Building The Biggest Wall Around Logins Only Makes Good Customers Mad

account-takeover-fraud-kount

The goal for any security platform aiming to enable digital commerce is as simple in concept as it is incredibly difficult to execute: Give the good customers a great experience, and give the bad guys pretending to be good customers a rough ride.

The trouble, Kount’s Chief Customer Experience Officer Rich Stuppy told PYMNTS in a recent conversation, lies in discerning a good customer from the fraudster who has stolen their payment credential, lifted their identity or taken over their account. The fraud market is a place full of malign creativity when it comes to stealing in general, and account takeover fraud in particular, he noted. Malicious logins, bot armies, credential-stuffing, brute-force attacks — the mechanisms are many, and the fraudsters are persistent and aggressive.

And while responding and neutralizing the fraudsters requires even more persistence, it also requires finesse — simply building the tallest wall around every login and transaction is not exactly a winning consumer experience for the good customers who are just trying to log on, said Stuppy. He posed the example of the customer who is asked for the 10th time in 10 days if they want to allow access to their device as they try to log into a digital account.

“And you find yourself talking to the app, saying, ‘Well, yeah, because I told you yesterday that I wanted to trust this device. But you keep asking me anyway,’” said Stuppy. “And I’m me, I’m a good guy. Right? I just want to obsess over my 401(k) for another 40 minutes, not get slowed down by a lot of unnecessary friction.”

Threading that needle — and offering an experience that is welcoming to consumers and hostile to fraudsters — is a problem Kount has been working on for years via the Identity Trust Global Network, and more recently via the release of Kount Control, which specifically targets account takeover fraud.

The offering, Stuppy noted, is premised around the concept of adaptive protection and the ability to run through layers of controls in real time — including consumer behaviors and network anomalies — to determine whether a user should be pushed through with no friction, declined or given an alternative experience.

Building that kind of adaptive protection, Stuppy said, first requires a very large pot of data to evaluate — something Kount provides for via its network of 6,500 brands and payment providers and the roughly 32 billion annual interactions that run through the Identity Trust Global Network.

“You have that vast amount of data over billions of interactions, but you also have to know what to do with it,” Stuppy said. “Just having the data is one thing — you also have to know how to build products and capabilities on top of that data using [artificial intelligence (AI)] and machine learning,” Stuppy said.

There is also the need to put that data into meaningful context for the end user client, so the institutions Kount works with don’t just have to take their word that Account Control is doing what they are supposed to do — they can actually track it and see the data visualizations themselves.

Only by using data in context can businesses be informed of what is working, what needs work, and how they can improve adaptive friction barriers when there is the suspicion of fraud, Stuppy noted.

“The only way to know if an adaptive friction strategy is working is to break it down in context to see when you are stopping the bad guys and when you are allowing the good guys to have a great experience,” he said.

And that is the holistic goal, noted Stuppy. Every entity has an incentive to curb fraud losses; no one wants to let the bad guys take a bite out of the bottom line. But that concern must be balanced with the fact that a business isn’t grown by preventing loss, but by driving revenue — and that is only possible with a delightful, friction-free user experience.

As recently as just a few years ago, some players — banks in particular — held themselves as separate from that. In some context, particularly when dealing directly with money, as Stuppy often heard in meetings with bankers, they thought consumers liked it better when it was a little harder. Those stutter steps during login made people feel more secure, so they were willing to tolerate that friction.

But consumers aren’t feeling so magnanimous toward friction these days, he noted. As they become more digital and more accustomed to friction-free journeys, they don’t feel more protected by what they perceive as unnecessary slowdowns — they feel mostly annoyed by them and could end up looking elsewhere.

“I think the tide has turned, where consumers are now saying, ‘Look, I know all of these other modern FinTech companies can do this for me without this hassle. Why aren’t you doing these things for me, too?’” Stuppy said.