CAB | Regulation, Innovation, and Onfido’s 2019 Roadmap

January 4, 2019 Niamh Cassidy

8 visiting countries, 27 gift boxes and 100 canapés later...that’s a wrap! Thanks to everyone that made it another great Customer Advisory Board—we loved having you with us, and hope you enjoyed the updates, insights and conversation.

Two themes emerged as your top challenges: the rapidly evolving world of regulation, and scaling customer-centric innovation to address it. Hopefully, the speakers from our product, privacy and fraud detection teams gave you some insight on how we plan to address those in 2019. In case you missed it, here’s what they said...


Reducing the friction of identity verification: what we’ve learned 

with Vincent Guillevic, UX Director 

When it comes to identity verification, there’s a tension between security and convenience. Security measures aren’t meant to be easy. But friction is bad for your user onboarding. At Onfido, we want to help you find the right balance, and have run over 50 UX workshops with over 200 users to work out exactly what that is.

We learned that where you place identity verification in your onboarding flow, how you request information, and the wait time for the verification to complete pose the biggest drop-off risks. So, how can you reduce user friction at these three key stages?


Asking for identity information at the start of an onboarding flow can be a big request for users who may not be sure whether they want to use your service yet. But for financial services businesses, there’s a regulatory requirement to perform KYC at the point of account opening. It’s important to understand different use cases and levels of user commitment to work out what’s best for you.

For one eCommerce client, we added over $1m in annual revenue by moving the verification page to after checkout. It meant buyers could proceed with their purchase smoothly, but payments were held until verification was complete.

Security measures aren’t meant to be easy – but friction is bad for your user onboarding


How you introduce identity verification and set their expectations is crucial. But user pain points might not be where you think they are. In previous versions of our SDK, we’d focused on the number of clicks it would take a user to complete the process. After user testing, we found this wasn’t their main concern.

Carefully worded copy was. Now, we make clear it clear to your users exactly what documents they’ll need and what they’ll be asked to do, offering prompts and guidance at every step.


If verification takes too long, users won’t stay on the screen. But objective time and perceived time aren’t the same thing. In 2001, Amazon was ranked one of the fastest sites by its users– despite actually having one of the slowest download speeds. And when it comes to security measures, faster isn’t always better. Users need time to understand what you’re doing with their data, and in some cases, too little friction can seem too light-touch.

You can lessen perceived time for your users by showing them the value they’ll get from the process, or letting them do something else while they wait. Include a progress bar, or just send a notification to let them know when they need to come back to the app.

Building a happy, unhappy path 

with Dan Leitao, Product Manager

The truth about onboarding journeys is that no matter how great your UX, some people just won’t get it.

Ultimately, there are too many variables to ever build the perfect path. Take accessibility as an example. Some things, like a visual impairment, you can plan for. But others might be less obvious. Have you thought about how someone holding a baby in one arm might use your app? It’s impossible to plan for everything, but what you can do is build accessibility standards. That means thinking about triggers for escalating issues, and systems for monitoring multiple requests.

For us, it’s about optimising the journey. When it comes to document capture, our key concerns are that it’s readable and clear. There’s no way for us to go back and forth with you or your users, so we need to avoid bad data submissions at the outset. That way, we can give you the instantaneous decision you expect.

So, how do we do that? Looking at how many times a user re-takes a picture can help. If they’re taking lots of selfies, it might be because they’re trying to dupe your system. We escalate 4+ failures to our in-house team for manual review, so we can get a better idea of why he or she failed.

There are too many variables to ever build the perfect path

We’re also looking into how we can support more granular results. Some of you might want to automatically flag black and white documents as suspected, for instance. Understanding the logic you build off the API is instrumental to ensure we can make those changes without breaking your logic.

Other user analytics, device profiling and trigger points are in our roadmap, but as ever, your feedback in instrumental in making sure we add the right features for you.

Introduction to fraud 

with Michael Van Gestel, Global Document and Fraud Expert 

Fighting fraud starts with awareness. Surprisingly, that’s something a lot of document checking officials lack. In fact, only about 10% of these people know what they’re doing. From switching images, to photoshopping genuine passport templates to simply borrowing an ID from a family member, there are lots of ways to commit fraud with a fake document—and thousands in circulation.
They’re not going away any time soon. So, how can we combat them? It’s a game of cat-and-mouse. One day we’re ahead—the next, the fraudsters are. And it’s even easier to commit fraud online than in person. That’s because fraudsters can try many times online (as opposed to getting past border control once), and because of the average 40 security features in a 3D document, only about 10 are present in 2D scans. There are lots of challenges when it comes to reading them right.


"Only about 10% of document checking officials know what they’re doing"

Fraud indicators
Some of the security features we can look for are:
  • The construction of the Machine Readable Zone (MRZ)
  • Layout of the ID document and specific landmarks
  • Font types with exceptions, deliberate mistakes and variations
  • Some rules regarding personal number generation in specific countries
But even these aren’t foolproof. In Italy, decentralised issuance means paper ID cards will vary widely in terms of font, printing and layout. That makes detecting fraudulent patterns even harder.
Types of fraud
There are also various ways to falsify the document itself:
  • Forged documents
  • Counterfeit documents
  • Blank stolen documents
  • Fraudulently obtained genuine documents
  • Fantasy or camouflage documents
  • Impostor / look alike documents
Add in the many strange but real documents—some officials will flag as fraudulent countries they’ve never heard of, like Liberia—and the scale of the challenge becomes apparent.
At Onfido, we work with international governments and agencies to keep on top of the latest fraud trends. Thanks to internal feedback loops and collaboration with our client partners, we’re constantly adding new ways to close the gap.


We rely on you to keep us aheadso as always, any feedback on how we can improve your Onfido service is warmly welcomed. If you’d like to be involved in our decentralised identity project, hear more about our work with super-recognisers, or make suggestions for our product roadmap, we're all ears.

No Previous Articles

Next Article
BLOG | Wider Watchlists, Bigger Wins
BLOG | Wider Watchlists, Bigger Wins

Our existing Watchlist Check looks for your user on about 180 different lists, including Government Sanctio...