real-time identity intelligence to consistently identify a never-ending hoard of fraudsters and consumers—an amount of data rivaling the likes of Google, Apple, Microsoft, etc.—seems daunting, if not blatantly unrealistic. With Deduce, however, companies can enjoy the same data-rich benefits of the tech behemoths.

Deduce’s Identity Network is the largest identity graph for fraud in the US. Companies who tap our network immediately gain all of the real-time data they need to preempt fraud, streamline account creation and login, and continuously authenticate users: 500M+ unique identity profiles, 150K+ websites and apps, and 1.4B daily interactions.

Given its positive impact on the user experience, we believe it’s high time for billboards and online ads to promote fast authentication—in the same way companies trumpeted their fast page load times all those years ago. And if their authentication isn’t fast to begin with, Deduce’s real-time identity intelligence can help with that.

Want to shift your account creation, login, and continuous authentication into hyperdrive? Contact us today.

Deduce in the Wild: Hunting Fraud in the Online Savanna [Video]

Never a dull moment at the authentication waterhole

Mark Gavigan

September 15, 2022

Never a dull moment at the authentication waterhole

Just another wild day at the authentication waterhole: Deduce was busy sniffing out fraudsters masquerading as consumers.

Lucky for us, our cameras were rolling!

Want to take a bite out of identity fraud and streamline your user experience? Contact Deduce today.

The Sneaker Bot Dilemma: Driving Sales Without Churning Users

A successful hype sale mustn’t harm the user experience

Mark Gavigan

August 30, 2022

A successful hype sale mustn’t harm the user experience

The aptly named “hype sale” is all the rage in today’s online landscape. The successor to the brick-and-mortar doorbuster, hype sales drive massive traffic and sell out exclusive physical and digital goods in record time.

NFTs. Concert tickets. Collectible cards. Companies can hype up practically anything. Sneakers—yes, that includes Crocs—move the needle like no other.

However, what’s moving that needle is where the problem lies. Footwear hype sales attract millions of bots, mostly scalper bots, that easily beat out the sneakerheads waiting torturously in the online queue.

Ostensibly, e-commerce companies should be pleased. After all, isn’t the point to sell inventory? But, lost in the drummed-up excitement and revenue spike, is bots’ impact on the user experience (UX). In a bot-eat-bot world, can hype sales drive maximum profits without disappointing sneaker fans?

Bots are here to stay (and wreak havoc)

Between March 3, 2020 and January 2, 2021, scalper bots were responsible for almost 50% of shopping cart requests. The ubiquity of these bots can be tied to their accessibility: finding them is a cinch, and deployment doesn’t require black-hatter expertise.

Sneaker bots dance circles around their human counterparts.

Scalpers have a smorgasbord of bots at their disposal. Scalpers looking to flip sneakers for profit use “All In One” bots (AIO), such as Stellara or Dragon AIO. After procuring an AIO bot on either the dark web or Discord, sometimes for as much as $50K, scalpers can then buy sneakers from more than one website—faster and more intelligently than any single human could.

Scalpers covet bots, including the AIO variety, as much as the exclusive items themselves. Demand is so high, in fact, that sometimes they use a bot to buy a bot, and bots are flipped for thousands of dollars just like the products they help purchase. With the multibillion-dollar reseller market continuing to thrive—thanks in part to the pandemic’s influx of remote entrepreneurialism—the message is clear: bots are here to stay (and infuriate legitimate sneaker buyers).

Hype sale mayhem

If a glamorous new sneaker is up for grabs, bots are guaranteed to show up and wipe out the inventory. This can be brutal on an e-tailer’s server and web resources. Sophisticated bots can even grab sneakers from inventory management systems before they’re available for purchase.

It goes without saying that bot detection and mitigation is crucial. Aside from protecting the hopes and dreams of legitimate sneaker collectors, too many bots could crash a website or app altogether. But an all-out assault on bots isn’t the move: some bots are actually genuine customers trying to outmaneuver the bad bots.

Shoes like the Yeezy 750 Boosts, pictured above, sell out in minutes (if that).

Installing a bot mitigation solution, to separate the good bots from the bad, is a start. Yet, it still doesn’t do much to assuage those real customers who don’t have the luxury of a bot—those bot-less sneaker aficionados who lose out and then watch bot-assisted purchasers gloat on social media afterwards.

These customers are likely to churn, and they could drag a brand’s reputation through the dirt on their way out. If a company’s plan is to alleviate its bot problem—without damaging its brand image and UX—it might be time to focus on the humans.

Banking on trust

Maximizing hype sale profits while appeasing bot-less customers is, admittedly, a tough nut to crack. A blanket approach to neutralizing bots will also affect the good bots, and nets a less spectacular financial outcome. Meanwhile, a lax strategy that lets too many bots in might severely compromise UX and cause reputational harm.

We don’t have a silver-bullet solution to this problem (no one does), but we have an idea: focus on trust, not risk.

Assuming an e-tailer has a bot mitigation platform in place, it behooves the merchant to then verify the users in the waiting room and ensure the legitimate human customers are granted preferential treatment. This means moving them up the queue, ahead of bots, and drastically improving their chances of achieving sneakerhead nirvana.

This, of course, requires a stockpile of real-time identity intelligence that uses trust signals—geography, device ID, etc.—to seamlessly authenticate customers. Big shoes to fill. But Deduce is up for it.

Our Identity Network, the largest real-time identity graph for fraud in the US, spans more than 500 million unique user profiles and over 1.4 billion daily activities from 150,000+ websites and apps. If trust is indeed the key to balancing hype sale success with a seamless UX, there’s no better compliment to a bot mitigation solution.

Want to learn more about how Deduce prioritizes trust to facilitate the user experience? Contact us today.

Identity Fraud is Up 109%. Can You Protect Users Without Adding Friction?

Good news: Increased security and a seamless UX aren’t mutually exclusive

Mark Gavigan

August 19, 2022

Good news: Increased security and a seamless UX aren’t mutually exclusive

A recent payment intelligence report from Fraugster unearthed plenty of unsettling stats from the past year: online fraud accounted for about $80 billion in losses; false positives negated $14 billion worth of legitimate transactions; and gaming fraud increased by an all-time high of 32%.

However, the most sobering takeaway from the report might be the ongoing surge of identity fraud and its various forms. A nefarious hydra of account takeover (ATO), credential stuffing, and synthetic identity fraud—which saw a 109% increase—is outwitting cybersecurity defenses left and right.

This is a head-scratcher for B2C companies, specifically CXOs, CMOs, CISOs and their security teams. Users are more wary of fraud than ever, yet 85 percent of them dislike companies with identity verification issues. How do you bolster fraud prevention efforts without compromising the user experience (UX)?

Rest assured, we are doom-slayers, not doomsayers. Below, we’ll dive a bit deeper into ATO, credential stuffing, and synthetic identity fraud, then show you how top-notch fraud prevention and seamless UX can indeed play on the same team.

Synthetic identity fraud (+109%)

Considering synthetic identity fraud is firmly on the Federal Reserve’s radar, its 109% YoY increase makes sense. Only two years ago, in 2020, synthetic identity fraud cost financial institutions $20 billion.

Synthetic identity fraud occurs when bad actors combine legitimate emails, phone numbers, and other personal info from disparate identities to create a bogus “Frankenstein identity” capable of circumventing customer verification. Parents of newborns with recently minted social security numbers should be extra vigilant because those fresh SSNs are a gold mine for fraudsters.

The most frustrating aspect of synthetic identity fraud is its elusiveness: identifying the Dr. Frankenstein behind a Frankenstein identity is incredibly difficult. Synthetic fraudsters are also more patient, often taking out smaller loans and paying bills on time to remain incognito.

Account takeover (+52%)

Account takeover, when fraudsters use stolen customer credentials to hijack an account and purchase goods, jumped 52% from last year. This is due in part to an uptick in card-not-present (CNP) transactions, e.g., transactions made online or over the phone that don’t make use of the EMV chip present in debit and credit cards.

Once an account is taken over, the possibilities are endlessly disastrous. In 2021, the three most likely post-ATO activities were making fraudulent purchases; extracting money from person-to-person apps, such as PayPal or Venmo; and editing account info in case a future transaction prompted a verification request. Another unhappy result of ATO, loyalty point theft, is on the rise, mainly due to the downturn in travel and leisure during COVID-19.

It goes without saying that account takeover victims—and customer support teams—don’t look back on the experience with glee. According to Javelin Research, ATO attacks can cost customers more than $290. Customers also spend 15+ hours undoing the wreckage.

Credential stuffing (+45%)

Credential stuffing, an identity fraud tactic that’s essentially a malicious game of trial-and-error, grew 45% from the previous year. With the final quarter of 2022 closing in fast, B2C businesses and their users must be on guard as credential stuffing attacks rise 10x amid the holiday shopping fracas.

Similar to account takeover and synthetic identity fraud, the credentials that aid these attacks often derive from security breaches. Leaked usernames, passwords, social security numbers and the like get peddled on the dark web for as much as $15K and as little as a few dollars. Per IBM, around 30,000 account credentials were sold on the dark web in 2021—in some cases, sellers even offer 1-2 week refunds if buyers can’t access the promised account.

Have your cake, eat your cake

For those keeping score at home, synthetic identity fraud, account takeover, and credential stuffing attacks: not fun. But they aren’t invulnerable either, and, even better, you can wipe them out while still maintaining a frictionless UX.

The trick to stopping this troika of identity fraud is neutralizing the perps before they can strike. This, of course, requires a hefty chunk of real-time identity intelligence, which in turn unlocks a Trusted User Experience—the perfect balance of airtight security and a seamless customer journey. The Trusted User Experience also encompasses continuous authentication. Akin to shopping on Amazon, continuously verified users aren’t bombarded with authentication challenges that lead to abandoned shopping carts and potentially churn. If a user’s identity operates within its usual parameters, they won’t need to log in upon revisiting a site or app.

On the security side, real-time identity intelligence preempts identity fraudsters who have access to behemoth data sets. The average fraud prevention solution—tools that depend on static, historical data alone (names, emails, physical addresses, SSNs)—can’t compete with these bad actors, as most of this data is already up for grabs on the dark web. If businesses want to protect their finances and reputations, a massive stockpile of real-time, dynamic data (user activity, IP address, device, geography, etc.) and the resulting risk and trust signals is the way.

Thanks to the Deduce Identity Network and its MAMAA-like hoard of dynamic, real-time identity intelligence, creating a secure yet seamless UX is easier done than said.

Our Identity Network is the largest real-time identity graph for fraud in the US. It gathers more than 500 million unique user profiles and over 1.4 billion daily activities from 150,000+ websites and apps. This data continues to grow by the minute, delivering a Trusted User Experience that preemptively recognizes legitimate users and bad actors in equal measure.

Want to have your Trusted User Experience cake and eat it, too? Contact us today and get started in just a few hours.

What Every CXO Needs: More Identity Intelligence

How to balance the teeter-totter of security and personalization

Mark Gavigan

August 15, 2022

How to balance the teeter-totter of security and personalization

In 2020, Gartner found that almost 90% of businesses had a Chief Experience Officer (CXO) or equivalent role—roughly a 25% jump from 2017. Translation: a safe, seamless, and personalized user experience (UX) is no longer a nice-to-have.

Creating a user experience that checks all of those boxes is easier said than done. Siloed working environments, which hamstring collaboration between CXOs, CMOs—who sometimes manage CX initiatives—and security teams, don’t help. But a lack of identity intelligence is the foremost obstacle standing between CXOs and UX utopia.

What is identity intelligence? How do you obtain it and put it to use? You’ll find answers to these questions below, as well as examples of how identity intelligence boosts personalization and cybersecurity efforts.

Identity intelligence: the panacea

Unlike behavioral biometrics, which measure a user’s physical and cognitive traits for verification, identity intelligence relies on massive datasets, derived from scaled-out networks, that comprise insights on how legitimate users interact online.

Identity intelligence, when it’s done right (i.e., in real-time), is the most formidable defense against the growing threat of synthetic identity fraud. Synthetic “Frankenstein identities” composed of stolen emails, social security numbers, and other personal info don’t stand a chance against the preemptive nature of identity intelligence and its litany of comprehensive behavioral activity.

Powered by machine learning, real-time identity intelligence grows smarter with each interaction and spots fishy accounts before they can inflict harm. Understanding trusted user identities by tracking normal online behavior over time—versus identities that act in a fraudulent manner—is a crucial tool for security teams and subsequently CXOs looking to unlock a Trusted User Experience.

Trust is a must

Airtight security is foundational to any delightful user experience. B2C companies are more wary of fraud than ever before. Consumers, in lieu of identity fraud growing 109% last year, are equally fearful of fraudsters and desire a UX that doesn’t skimp on security. But convenience is coveted, too, and a Trusted User Experience—what every CXO should aspire to—is the ticket to a customer journey that is both secure and frictionless.

The Trusted User Experience facilitates both the account creation and returning customer journeys. Account creation often requires the customer to verify their email address or phone number by receiving an email to click on or a text message containing a one-time passcode (OTP). This is textbook friction. Trusted users, verified by an identity network and behavioral intelligence, can skip this step and head straight to their targeted content.

Balancing security and convenience is also made easier through continuous authentication, which signifies a massive step towards a secure, passwordless future.

Continuous authentication staves off authentication challenges that hinder UX (and revenue). According to the FIDO Alliance, 60% of online shopping sessions are abandoned by existing customers due to authentication challenges, which also run the risk of churn and reputational damage downstream. Once a trusted customer is authenticated, they can be issued a logged-in session extension that is continuously monitored as they traverse the online universe. Assuming their identity continues to operate normally, they’ll remain logged in when they return to the site or app issuing a session extension. Remember the last time you had to log in to Amazon? Probably not. That’s continuous authentication at work.

Verifying users instantaneously by keying in on the person and their device, and repeatedly authenticating them throughout a session, are hallmarks of real-time identity intelligence. The personalization piece of identity intelligence also plays a key role in facilitating UX.

Taking it personally

Modern users want to be safe online. They also want to be pampered and treated like they use your app every day, even if it’s their first time. In short, they want to be treated as individuals—not as a collective of consumers.

Identity intelligence activates this level of personalization. Real-time trust signals such as geolocation, combined with a user’s behavioral intelligence, enable CXOs and other CX stakeholders to deliver a highly tailored experience that’s relevant to customers and ultimately more profitable for businesses.

Data privacy, of course, factors into the personalization discussion, so tapping into real-time identity intelligence from privacy-compliant networks is also important. However, a recent Experian report suggests the rise of a more forthcoming user: 57% of consumers are open to sharing data in service of stronger security, and 63% believe data sharing is worthwhile (up from 51% last year).

How to supercharge UX with identity intelligence

Have a hankering for Trusted User Experiences? Creating a seamless, secure, and personalized UX is easier than you might think.

The first step is to make sure you have a Customer Identity Access Management (CIAM) platform in place, such as Auth0, Okta, ForgeRock, PingIdentity, Strivacity, etc. A CIAM platform is where trust and risk decisions are made at the point of user authentication. The risk engine and orchestration aspects of a CIAM are what act on identity intelligence, and many of these platforms feature marketplaces with no-code implementation for partner solutions that expedite setup.

Even the leading CIAMs require a healthy diet of Grade-A, real-time identity intelligence to authenticate effectively. That’s where Deduce comes in.

The Deduce Identity Network, the largest real-time identity graph for fraud in the US, is a legitimate user’s best friend and a fraudster’s worst enemy. Powered by more than 500 million unique user profiles and over 1.4 billion daily activities gathered from 150,000+ websites and apps, Deduce’s identity intelligence solution recognizes trusted users accurately and preemptively. Deploy Deduce independently or stack it right on top of your existing anti-fraud infrastructure, seamlessly integrated into leading CIAM platforms, and launch a Trusted User Experience in just a few hours.

Want to see what Deduce’s real-time identity intelligence can do for your customer experience? Contact us today.

Want to Stop Fraud & Improve UX? Bots are Only Half the Problem.

Humans can be pretty bad, too

Mark Gavigan

August 7, 2022

Humans can be pretty bad, too

It’s a bot-eat-bot world out there. 77% of cybersecurity incidents are bot-based, and bot management companies, such as Human Technologies and PerimeterX, are merging to outgun malicious robo-fraudsters.

This begs a crucial question: What about humans? Don’t get us wrong—we’re all for short-circuiting those bad bots—but there are still those pesky bad actors you have to worry about, too. (Those bots don’t create themselves, you know.)

Below, we look closer at the bot craze in the current fraud landscape, the downside of solely doubling down on bots, and why differentiating between legitimate and illegitimate humans is just as important.

Bot-y slammed

Human Technologies and PerimeterX joining forces, as well as Thoma Bravo’s acquisition of Ping Identity, underlies a consolidation trend that’s emerged over the past few months. Irrespective of industry, some of these mergers are due to plummeting valuations; but, in the case of cybersecurity companies—who enjoyed a record year of funding in 2021—many are partnering because the growing threat of data breaches, exacerbated by the normalization of remote work, is simply too much to handle.

Like Human and PerimeterX, we may see other bot vendors merge before year’s end. It’s understandable given how sophisticated bots have become in a short amount of time. They’ve grown to be disturbingly human-like, adaptable, and subsequently much more difficult to spot, swiping personally identifiable information (PII) off websites, engaging in click fraud to boost ad revenue, and otherwise profiting from other shady tactics.

Bots are scary, indeed. So are their seedy human counterparts. Companies enlisting a fraud prevention solution need to understand that stopping bots is only half the battle; neutralizing living, breathing fraudsters—without hindering the user experience (UX)—is the final piece.

Identity intelligence, anyone?

So, you’re on board with putting the clamps on bad bots AND bad humans? Awesome. The next step is to ensure your fraud prevention solution of choice is leveraging the right kind of data, i.e., identity intelligence.

Most anti-fraud tools rely on behavioral biometrics. While it’s effective against bots, it can also cause serious UX issues in the form of false positives. Behavioral biometrics—which monitors behavior such as keystrokes, mouse movement, finger tapping, etc.—will easily trigger a multi-factor authentication (MFA) request if a user deviates from their typical pattern. A drunk or sick user may type or speak unusually (gait analysis); a user with different keyboards at work and at home might be flagged incorrectly (keystroke analysis).

Another flaw of behavioral biometrics is that stockpiling enough personal data to successfully analyze a user’s behavior takes time. A solution centered around identity intelligence, on the other hand, has all of the data it needs in real-time.

It’s time for real-time

If companies want to stop bots and humans alike, real-time identity intelligence is the ticket. Deduce packs more of this data than any other solution, making it a thoroughly accurate standalone or complementary defense system that won’t muck up UX.

Deduce is home to the largest real-time identity graph for online fraud in the US. Its Identity Network leverages more than 500 million unique user profiles and over 1.4 billion daily activities to recognize legitimate users and prevent account takeover—including synthetic identity fraud.

Want to see how Deduce can spot bad bots and humans and help create a Trusted User Experience? Contact us today.

The five fundamental steps to measuring UX more effectively

Step One: Create a Team OKR that maps to your company OKRs and scales easily

Step Two: Align a cross-functional team of stakeholders that are customer-focused

Step Three: Create effective CX Journeys to better understand your customers

Step Four: Establish scorecards that identify gaps and friction points

Step Five: Align on measurements and impact to deliver outcomes and opportunities

The most important step: Always focus on the customer

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

Every company should account for new account fraud. Here’s how to do it.

Are you who you say you are?

A nightmare for operations and CX

Real-time data: the ultimate truth serum

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

OKRs align teams that are critical to customer success

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

Where should journey analytics begin? The beginning.

Journey analytics is the key to customer centricity

Authentication friction: a grisly sight

The business impact of authentication friction

Build a culture that reduces UX friction

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

Fast load times are a given. Now, users desire faster authentication.

Turbocharging login (and account creation)

Enabling Continuous Authentication

The common thread: identity intelligence

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

Never a dull moment at the authentication waterhole

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

A successful hype sale mustn’t harm the user experience

Bots are here to stay (and wreak havoc)

Hype sale mayhem

Banking on trust

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

Good news: Increased security and a seamless UX aren’t mutually exclusive

Synthetic identity fraud (+109%)

Account takeover (+52%)

Credential stuffing (+45%)

Have your cake, eat your cake

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

How to balance the teeter-totter of security and personalization

Identity intelligence: the panacea

Trust is a must

Taking it personally

How to supercharge UX with identity intelligence

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity

Humans can be pretty bad, too

Bot-y slammed

Identity intelligence, anyone?

It’s time for real-time

Related Content

Deepfake Digest: Elvis, Dating Apps, & the 2024 Olympics

Gen AI Fraud: Who Can You Trust?

The Making of a Synthetic Identity