Plaid has been undertaking some major expansions in its functionalities in the identity space. It all started last year, when Plaid purchased Cognito for $250 million, a company that offers identity verification as well as KYC and AML solutions. Since then the company has been slowly but surely expanding its capabilities in the space. This year in February, Plaid launched identity verification services in Canada and last week, it announced the launch of a new identity verification experience that models the familiar one-click checkout process.
Looking under the hood: Plaid’s new Identity verification system
During the first sign up through Plaid, customers are asked to consent to saving their ‘verified identity’ for signups with other apps that allow verification through Plaid. This allows verified identity to be reused across applications, reducing friction for the user.
Friction is a keyword here, since it can make or break customer acquisition at the point of entry. The abandonment rate of onboarding processes for financial services has been increasing, reaching up to 68% in recent years. Plaid hopes to cut down the need for multiple onboarding flows by saving the first time a user successfully completes the identity verification process across platforms.
This can come with its own challenges. Even though a customer has verified their identity before, how can an FI be sure that it is in fact them logging in again and not somebody who has swapped their SIM or stolen their phone?
To counteract these risks, Plaid runs new risk checks every time against the provided information, device history, data sources like mobile network operators, input behavior, like it would for any user that signs up for a new app.
Running risk checks on input behavior falls under the broader category of behavioral analytics or behavioral biometrics depending on the company. “How someone enters their email address, social security number or phone number is vastly different when it’s their own. We call this “behavioral analytics” where we track a user’s “input behavior” such as how that data is being entered (e.g. copy and pasted in or typed), the order in which data is inputted, typing speed, and accuracy when typing in data,” Alain Meier, Head of Identity at Plaid told Tearsheet.
In behavioral analytics, a company analyzes the interactions between the user and their device. It is a novel approach to identification which seems to be gaining traction as the anti-fraud, AML, and KYC space gets more challenging to safeguard. What is crucial to this type of analytics, however, is the collection of a lot more data than before, and then the collation of data into separate profiles for each user.
According to Plaid it also assesses the likelihood that an identity is synthetic or stolen by looking at whether the identity data is associated with a deceased individual. According to Meier the company is able to do this by cross referencing an individual’s information with Plaid’s other data sources, including a Limited Access Death Master File from the Social Security Association. This file is created from the SSA’s internal records of deceased people who has social security numbers.
If Plaid’s Identity Verification engine suspects fraudulent activity in the case of swapped SIMs or stolen phones, the customer is automatically pushed to the full identity verification process undertaken at the time of the first login.
Another issue in onboarding has to do with the accessibility of these flows to those who are differently abled. For example, the inclusion of captcha or fault button labels can be one huge stumbling block for those who have visual impairments. “While we don’t have control over the accessibility of apps that use Plaid Identity Verification, we are working to make Plaid’s products more accessible for all. One advantage of our new returning user experience is that, once verified, that user can save their identity information with Plaid, making future verifications potentially easier for that user when signing up for new apps” said Meier.
However, the new Identification Verification system accepts more ID document types, making it more accessible for those who speak different languages or have temporary ID cards through B1/B2 visas. Current language support extends to Spanish, Portuguese, Japanese, and French.
Plaid seems ready to throw quite a bit of its weight behind its venture into the Identity space and it makes sense why. Having in-house capabilities in countering fraud, money laundering, and improving KYC is complementary to its core value proposition of enabling transfer of financial data and connection of bank accounts. Moreover, it may also improve the usability and convenience of connecting bank accounts to multiple websites that use Plaid, because in the best-case scenario a user only has to sign up once.
But what remains to be seen is how this implementation of behavioral analytics impacts more traditional ethical concepts of data minimization, privacy, and informed consent.
In this regard, a few questions are still to be answered:
- Informed Consent and Disclosure: Can FIs ensure that consumers understand the granularity and breadth of data that is being collected about them?
- Data minimization: Can FIs be trusted to ensure that only the requisite amount of data is collected about the user and no more?
- Differently abled: How will the implementation of these technologies impact situational disabilities (e.g. a user with a broken arm)?