Collecting and automatically validating identity documents, such as driver's licenses and passports, has significant upside in third-party fraud prevention and has some serious user experience downsides. These experience vs. fraud prevention tradeoffs are different on web browser vs. native (downloaded) mobile apps on iOS and Android. Here are the tradeoffs and questions Alloy thinks you should consider before incorporating automated ID documentation collection and validation into your process.
The decision to collect or not collect ID documents is as much a compliance question as a fraud prevention question. All financial institutions are required to maintain a "Customer Identification Program" that outlines how they verify their prospective customers. Alloy is not your compliance officer and cannot make this decision for your company, however, the FFIEC Online BSA Manual is a great resource for understanding how to construct a CIP program.
There are two types of verification a company can use to verify the "minimum" information the customer is required to provide:
- Document verification: the customer provides documents (government IDs, utility bills, etc) to verify all of the information they've provided
- Non-document verification: your company verifies the information the customer provided via reputable third party data sources (credit bureaus, public records providers, phone carriers, etc)
Your institution may likely conclude that is both acceptable and advantageous for both risk and user experience reasons to do "non-document" verification for most or all prospective customers. If this is the case, collecting and verifying documents is necessary only for fraud prevention or edge-case remediation where non-document verification is not possible.
User experience: Native (apps) vs. Web (browsers)
When ID verification providers, including Alloy and our partners, show demonstrations of automated document collection and verification, in almost every case these demos are on "native" or "downloaded" mobile applications from the iOS or Android app stores. These demos look smooth and simple because on "native" applications, you will be able to:
- Automatically open the high-resolution phone on your user's device
- Guide the user to line up their ID and automatically snap a clear picture of the ID when the ID is in the frame
- Tell the user in real-time whether the image was sufficiently clear, and if it was not, quickly guide them to re-take it
Unfortunately, none of that is possible on web browsers (Chrome, Safari, Firefox, etc) that your customers actually use to open accounts (unless you are a mobile-first bank or have in-app account opening). On web browsers, you must:
- Have your user pull up the camera on their mobile device
- Hope the user takes a good picture of the front and back of their ID
- Have the user successfully upload that image on your web page for account opening
- Tell the user whether the images were sufficiently clear, if not which image was not clear and why
- Have the user re-upload better images
All of this is a huge challenge, and it requires meticulous attention to detail on the front end of your web account opening form to get into even a "passable" state.
Requiring ID document collection on web based account opening experiences increases customer drop-off by a significant amount (contact us for statistics). Attempting to automatically verify these documents can increase drop-off even further if not implemented perfectly. The additional lift in fraud prevention, if using a robust set of data sources inside of Alloy, is also negligible.
However, for user's who would not be able to get accounts or would be placed in a "manual review", requiring contact with support teams at your company, automatically collecting and verifying documents in the signup flow can be a user experience benefit. That is because these user's are either going to get denied or sent in a painful manual process without automated ID collection and verification.
For browser based web applications: do not require ID collection for any users unless either
- Your organization feels it is mandatory to do "Documentary" verification
- You have a strong front-end experience built out for the collection and verification of documents
If you are starting from scratch, a good option is to start by automatically presenting user's in "Manual Review" with the ability to upload ID documents into your application flow, but not to attempt to automatically verify them. Rather, have them uploaded into Alloy's case management system for manual review. Once that process is working well, you can consider how to implement automated verification where appropriate.
For native apps: consider implementing automated ID collection and verification for either all (not recommended) or some (recommended) users. The user experience concerns exist for native mobile apps, but are more easily mitigated, and the benefit to users who would have otherwise been denied access to your accounts can be significant.
Contact us at firstname.lastname@example.org or email@example.com so we can learn more about your specific situation and provide the best guidance and information possible about how to implement or not-implement document collection and verification in your account opening process.