Security questions don’t answer digital onboarding challenges

It’s no wonder most product sales continue to happen at the branch.

In an age where you can conjure a car, a bottle of Bulleit whiskey or a date with just a few taps on a smartphone, it is still common for banks to require would-be customers to come into their branches to sign up for products — even if institutions advertise those products digitally.

Although banks expect to move in a digital direction as branch transactions continue to decline, few banks have made signing up for products possible or easy online. To propel digital sales, banks will need to make the process for customers easier — including fewer clicks, less data they have to input themselves and the ability to save work and revisit it later. But behind the scenes, banks and others in financial services are facing a more complicated issue: finding efficient ways to verify that customers are who they say they are.

Increasingly, banks are realizing that customer growth is at stake if they don’t commit to making digital sales easier. According to a research paper published in May by Aite Group, financial institutions said that 21% of the decisions about fraud solutions are now up to the customer experience and marketing departments — marking a change from past years.

“While this may not sound significant, it is important to realize that less than a decade ago, these departments would not have been involved in such decisions,” Shirley Inscoe, a senior analyst with Aite Group, wrote in the report.


Chart showing retail banking priorities.


Banks are legally required to prove they know their customers, of course. But “know” is a relative word. While someone may show a driver’s license or a passport to open an account in a branch, the identity procedures tend to operate differently online. In fact, banks can court consumers like a game of Jeopardy! online. Institutions are paying data vendors to ask would-be customers questions such as “What street did you live on when you took out an auto loan?” or “In which of the following counties have you owned property?” as one measure to establish trust before someone can open an account. The experience, however, is clunky at its best and error prone at its worst.

“Everybody has challenges with false positives,” said David Eads, CEO of Gro Solutions, a digital onboarding technology company. “They are who they say they are, but they can’t answer their questions. It’s a massive challenge.”

In fact, Eads himself has been stumped by a question about his mortgage payment. It changes every year, and he has it set to auto-pay. Such questions — known as out-of-wallet questions —could also be tied to answers created by fraudsters who have invested time in building up a so-called synthetic identity from within the credit system. These questions could also complicate the process of reaching the very audience banks are hoping to get: millennials. Millennials, after all, are putting off purchases that would build their public data. In other words, if a bank relies on this kind of vetting, what does it do with a potential customer who has never had a credit card, a loan or even a checking account?

And yet, these questions — which are viewed as more telling than eyeballing a government document — have become a de facto standard for opening up bank products online.

“It’s the next problem we have to take down,” Eads said.

Seth Farbman, co-founder of the regtech venture eSignature Group, agrees with Eads. He said that the questions approach has led to turning down people who lack public information. Still, he said, questions are much stronger than a company using a driver’s license as an identity fact check. After all, that document could be stolen or it could fail to reflect the image of someone who has lost a considerable amount of weight.

That problem with the questions is motivating firms like eSignatureGuarantee and Gro Solutions to look into incorporating more data sources into their models. For instance, Gro Solutions is working on weaving in ways to reduce the need for out-of-wallet questions, such as carrier data integration. Farbman said eSignatureGuarantee is in talks with developers to crunch more digital data sources, like social media data and SIM card data.

Overall, startups are viewing digital data as pieces of a puzzle to help verify identity. For instance, an email address that links to five social media profiles and connects to the same cellphone number is an indicator that someone is who he claims to be. Such a multiprong approach is something tech companies, like Socure, already offer.

Adding to the complexity is banks’ aversion to risk. Also, each bank has its own onboarding rules. For instance, Simple was not able to onboard all of its customers to BBVA Compass from its former bank partner, The Bancorp. Banks also tend to have a waterfall strategy when something doesn’t work in a larger bid to know their customers.

Banks’ approach is “I have to create the certainty I know who you are,” said Timothy Daley, director at Cornerstone Advisors. “I do that in multiple ways. If I only have one way, that way could be hacked.”

And if banks are uncomfortable including newer digital data options as part of the how, there are ways to provisionally use such tools. For instance, Gro has an option that allows banks to approve new accounts, but limit transactions until customers visit a branch for additional verification.

“There is no one answer for every situation,” Eads said.

There is also an ever-expanding list of options. For instance, the identity space is flourishing with all sorts of ideas that range from using biometrics, to banks taking on the risk of vouching for someone’s identity, to would-be customers submitting selfies and photos of driver’s licenses, to crunching cellular data from mobile carriers (including contact list), to using the blockchain.

What’s convenient is constantly evolving, too. More recent innovations include banks using technology from Mitek and Jumio so that applicants are submitting photos of their driver’s license as part of the identity process. A German direct bank is conducting video interviews with would-be customers who hold up their IDs to the cameras.

Also in the fold is the onboarding software firm Avoka, which is building a platform that connects multiple KYC vendors and so far 40 other onboarding services via application programming interfaces. The idea is to make it easier for banks to integrate Avoka and KYC services by using one platform.

These works-in-progress are evidence of the need for banks to make the sign-up process easier for someone who already expects the process to be as simple as downloading an app.

“People these days want to open bank accounts like they do everything else online too: date, order booze, travel,” said Stephen Ufford, a co-founder and chief executive of Trulioo, a global ID verification company.

Ufford said he imagines a day where vetting tools are less intrusive. It won’t matter if he is having a bad hair day when he is opening a new account because his bank isn’t going to ask for a selfie. That day is approaching quickly, too, he said.

“You don’t need to take picture if Stephen is on [his] iPhone. Mobile networks probably know me better than my own mother,” Ufford said. “Know it’s me by knowing it’s my device.”