As companies race to defend against bots, deepfakes, synthetic identities and other AI-powered fraud attacks, many are creating a second crisis. Their legitimate users are being treated like threats.
Findings in the new report, “How Enterprises Can Build a ‘Know Your Agent’ Defense: Digital Identity Verification in the Age of Bots,” a PYMNTS Intelligence and Trulioo collaboration, reveal that nearly two-thirds of enterprises now report losing legitimate customers because identity checks create too much friction, while internal teams say onboarding abandonment tied to verification hurdles has climbed above 60%.
The collateral damage is mounting. With artificial intelligence escalating both identity fraud and defenses simultaneously, companies are inadvertently locking real users out of accounts and flagging them as suspicious, leaving users stuck in the exact kind of endless verification loops that incentivize abandoning onboarding altogether.
Systems designed to build trust are increasingly optimized to distrust everyone. In sectors like digital banking, gig economy platforms and online marketplaces, onboarding is the business model. Every additional verification hurdle risks reducing conversion rates. Every failed authentication sequence creates another opportunity for customer abandonment.
Why Security Systems Are Becoming Customer Experience Problems
Modern fraud prevention systems no longer evaluate only passwords or device credentials. They analyze behavioral patterns, geolocation anomalies, typing cadence, facial biometrics, transaction timing and dozens of probabilistic risk signals simultaneously. The more sophisticated these systems become, the more aggressively they interpret ambiguity as potential threat.
Large enterprises now report false-positive rates of 3.3% in digital transactions, per the report, significantly higher than smaller firms. At first glance, the difference appears marginal. At enterprise scale, however, it translates into hundreds of thousands of legitimate users being flagged, delayed, blocked or forced into additional verification loops.
Advertisement: Scroll to Continue
What once looked like a cybersecurity issue is becoming a growth issue. The report estimates that “good enough” identity verification systems cost businesses nearly $100 billion annually through fraud losses and missed opportunities. This dynamic resembles what economists sometimes describe as a negative externality of optimization. Enterprises optimize aggressively for fraud reduction, regulatory compliance and risk minimization. But the cumulative burden of those controls shifts outward onto users, who absorb the time, frustration, uncertainty, and cognitive load required to continually prove legitimacy.
As a result, digital commerce begins to resemble airport security: highly optimized for risk prevention but emotionally exhausting for compliant participants.
Read the report: How Enterprises Can Build a ‘Know Your Agent’ Defense: Digital Identity Verification in the Age of Bots
False positives rarely generate the same public attention as successful fraud attacks. Companies announce breaches. They do not typically publicize how many legitimate customers abandoned onboarding flows after being flagged by automated systems. This is why the next phase of digital identity competition may not center solely on fraud prevention accuracy. It may center on trust design.
Traditionally, identity verification operated as a one-time checkpoint. Increasingly, it is becoming a continuous operational layer embedded across the full lifecycle of digital interactions. The report notes that enterprises now apply identity verification not only during onboarding but also during login management, online transactions, fraud monitoring, supplier onboarding and credit applications.
Companies that successfully balance security with usability could gain meaningful competitive advantage as AI-driven verification expands across industries. The winners may not be the organizations with the most aggressive detection systems, but those capable of minimizing friction while preserving confidence.
That requires reframing identity not merely as a cybersecurity function, but as a core component of customer experience strategy. After all, in the AI economy, trust is becoming continuous. So too is friction.
Because the ultimate risk is not simply unauthorized access. It is authorized users deciding the system is no longer worth the effort.
