Gen AI fraud flusters marketers, fraud teams, and customers

Big tech continues to tout the unprecedented intelligence and endless potential of generative AI. And for good reason: It’s tough to ignore the efficiency and reliability of a Gen AI superbrain that doesn’t sleep, call off, or overdrink at the office holiday party.

But as Gen AI gets smarter so do fraudsters. Fraud is already up 20% year-over-year, and the accessibility of AI has proliferated synthetic identities to a startling degree. 

Impersonation fraud, which includes synthetic “Frankenstein” identities consisting of real and fake PII (Personally Identifiable Information), accounts for 85% of all fraud. Synthetic identities are so prevalent that even Vanity Fair has likened it to “a Kafkaesque nightmare.”

Synthetics, bolstered by deepfake technology and realistic account activity, are nearly impossible to catch. Friend or foe? Real or fake? These questions are pulling marketing and fraud teams in opposite directions, and it’s customers (and businesses) who are paying the price.

SuperSynthetic™, super problematic

As of Q1 2022, one out of every four new accounts were fake. One can imagine how much that number has increased given the AI and synthetic fraud surge. The auto lending industry was hit the hardest in 2023, seeing a 98% spike in synthetic attempts to the tune of $7.9B in losses.

Once synthetics make it past the account verification stage it’s essentially game over. Shockingly, more than 87% of companies have extended credit to synthetic customers, and 76% of US banks have synthetic accounts in their database.

Traditional synthetic identities are hard enough to stop with their convincing mishmash of real and made-up PII, but their mighty offspring—SuperSynthetic™ identities—pack an even bigger punch.

Perhaps “mighty” is too strong a word considering the SuperSynthetic trademark is its monk-like patience. A fully automated SuperSynthetic identity plays the long game, making small deposits, checking account balances, and otherwise performing humanlike actions over the course of several months. Once enough trust is built, and a line of credit is extended, these fake customers transfer out their funds and exit stage left.

The trickery of SuperSynthetic identities isn’t limited to finservs. Colleges are now dealing with fake students, fake information on social media is flipping elections, and seemingly any platform utilizing an account creation workflow is vulnerable.

Banks are still the primary target, however, much to the chagrin of their marketing and fraud teams.

A churning sensation

There’s nothing wrong with tightening a leaky faucet, but overtightening can cause another leak. Similarly, “fixing” a synthetic identity problem by dialing up the fraud controls to 11 leads to more harm than good.

Indeed, many engineers on fraud teams are constricting their algorithms so rigidly that even slightly suspicious activity is flagged. VPN use, for example, is a callout despite the ubiquity of VPNs among today’s users. Innocuous shorthand of addresses (Main Street vs. Main St.) and names (Andy vs. Andrew) can also tip off jumpy fraud algos. A sign of the times, what used to be low risk is now classified as medium risk and formally medium risk is now high risk. 

False positives. ID verification. Manual reviews. Overly stringent fraud defenses annoy marketers and users like none other. The friction is often too unbearable for customers who would rather jump ship than jump through account verification hoops. Consumers, who expect instant gratification in today’s online market, don’t want to hear “Thanks for your application, we are reviewing it and will be in touch.” They’ll quickly start an application at a competing financial institution where they can receive instant credit.

The Deduce team has witnessed this friction firsthand. Our CTO, a customer of his bank for more than two decades, was forced to undergo document verification while using an account, device, and network that had previously been affirmed. Our VP of Marketing, a United Airlines customer for over three decades, was challenged on the United app for a CA-to-NY flight after he had already boarded the plane, passed TSA PreCheck, and scanned his boarding pass.

Friction is nightmarish for marketers as well, who have virtually no shot at meeting their customer acquisition KPIs. As shown in the image above, AI-powered synthetic fraud—and the rigid counterattacks used against it—leads to a three-pronged cluster-you-know-what: (a) more fraud, (b) more invasive verification checks that cost substantially more, and (c) more user friction that leads to account or loan abandonment and impacts lifetime value and customer acquisition costs.

Trust or bust

The key to ferreting out synthetic identities is to do the work early. Leverage real-time, multicontextual, activity-backed identity intelligence to stomp out synthetics pre-account creation.

Deduce employs the infrastructure, and strategy, that epitomize this preemptive solution. By taking a high-level, “signature” approach that differs from individualistic fraud tools, Deduce uncovers hidden digital footprints. Lifelike as synthetic fraudsters are, spotting cohorts of users that post on social media and perform identical account actions at the same time and day each week rules out the possibility of legitimacy.

Fraud teams can refrain from ratcheting up their algos knowing that Deduce’s trust scores are 99.5% accurate. If Deduce deduces a user is trustworthy, it’s seen that identity with recency and frequency via multiple trust signals, including, among others, device, network, geo location, IP, and a “VPN affinity” signal that identifies longtime VPN users.

47% of the 920M identities in the Deduce Identity Graph are trusted. In fact, Deduce is the only vendor in the market that returns a trusted score for an identity. Others offer a “low risk” score, which is risky enough for many fraud managers to flag, resulting in a false positive.  

Neutralizing synthetic fraud starts with trust, and it starts early. If you want to keep your marketing team and customers happy, and avoid the losses that come with overaggressive fraud controls, go the preemptive route—before things take a “churn” for the worse.

In the war against digital goods fraud, real-time is the only time

Today’s customer wants it, and they want it now. But, until teleportation becomes a reality, purchasing physical products online won’t satisfy their need for instant gratification. This is a big reason why digital goods purchases jumped 51% from 2020 to 2021, and, at last check, 65% in 2022.

The instant delivery of digital goods—software, event tickets, and especially online gift cards—spells trouble for e-commerce companies. Whereas physical merchandise often provides a multi-day delivery buffer allowing ample time for fraud detection and investigation, digital download products require an immediate decision on fraud. This overburdens the majority of fraud stacks and gives fraudsters the upper hand.

How can e-commerce merchants effectively combat digital goods fraud at scale—and steer clear of false positives—when these purchases demand a snap judgment?

The digital goods dilemma

Analysts anticipate that e-commerce merchants will lose about $24 billion to online payments fraud by 2024. Along with other types of e-commerce fraud, such as friendly fraud, new account fraud, and account takeover (ATO), digital goods fraud will wreak havoc in its own right.

Unlike purchasing physical products online, the instantaneous nature of buying digital products presents unique challenges:

Immediate delivery. With digital goods arriving to customers in mere seconds, e-commerce companies with traditional fraud stacks can’t review orders, successfully sniff out fraudulent transactions, or initiate manual reviews. It’s real-time or nothing, approve or reject.

False positives. Split-second approval times depend on strict guidelines to determine if digital goods customers are legit. Because fraud is so prevalent, e-tailers have tightened up security protocols more than ever and given rise to false positives. Wrongly identifying customers is the fast track to churn and lost revenue.

Lack of data. For merchants with an outdated fraud stack, or one that is based solely on transaction records or static data, digital goods purchases don’t provide nearly enough real-time data to accurately verify a transaction. No phone number, no physical address, no transaction history. Seasoned bad actors can easily deploy their arsenal of stolen or fake emails, combined with stolen credit card numbers, and mask their identities via proxy servers.

Whether a company is selling physical or digital products online, today’s lofty user experience (UX) expectations remain intact. Many customers are too impatient for passwords and confirmation emails and one-time passcodes (OTP). UX potholes typically lead to reputational blemishes and churn. E-gift cards, one of the more popular digital purchases, can cause similar damage if fraudsters get a hold of them.

E-gift cards leading the pack

E-gift cards, arguably, are public enemy number one in the war against digital goods fraud. In-store gift cards and e-gift card sales are expected to exceed $238 million by 2025. Given our increasingly online world and the growing consumer need for instant gratification, e-gift cards will likely comprise most of these sales. And, just as likely, a significant portion of e-gift card “customers” will be fraudsters.

Fraudsters purchase online gift cards using stolen payment info. More often than not their intention is to either resell the gift card for profit, or use it to launder money by using a stolen credit card to buy a legitimate debit card or merchandise gift card. E-gift cards are a win-win-win for bad actors: they are easy to obtain, easy to redeem, and practically untraceable since they require little to no personal data at checkout (usually just payment details and an email). Armed with their new legitimate digital card, a fraudster can enter a store and purchase a high-ticket product such as a flat screen TV or computer with no chance that the transaction will fail at checkout. 

All digital goods fraud is bad news for e-tailers, but the effects of e-gift card fraud are particularly devastating. Chargebacks, customer experience issues, lost inventory. If consumers buy online gift cards from fraudsters and redeem them, companies, in most cases, will have to eat the cost of these transactions.

And don’t forget about the reputational impact. Similar to the fallout from false positives, victims of online gift card fraud, none too pleased with the merchant, will probably take their future business elsewhere.

Fraud detection in a flash

Unfortunately for online merchants, fraud risk, and the demand for digital goods and instant gratification, have reached an all-time high.

Fortunately for online merchants, the real-time data needed to thwart digital goods fraud, and approve genuine customers, is not the stuff of make-believe.

Deduce equips e-commerce vendors with the breadth of real-time, multi-dimensional identity intelligence and speed to approve or deny digital goods transactions at scale. When e-tailers layer Deduce on top of their existing fraud stack, they’re tapping into a network of 660 million US privacy-compliant identity profiles and 1.5 billion daily user activity events across 150,000+ websites and apps. Unlike transaction-specific identity data, Deduce captures a wide range of online activity (banking, gaming, communicating, browsing, shopping, etc.) for every identity. In many cases Deduce will have seen the customer within hours of their checkout and will know if the identity is legitimate or fraudulent. Stripped-down as digital goods purchases are—no phone number, no address, etc.—Deduce’s network still possesses enough real-time and historical data to determine if a user is the real deal.

To date, Deduce has seen close to 90% of customers within its network. So, if Deduce doesn’t recognize an identity, chances are that prospective digital goods customer is up to no good—or, at the very least, should be given a closer look. Multiple customers confirm that fraud is 10 times more likely if Deduce has not previously seen an identity on the network. On the other hand, Deduce’s real-time data ensures good customers are identified as such, and don’t fall victim to rigid fraud guidelines.

Real-time data, sourced from the largest identity graph in the US, is the only viable means of fighting digital goods fraud and keeping legitimate customers happy.

Contact us today and see why there’s no time like real-time.

A preemptive and UX-friendly approach to credit funnel optimization

It’s one thing to Know Your Customer; it’s another to Know Your Con-Artist. KYC checks, ostensibly, prevent banks from doing business with bad actors, but doing so requires neutralizing fraudsters at the point of entry, before they’re able to apply for a loan.

In other words: early bird gets the fraudster.

A preemptive strategy is the only realistic way to effectively prevent credit application fraud—when a fraudster submits personally identifiable information (PII) to apply for credit (credit card, loan, etc.). This approach saves banks from running costly, unnecessary credit checks on fraudsters, and ensures genuine customers are identified up front and not wrongfully declined. It also curbs the risk of fraudsters slipping through the credit application process scot-free. In a 2018 study, one major North American bank issued 1,400 credit cards per month to fraudsters—a loss of ~$500,000 per month.

But is spotting fraud pre-credit application, before the verification stage, even feasible?

A never-ending money hole

Before we discuss the practicality of shutting down fraudsters pre-credit application, let’s look at the two glaring downsides of not adopting this approach. Problem number one: credit application fraud can be a significant money pit (and time suck) for banks.

Factoring in the cost of running a credit application through third party sources—namely, multiple credit bureaus—can cost between $3-5 per application. The fraudster may then be asked to verify their document, a fabricated driver’s license matching their details, which costs the bank another $3-4 per applicant. Manual review alone can cost another $50-75. And, since synthetic identity fraud is now the largest form of identity fraud in the country, there’s a good chance banks could be chasing a made-up, nonexistent entity.

Synthetic identity fraudsters, whose fake identities are stitched together using bits and pieces from real identities, exploit the very processes that banks and fraud solutions rely on. For example, most banks look for static PII data such as a social security number or date of birth when analyzing credit applications, which is easily obtainable from the dark web. Additionally, synthetic fraudsters will often apply for credit with two lenders to compensate for the identity’s lack of credit history. Ironically, the first lender’s rejection of credit will usually initiate a credit file that enables the second credit application to go through. Low credit limits? Synthetics can work around that, too. A few small transactions here and there, paid off at the end of the month, and they can steadily increase their spending limit until it’s worthwhile to cash out.

A churn for the worst

Not detecting fraud until after the credit application process lets more fraudsters in. It also keeps more good users out.

For instance, geography is a common false positive trigger if a user has recently moved. After this user fills in their basic info, including their address, and creates an account, you can almost guarantee a red flag from the credit bureau. The new address doesn’t match what’s on file. Next step? Document verification. And if users are still around at that point, banks should count their lucky stars.

Legitimate users with thin files are the most likely to get declined. “Thin file” refers to applicants whose credit history is so sparse that standard fraud prevention tools lack the data to calculate risk. A thin file applicant might be a student applying for their first credit card. Other examples include immigrants without credit history in the US; consumers who haven’t used credit in a long time; and people who predominantly use cash over credit.

According to an Experian report, about 62 million Americans have a thin file.

Unlike synthetic fraudsters, who are cunning enough to establish a semblance of credit history by applying to multiple lenders, genuine identities with thin files are often automatically declined. Many of these rejected users will apply to another bank, resulting in churn and lost revenue. Even worse, a substantial amount of unfair declines could harm a bank’s reputation over the long term.

It starts at the top

We’ve established that preventing credit application fraud and false positive declines isn’t tenable unless banks act before applicants apply for credit. But rearranging the UX and security for the credit application process isn’t entirely an in-house operation. It requires assistance from a powerful and highly intelligent first line of defense, with a data stack that rivals the FAANG gang.

Deduce’s real-time identity network fits the description: 660 million US privacy-compliant identity profiles and 1.5 billion daily user events across 150,000+ websites and apps. With this magnitude of data powering their credit app fraud prevention efforts, banks can identify fraudsters and legitimate users pre-credit application, effectively bridging security and UX.

Deduce’s approach to preventing credit application fraud

As illustrated in the graphic above, if the Deduce Identity Network deems the user a fraudster, they’re sent to a landing page devoid of a loan or credit application option; if the user is legit, they’re presented with a list of loan or credit options that fit their needs. This is credit funnel optimization done right.

It’s no wonder that some leading financial institutions, such as SoFi, have adopted this preemptive, highly optimized approach to their credit application journeys. Aside from thwarting fraudsters and false positives, and improving conversion rates, checking for fraud upfront assists marketing efforts. If a new user is determined to be genuine but rejected because of their credit score, the initial collection of their contact info allows banks to keep in touch. That way, users aren’t lost in the sauce and can reapply in the future once their credit score reaches the required threshold.

SoFi’s signup page

There’s no better way to shut down credit app fraudsters who’ve grown accustomed to banks’ antifraud processes. Preventing false positives and salvaging quality customers is vital in its own right, and may prove even more so in the grand scheme of things. By placing Deduce at the forefront of your credit app fraud strategy, the marriage of security and UX is indeed possible, and bottom lines will be all the better for it.

Ready to shut the door on credit application fraud? Contact us today and get up and running in a few hours.

How do you verify a customer you’ve never seen before?

Spring is almost here. Sunny days will soon be upon us and it feels like the pandemic is finally tailing off. Seems the perfect time for fraudsters to rain on everyone’s parade and, boy, are they ever!

E-commerce fraud surpassed $41 billion in 2022. A recent bombshell report from the Federal Trade Commission found that fraudsters duped consumers out of $8.8 billion last year, a 44% increase from 2021. Additionally, the volume of phishing attacks grew by more than 175% over the past two years.

Fraud is surging across the board, but one type of fraud—to the chagrin of online merchants—is really riding the wave: first-checkout fraud.

Here is the skinny on what first-checkout fraud is, what makes it extra difficult to stop, and how businesses can solve for the unique problem it presents.

An overlooked threat

Deduce estimates that 71% of fraudulent transactions occur at first checkout or guest checkout. It’s not neuroscience. How are merchants supposed to approve or reject a transaction from a new “customer” with no payment history or outdated static PII data? It’s like playing in the Super Bowl and not having a scouting report on the other team’s players, zero intel on who’s who, their behaviors and tendencies. You can probably guess what team our money is on.

If a purchase involves a physical product, merchants can, of course, reject a first-checkout customer or refer the transaction to manual review. Not enough data? Why not err on the side of caution? But doing so doesn’t equal playing it safe. Sure, you might stop a potentially bogus transaction; however, this runs the risk of a false positive—rejecting a legitimate customer who isn’t likely to return.

Even if a merchant has access to PII data they can cross-reference, such as address and phone number, they’re unlikely to deploy 2FA for mobile shoppers as this added friction is a leading cause of cart abandonment. For similar reasons, thorough phone number verification, in particular, is unlikely if a user is transacting on a home wifi connection (static IP) or shopping on their laptop or tablet. In this scenario, fraudsters who possess a stolen phone number would get the green light as long as the bill-to and ship-to addresses match, though cunning fraudsters—if they aren’t buying digital goods—will opt for curbside pickup, have a product sent to their local FedEx, or contact the shipper and re-route to a different address.

In 2022, new account fraud, which also thrives on a fraudulent user’s anonymity, sucked 6% of revenue from almost 70% of businesses. It’s not far-fetched to believe first-checkout fraud is on a similar trajectory, especially with every kind of fraud having a field day (par for the course amid an economic downturn).

Synthetic shoppers

Another concern for e-tailers struggling with first-checkout fraud is the emergence of “synthetic shoppers.” Synthetic identity fraud, identified by the Federal Reserve as the fastest-growing form of financial fraud in the US, has been wreaking havoc in the online shopping world thanks to readily available PII data on the dark web.

Normally, a synthetic fraudster would stitch together a new “Frankenstein identity” using a combination of someone’s real name and phone number, among other PII, then establish a payment history to build credibility (they may even buy an aged email address). But a synthetic shopper merely needs stolen credit card credentials and a shopper profile they can easily auto-fill with a bot. They can start swindling e-commerce merchants in minutes.

At the core of all of this, though, is the identity intelligence issue. Trying to prevent online fraud with static data alone is problematic in its own right; first-checkout fraud is even more concerning because there’s zero historical purchase history data to go off of. What’s the fix?

The real-time remedy

To successfully combat first-checkout fraud, online merchants need real-time data. In fact, they need a stockpile of real-time identity intelligence only the upper crust of companies have at their disposal.

That sounds like a tall order, but Deduce can make up the height differential.

By tapping into our network of 680 million US privacy-compliant identity profiles and 1.5 billion daily authenticated user events across 150,000+ websites and apps, Deduce packs enough real-time insights to thwart (or approve) even the most nascent of shoppers. Typically, 89% of your new customers are already familiar to Deduce; 43% of these users have been seen by Deduce just hours before they make their first purchase. 

Deduce leverages real-time data such as device type and ID, geospatial info, and more to ascertain if a first-time buyer is purchasing that flat screen TV or designer handbag legitimately. If a shopper is legitimate, our geospatial intelligence alone can mitigate common false positive drivers that plague first-checkout and returning shoppers alike. For instance, a customer with mismatched bill-to and ship-to addresses won’t be declined if Deduce sees prior history for the buying identity at the ship-to location.

Geospatial identity intelligence at scale helps approve more legitimate transactions and lower operational costs while capturing incremental fraud.

In totality, Deduce’s real-time insights check for email familiarity and ensure a customer’s email and IP, geography and IP, and user history and address match—all at a massive scale. This arms merchants with high-confidence trust scores for first-time and guest checkout shoppers, enabling them to approve more transactions while reducing step-up and manual review costs.

Deduce, which integrates seamlessly with a merchant’s existing fraud stack, also determines the legitimacy of a first-checkout shopper without compromising the user experience. After all, a sluggish UX can turn off a potential customer if a wrongly flagged transaction doesn’t do the trick.

The uptick in online shopping has been a key revenue driver for merchants. The $48 billion in e-commerce fraud losses expected this year will have the opposite effect if mitigating first-checkout fraud isn’t prioritized.

Is your first-checkout engine light on? Contact us today and see how our real-time identity intelligence can accurately approve more legitimate transactions and reduce operational costs while rejecting fraudulent first-time purchases.

The five fundamental steps to measuring UX more effectively

In part one of this two-part series, we discussed the importance of creating company-wide OKRs (Objectives and Key Results) to align your organization and teams to a set of prioritized objectives and measurable key results to improve your products, services and customer experiences. Once organizational objectives are created and communicated, each team will work together to define a set of accountable OKRs that supports the broader company goals. Tailoring OKRs for teams and individuals provides opportunities to focus on outcomes that are clear, transparent and measurable, creating alignment across regions, time zones and organizational departments.

In part two of this blog series, we will discuss how to measure what matters with new customers, subscribers and users. We’ll also outline the five fundamental steps to creating a measurement framework, along with additional tools and resources to collaborate more effectively and align to your company goals. Using these steps as a starting point to create your own framework will help your teams become more customer-focused.

Step One: Create a Team OKR that maps to your company OKRs and scales easily

The purpose of an OKR is to create an Objective (O) that is simple, clear and specific to enable teams to develop a series of Key Results (KRs). Because CX can positively or negatively impact several touch points across the organization, it is important to ensure that your objective resonates with your stakeholders, and is measurable. For example, take this company-wide objective from Part One: “Achieve Greater Scale by Increasing New Subscription Accounts.” It is easy to see how this objective can easily scale across product, user experience, engineering, security, brand marketing, sales and customer support centers.

A team Objective (O) that maps to the broader company goal would be, “Improve the Customer Experience to Increase Growth.” Key results could then include some of the following:

  • Increase new account creation by >40%
  • Increase return user transactions by >50%
  • Reduce false positive MFAs for return users by >20%
  • Reduce password reset requests by >50%
  • Reduce cart abandonment rates caused by authentication by >30%

Pro Tip: Implementing shared OKRs across an organization allows each team to identify where they can improve the customer experience to increase growth, loyalty and satisfaction.

Step Two: Align a cross-functional team of stakeholders that are customer-focused

It’s important to establish a cross-functional team of stakeholders who are invested in this collaborative exercise to identify as many touch points and CX friction points as possible. Once you have identified your stakeholder team, you can begin discussing how to improve the journeys by reducing unnecessary friction for the first-time and returning users caused by identity and security steps.

Pro Tip: Look at the different dimensions of the customer journey including onboarding, return users, product experiences, marketing and support centers to better understand your customers.

Step Three: Create effective CX Journeys to better understand your customers

The third step is to create a set of Core CX journeys that define customer pain points to better understand first-time and return customer needs. User and Customer Experience Journeys help to shape and clarify where your immediate efforts should focus and prioritize areas that benefit from an improved experience that creates business value and maps to the OKRs. There are a lot of online resources to help create your core journeys, and a great place to start is with the Nielsen Norman Group where there are different articles, templates and videos to help guide you through the process.

Pro Tip: It is important to ensure that your teams work together to identify opportunities that will benefit the customer, and even validate hypotheses using qualitative and quantitative methods.

Step Four: Establish scorecards that identify gaps and friction points

After defining your top customer journeys, teams should work together to identify gaps and where improvements can be made. Throughout this process, it’s important to begin developing scorecards for first-time (new) and return customers by assigning values to each action identified. A great example of this is to identify each step, field or scenario that challenges your customers whether that is their first visit or their 50th visit.

Here are examples of scorecards that illustrate some common friction points for new and returning users.

Pro Tip: Identify how many customers are on mobile versus desktop, and whether there are additional steps for individuals who engage across multiple devices, locations and geographies.

Step Five: Align on measurements and impact to deliver outcomes and opportunities

The final step is to align on measurements that deliver positive outcomes and create opportunities. Identifying baseline measurements while establishing scorecards drives transparency and cross-functional visibility within the UX and CX. Real-time product analytics are preferred, along with dynamic dashboards that visualize the data and can be easily shared across the company—from an IC to the C-Suite. As each team will have a different focus, it is important to review the scorecards and data daily to provide a more complete picture of customer experience.

Click here to use the calculator shown below and measure how UX friction is impacting your business.

Pro Tip: Prioritize for challenges and patterns in your CX data that impact multiple areas and/or provide opportunities for continuous improvements for users, the business and brand.

The most important step: Always focus on the customer

Every company and organization is different. It is important to work together to develop a series of OKRs, scorecards and measurements that focus on the customer and create value for the business through transparency, accountability, and shared goals.

For more information about measuring friction in your authentication process, please read our previous blog post here.

OKRs align teams that are critical to customer success

At a recent CXO conference, we had the opportunity to poll top marketing and user experience leaders with a series of questions about their biggest challenges with user friction and security. Our questions uncovered some interesting results and concluded that most organizations do not have effective OKRs (Objectives and Key Results) and measurement frameworks to identify, track and reduce friction caused by security for new customers in the areas of account creation and first-time purchases.

One of the most significant poll results found that 80% of leaders stated there was “little to no” interaction between their UX and security teams. Separately, 70% did not measure the business impact of user friction on the experience, and 65% only tracked users after they had logged in.

As an executive leader in the Design and Product development space, I can attest to the challenges that many organizations face, no matter their size. In today’s digital world, organizations are moving fast and focused heavily on actions to get their launch, iterate and evolve their products quickly. As a result, many do not take the time to establish a set of clear OKRs and scorecards to evaluate customer impact on their acquisition and business during launch and following their product release to market.

OKRs have become widely adopted by many of the largest companies in the world including Google, Netflix, IBM, Microsoft and Amazon, to achieve ambitious goals for the organization, teams and individuals. OKRs are effectively divided into two parts that align objectives with measurable outcomes.

  1. Objectives should define what you want to achieve. They should be clear and concrete, action-oriented and challenging to ensure that everyone is aligned.
  2. Key Results should express how the objectives will be achieved by the organization, team, or individual to create a measurable outcome that is time-bound and challenging.

Now you may be asking yourself, how are OKRs different from KPIs (Key Performance Indicators)? Simply put, OKRs help to establish and set measurable goals for performance and a defined set of actions that lead to outcomes that can scale more broadly and effectively across the entire organization. KPIs are generally a set of metrics used to assess the performance of ongoing activities, features and processes. When developing company-wide organizational OKRs it is important to remain inspirational at a high level in order to define key priorities for the organization. In doing so, it allows managers and team members to set their own OKRs that best align with the company’s objectives and creates both flexibility and autonomy through transparency and accountability. 

So, how can you create shared OKRs to measure the impact of security friction on your customers and business? It starts with the UX and Security teams working together with a cross-functional group of product, engineering, marketing and business leaders to identify areas within the journeys that can be improved or eliminated. Every company is different in how it will score and measure friction through qualitative and quantitative methods; however, what is most important is gaining alignment between teams that are critical to the customer experience through a set of shared OKRs.

Here are two examples that will help with context and guidance for you and your teams when creating corporate and cross-functional team alignment.

Example 1: A new fintech company that focuses on wellness apparel, equipment and content is launching a new product that includes retail and subscription services.

Objective (O): Launch a new minimum lovable product for web and mobile users.

  • KR1: Get 250,000 new account subscribers in the first year.
  • KR2: Get 25% of first time users to make a purchase within 7 days of account creation.
  • KR3: Maintain an App Store rating of > 4.5 stars.

Example 2: An online retail company wants to increase monthly subscriptions that convert into higher transactions and return-users as they shift primarily to online digital versus traditional.

Objective (O): Achieve greater scale by increasing new subscription accounts.

  • KR1: Gain >50,000 new subscribers per month.
  • KR2: Increase first time purchases by 20% per month.
  • KR3: Achieve a Net Promoter Score (NPS) of >65%

In order to be successful in this rapidly changing world where customers are at the heart and soul of your company’s success, it’s important to ensure alignment, consistency and transparency through cross-functional company collaboration and goals. When you’re ready to implement OKRs, these three keys will help create positive results for your customers and business.

  1. Encourage teams to work together to create a customer-centered approach.
  2. Define a set of company-wide OKRs, scorecards and measurements for success.
  3. Ensure collaboration, communication and transparency to prioritize customer needs.

Having the confidence and intelligence to better understand your first-time customers before they reach your site or application, and super-serve your returning customer needs, yields two significant outcomes. Not only does it build trust in your brand, but also creates a more meaningful user experience that lowers acquisition costs while increasing customer satisfaction (CSAT) and lifetime value (LTV).

Ready for some more UX nuggets? Check out Part Two of The UXtraordinary Experience: “Measure What Matters.”

Fast load times are a given. Now, users desire faster authentication.

You’ve got Mail! Once upon a time, in the America Online years when The Internet Superhighway slowly began to approach Autobahn speeds (you know, 50kb/s), page loading was a big deal. Even into the late aughts, phlegmatic page load times crippled websites. Tech companies and agencies would advertise “More responsive websites make more money” and “You’re losing customers with your page load times.” Website speed was a competitive advantage.

Fast-forward to 2022, and broadband internet in the US is the norm. Dial-up connections are as common as phone books. Page loading times are still important, but not nearly the nuisance they once were. Besides, as of August 2022, the majority of web visits skewed mobile (54% versus desktop’s 46%), and last year 90% of those mobile visits were on apps, not websites. 5G will only tip the scales further.

What does this mean? Simple: it’s time to prioritize user login and authentication. With website page loads no longer a slog, and more users glued to their mobile devices, expediting these processes will ultimately impact retention, conversions, and the user experience at large.

Turbocharging login (and account creation)

Few things grind a user’s gears like login trouble. The chagrin (and potential for churn) is multiplied exponentially if said user is trying to buy popular concert tickets, capitalize on a time-sensitive online sale, or locate an important email.

A major user experience detractor that strikes at the login stage is multi-factor authentication (MFA). The helicopter parenting of account verification, MFA’s added friction is not worth it when more efficient alternatives to preventing account takeover (ATO) are out there. MFA elongates the verification process and flags legitimate users in what is called a false positive challenge—a nightmare on UX Street.

MFA isn’t necessary when companies can identify trusted users via identity intelligence. This Trusted User Experience also unlocks the passwordless approach to login, which negates another customer pain point: password reset.

We’ve all endured the forgotten password song-and-dance, but this rundown from the Stytch blog illustrates just how painful and time consuming the process is:

Step 1: User forgets password.

Step 2: User clicks “Forgot password?” link.

Step 3: User enters email and requests password reset flow.

Step 4: User opens inbox and clicks the password reset link.

Step 5: User creates a new password with a set of 10 elaborate security requirements.

Step 6: User confirms new password.

Step 7: User is redirected to the original login page.

Step 8: User enters username and new, complicated password.

With logged-in session extensions for trusted users backed by continuous authentication, or a passwordless login approach, users won’t need to remember or create a complicated password they’ll likely forget and need to reset later. 

But remember, too, that passwordless login won’t mean squat-diddly if your account creation process is a mess. One QSR company told us that 10 percent of new app signups were lost because of incomplete email verification steps. Speeding up account creation by implementing progressive form-fill and streamlining verification steps is a must—they can’t login if they don’t exist!

Enabling Continuous Authentication

Once a user creates an account and logs in, a CXO’s job is to keep them logged in. Enabling continuous authentication for trusted users helps do just that, and prevent login issues that can lead to abandoned shopping carts, churn, and reputational harm. Amazon’s continuous authentication feature is perhaps the most well-known example. (Can you remember the last time Amazon asked you to login?)

Continuous authentication may give security teams the heebie-jeebies, but the same real-time identity intelligence that allows for passwordless login ensures that only real customers are let back in. Various real-time signals across the risk and trust spectrum determine if a customer warrants a session extension cookie and can be sent to checkout.

Companies that utilize Deduce’s continuous authentication enjoy an additional benefit: a user’s identity is alway secure, even when they are not actively using a given website or app. For example, If a user’s credentials are breached on another platform within our network—the Deduce Identity Network—that user’s session extension cookie is revoked and they’ll need to reauthenticate. The same logic applies to users who have authenticated elsewhere on our network.

For apps trying to facilitate the customer journey it all starts with identity, and continuous authentication, like its passwordless cousin, hinges on identifying genuine users—fast.

The common thread: identity intelligence

The entire turbocharged authentication machine—expedited account creation, passwordless login, continuous authentication—doesn’t work without identity intelligence. In the same way broadband internet disrupted the dial-up/page-loading conversation, real-time identity intelligence marks a true before-and-after moment in the annals of the user experience.

Joining the instantaneous authentication revolution requires real-time identity intelligence, yes, but companies also need dump trucks full of it. Garnering enough real-time identity intelligence to consistently identify a never-ending hoard of fraudsters and consumers—an amount of data rivaling the likes of Google, Apple, Microsoft, etc.—seems daunting, if not blatantly unrealistic. With Deduce, however, companies can enjoy the same data-rich benefits of the tech behemoths.

Deduce’s Identity Network is the largest identity graph for fraud in the US. Companies who tap our network immediately gain all of the real-time data they need to preempt fraud, streamline account creation and login, and continuously authenticate users: 500M+ unique identity profiles, 150K+ websites and apps, and 1.4B daily interactions.

Given its positive impact on the user experience, we believe it’s high time for billboards and online ads to promote fast authentication—in the same way companies trumpeted their fast page load times all those years ago. And if their authentication isn’t fast to begin with, Deduce’s real-time identity intelligence can help with that.

Want to shift your account creation, login, and continuous authentication into hyperdrive? Contact us today.

Never a dull moment at the authentication waterhole

Just another wild day at the authentication waterhole: Deduce was busy sniffing out fraudsters masquerading as consumers.

Lucky for us, our cameras were rolling!

Want to take a bite out of identity fraud and streamline your user experience? Contact Deduce today.

A successful hype sale mustn’t harm the user experience

The aptly named “hype sale” is all the rage in today’s online landscape. The successor to the brick-and-mortar doorbuster, hype sales drive massive traffic and sell out exclusive physical and digital goods in record time.

NFTs. Concert tickets. Collectible cards. Companies can hype up practically anything. Sneakers—yes, that includes Crocs—move the needle like no other.

However, what’s moving that needle is where the problem lies. Footwear hype sales attract millions of bots, mostly scalper bots, that easily beat out the sneakerheads waiting torturously in the online queue. 

Ostensibly, e-commerce companies should be pleased. After all, isn’t the point to sell inventory? But, lost in the drummed-up excitement and revenue spike, is bots’ impact on the user experience (UX). In a bot-eat-bot world, can hype sales drive maximum profits without disappointing sneaker fans?

Bots are here to stay (and wreak havoc)

Between March 3, 2020 and January 2, 2021, scalper bots were responsible for almost 50% of shopping cart requests. The ubiquity of these bots can be tied to their accessibility: finding them is a cinch, and deployment doesn’t require black-hatter expertise.

Sneaker bots dance circles around their human counterparts.

Scalpers have a smorgasbord of bots at their disposal. Scalpers looking to flip sneakers for profit use “All In One” bots (AIO), such as Stellara or Dragon AIO. After procuring an AIO bot on either the dark web or Discord, sometimes for as much as $50K, scalpers can then buy sneakers from more than one website—faster and more intelligently than any single human could.

Scalpers covet bots, including the AIO variety, as much as the exclusive items themselves. Demand is so high, in fact, that sometimes they use a bot to buy a bot, and bots are flipped for thousands of dollars just like the products they help purchase. With the multibillion-dollar reseller market continuing to thrive—thanks in part to the pandemic’s influx of remote entrepreneurialism—the message is clear: bots are here to stay (and infuriate legitimate sneaker buyers).

Hype sale mayhem

If a glamorous new sneaker is up for grabs, bots are guaranteed to show up and wipe out the inventory. This can be brutal on an e-tailer’s server and web resources. Sophisticated bots can even grab sneakers from inventory management systems before they’re available for purchase.

It goes without saying that bot detection and mitigation is crucial. Aside from protecting the hopes and dreams of legitimate sneaker collectors, too many bots could crash a website or app altogether. But an all-out assault on bots isn’t the move: some bots are actually genuine customers trying to outmaneuver the bad bots.

Shoes like the Yeezy 750 Boosts, pictured above, sell out in minutes (if that).

Installing a bot mitigation solution, to separate the good bots from the bad, is a start. Yet, it still doesn’t do much to assuage those real customers who don’t have the luxury of a bot—those bot-less sneaker aficionados who lose out and then watch bot-assisted purchasers gloat on social media afterwards.

These customers are likely to churn, and they could drag a brand’s reputation through the dirt on their way out. If a company’s plan is to alleviate its bot problem—without damaging its brand image and UX—it might be time to focus on the humans.

Banking on trust

Maximizing hype sale profits while appeasing bot-less customers is, admittedly, a tough nut to crack. A blanket approach to neutralizing bots will also affect the good bots, and nets a less spectacular financial outcome. Meanwhile, a lax strategy that lets too many bots in might severely compromise UX and cause reputational harm.

We don’t have a silver-bullet solution to this problem (no one does), but we have an idea: focus on trust, not risk.

Assuming an e-tailer has a bot mitigation platform in place, it behooves the merchant to then verify the users in the waiting room and ensure the legitimate human customers are granted preferential treatment. This means moving them up the queue, ahead of bots, and drastically improving their chances of achieving sneakerhead nirvana.

This, of course, requires a stockpile of real-time identity intelligence that uses trust signals—geography, device ID, etc.—to seamlessly authenticate customers. Big shoes to fill. But Deduce is up for it.

Our Identity Network, the largest real-time identity graph for fraud in the US, spans more than 500 million unique user profiles and over 1.4 billion daily activities from 150,000+ websites and apps. If trust is indeed the key to balancing hype sale success with a seamless UX, there’s no better compliment to a bot mitigation solution.

Want to learn more about how Deduce prioritizes trust to facilitate the user experience? Contact us today.

Good news: Increased security and a seamless UX aren’t mutually exclusive

A recent payment intelligence report from Fraugster unearthed plenty of unsettling stats from the past year: online fraud accounted for about $80 billion in losses; false positives negated $14 billion worth of legitimate transactions; and gaming fraud increased by an all-time high of 32%.

However, the most sobering takeaway from the report might be the ongoing surge of identity fraud and its various forms. A nefarious hydra of account takeover (ATO), credential stuffing, and synthetic identity fraud—which saw a 109% increase—is outwitting cybersecurity defenses left and right.

This is a head-scratcher for B2C companies, specifically CXOs, CMOs, CISOs and their security teams. Users are more wary of fraud than ever, yet 85 percent of them dislike companies with identity verification issues. How do you bolster fraud prevention efforts without compromising the user experience (UX)?

Rest assured, we are doom-slayers, not doomsayers. Below, we’ll dive a bit deeper into ATO, credential stuffing, and synthetic identity fraud, then show you how top-notch fraud prevention and seamless UX can indeed play on the same team.

Synthetic identity fraud (+109%)

Considering synthetic identity fraud is firmly on the Federal Reserve’s radar, its 109% YoY increase makes sense. Only two years ago, in 2020, synthetic identity fraud cost financial institutions $20 billion.

Synthetic identity fraud occurs when bad actors combine legitimate emails, phone numbers, and other personal info from disparate identities to create a bogus “Frankenstein identity” capable of circumventing customer verification. Parents of newborns with recently minted social security numbers should be extra vigilant because those fresh SSNs are a gold mine for fraudsters. 

The most frustrating aspect of synthetic identity fraud is its elusiveness: identifying the Dr. Frankenstein behind a Frankenstein identity is incredibly difficult. Synthetic fraudsters are also more patient, often taking out smaller loans and paying bills on time to remain incognito.

Account takeover (+52%)

Account takeover, when fraudsters use stolen customer credentials to hijack an account and purchase goods, jumped 52% from last year. This is due in part to an uptick in card-not-present (CNP) transactions, e.g., transactions made online or over the phone that don’t make use of the EMV chip present in debit and credit cards.

Once an account is taken over, the possibilities are endlessly disastrous. In 2021, the three most likely post-ATO activities were making fraudulent purchases; extracting money from person-to-person apps, such as PayPal or Venmo; and editing account info in case a future transaction prompted a verification request. Another unhappy result of ATO, loyalty point theft, is on the rise, mainly due to the downturn in travel and leisure during COVID-19. 

It goes without saying that account takeover victims—and customer support teams—don’t look back on the experience with glee. According to Javelin Research, ATO attacks can cost customers more than $290. Customers also spend 15+ hours undoing the wreckage.

Credential stuffing (+45%)

Credential stuffing, an identity fraud tactic that’s essentially a malicious game of trial-and-error, grew 45% from the previous year. With the final quarter of 2022 closing in fast, B2C businesses and their users must be on guard as credential stuffing attacks rise 10x amid the holiday shopping fracas.

Similar to account takeover and synthetic identity fraud, the credentials that aid these attacks often derive from security breaches. Leaked usernames, passwords, social security numbers and the like get peddled on the dark web for as much as $15K and as little as a few dollars. Per IBM, around 30,000 account credentials were sold on the dark web in 2021—in some cases, sellers even offer 1-2 week refunds if buyers can’t access the promised account.

Have your cake, eat your cake

For those keeping score at home, synthetic identity fraud, account takeover, and credential stuffing attacks: not fun. But they aren’t invulnerable either, and, even better, you can wipe them out while still maintaining a frictionless UX.

The trick to stopping this troika of identity fraud is neutralizing the perps before they can strike. This, of course, requires a hefty chunk of real-time identity intelligence, which in turn unlocks a Trusted User Experience—the perfect balance of airtight security and a seamless customer journey. The Trusted User Experience also encompasses continuous authentication. Akin to shopping on Amazon, continuously verified users aren’t bombarded with authentication challenges that lead to abandoned shopping carts and potentially churn. If a user’s identity operates within its usual parameters, they won’t need to log in upon revisiting a site or app.

On the security side, real-time identity intelligence preempts identity fraudsters who have access to behemoth data sets. The average fraud prevention solution—tools that depend on static, historical data alone (names, emails, physical addresses, SSNs)—can’t compete with these bad actors, as most of this data is already up for grabs on the dark web. If businesses want to protect their finances and reputations, a massive stockpile of real-time, dynamic data (user activity, IP address, device, geography, etc.) and the resulting risk and trust signals is the way.

Thanks to the Deduce Identity Network and its MAMAA-like hoard of dynamic, real-time identity intelligence, creating a secure yet seamless UX is easier done than said.

Our Identity Network is the largest real-time identity graph for fraud in the US. It gathers more than 500 million unique user profiles and over 1.4 billion daily activities from 150,000+ websites and apps. This data continues to grow by the minute, delivering a Trusted User Experience that preemptively recognizes legitimate users and bad actors in equal measure.

Want to have your Trusted User Experience cake and eat it, too? Contact us today and get started in just a few hours.