Usability (UX) vs security in online identity verification

We all want the technology we use for onboarding new customers in our businesses to be as simple as possible, while still being the most secure in the world.

It makes sense, but we need to recognise that, although this is the main goal for companies that develop these types of solutions, it’s often very difficult to strike the right balance between two seemingly opposing forces: usability and security.

Today, we’re going to look at the factors to consider when analysing these variables (usability or user experience versus security) in a remote identity verification project. In most cases, it’s the client who needs to make decisions about configuring the technology, depending on their specific use case, the sensitivity of the data, applicable regulations in their sector, and so on.

Not all applications require the same level of security. Businesses want to offer users simple verification processes, but at the same time, they need to ensure these processes are robust enough to prevent fraud or identity theft.

What do we mean by usability in an identity verification process?

Usability, or user experience in the context of online identity verification, refers to how intuitive and easy it is for people to identify themselves when signing up to a platform.

To make the process simple, users need guidance with clear instructions so they can complete it quickly and without errors.

When we say that the registration process needs to be intuitive, we mean that someone with no advanced technical knowledge and who has never used the application before should be able to register without any issues. The steps should be straightforward and easy to follow.

It’s important to remember that the challenge with digital onboarding processes is that they’re usually only done once, and at a time when the customer hasn’t yet interacted with the company’s applications or systems.

Friction when using identity validation applications

You always need to put yourself in the shoes of your customer — the end user who’s going to use the application. The more steps and actions we ask them to take, the more obstacles we put in their way, making it harder for them to reach their goal of completing the registration process.

Barriers like complicated forms, multiple screens, and the need to remember complex passwords create friction, which can drastically lower conversion rates.

Additionally, when the technology isn’t up to scratch or the tools aren’t properly calibrated, the system might fail to capture either the identity documents or the user’s face correctly. This often means the user has to repeat the process, causing frustration.

Is it possible to reduce UX friction while maintaining security in identity verification processes?

Fewer steps, better user experience

A basic principle in any digital process is that the more steps required, the higher the risk of users abandoning the process. In digital identity verification, it’s crucial to minimise the actions required from the user without compromising security.

Optimising the process can be achieved by using technologies like OCR (Optical Character Recognition) for automatic data extraction and simplifying forms. This means users don’t have to manually input all the information from their documents, as the system can capture it directly from an image. By removing unnecessary fields and automating steps, the user experience is significantly improved.

This approach helps reduce friction, leading to higher conversion rates, without compromising security, as the removed steps don’t affect the biometric or document verification process.

Biometrics enhance usability compared to passwords

Passwords have long been a standard security measure, but they come with significant usability issues.

People tend to forget passwords, reuse them, or create combinations that are easy to guess, compromising both security and the user experience.

Biometrics make it easier to replace complex passwords and security questions with solutions like facial recognition or voice biometrics. With these methods, users don’t need to remember anything, eliminating the cognitive burden of managing multiple passwords.

Unlike passwords, which can be stolen or guessed, biometric data is unique to each individual, significantly improving security.

Guiding the user with interactive prompts

Another key aspect of improving the user experience is the interaction with technology during the verification process. Many users may not be familiar with the steps required to complete identity verification using document scanning and facial biometrics, so guiding them with clear, real-time prompts is essential.

• Step-by-step instructions: Providing clear guidance during the process, such as “Make sure your document is well-lit” or “Keep your head still while taking the selfie”, reduces errors and increases the likelihood of success on the first try.

• Immediate feedback: By offering real-time interactive messages, users can correct mistakes as they go (for example, if the document photo isn’t clear, there’s a reflection, or the angle is wrong), preventing them from having to start the process over again.

Mobbeel’s solution analyses different frames in real-time, providing feedback to guide the user until it automatically detects the expected document and captures it.

Automatic document and selfie capture

One of the most effective features for improving the user experience is automatic document and selfie capture. Instead of relying on the user to handle the process, the technology itself automatically detects when the conditions are optimal for capturing the image. This minimises human error and reduces the number of failed attempts.

By removing the need for users to manually take photos, we ensure that the system captures the best possible quality image (both of the identity document and the person’s face), as the technology can automatically detect the right moment to take a well-focused, well-lit image.

Passive liveness detection

Unlike active methods that require user participation, such as moving their head from side to side, passive liveness detection works without any interaction. Users simply position their face in the centre of the oval.

This removes any friction from the process, improving the user experience without compromising security.

Enhanced usability with cross-platform solutions

Today’s users are omnichannel and expect to complete onboarding from any device, whether it’s a mobile, tablet, or desktop computer.

Identity verification solutions that allow for cross-platform interoperability not only improve usability but also increase success rates by offering greater flexibility to the user.

A good example of usability in identity verification is the digital onboarding process offered by MobbScan. This system allows users to scan documents and perform liveness checks with minimal intervention.

Security of identity verification solutions

Security of internal systems and processes

A fundamental certification to ensure the security of a provider’s verification systems is ISO 27001 for information security management.

Mobbeel is ISO 27001 certified. All information stored by our cloud-based products uses encryption mechanisms provided by the storage systems employed, at both the file and database levels, as well as for backups.

Additionally, our digital onboarding solution is approved and included in the Catalogue of ICT Security Products and Services (CPSTIC), meeting the high security requirements set by the National Cryptologic Centre (CCN).

The tests conducted to be included in the catalogue cover everything from forged identity documents to attacks on facial recognition systems (including screens, videos, hyper-realistic masks, professional makeup, deepfakes, etc.). All these tests are outlined by the CCN in Technical Instruction IT-14 for the certification of the Biometric Evaluation Module (MEB).

Advanced biometrics as the cornerstone of security

Biometrics not only verify identity reliably but also reduce dependence on passwords and security codes—both of which are more vulnerable to attacks like phishing—by linking verification to unique features such as biometric patterns.

Biometric technologies, such as facial recognition, voice, or signature verification, play a crucial role in protecting user identity. Biometrics provide a unique, non-transferable method of authentication, as physical or behavioural traits cannot be easily replicated.

Accuracy, reliability, and bias

Mobbeel’s biometric engines are trained using artificial intelligence to improve accuracy and reduce bias.

We adhere to the NIST standard for facial recognition algorithm evaluation, ensuring fairness in assessment and working to prevent biases related to race, age, and gender.

Evaluations conducted by the NIST’s Face Recognition Vendor Test (FRVT) (1:1 and 1) demonstrate that Mobbeel’s systems have a high degree of accuracy and reliability in facial recognition processes.

Spoofing detection

Liveness detection is a security mechanism that ensures the person involved in the verification process is physically in front of the device, rather than being a photo or pre-recorded video. This technology is essential for combating presentation attacks (spoofing), where fraudsters attempt to deceive the system using images or videos of someone else.

There are two types of liveness detection:

• Active liveness detection: Requires the user to perform certain actions, such as moving their head or blinking, to prove they are physically present.

• Passive liveness detection: Requires no user interaction, as the system automatically detects if the person is alive by analysing biometric signals such as subtle eye movements or blood flow.

Document verification and fraud detection

In addition to biometric authentication, a robust identity verification process must include document validation to ensure the documents are genuine and have not been tampered with. Technologies like OCR and data extraction via NFC (for documents with embedded chips) allow the system to verify the authenticity of identity documents and detect any alterations.

Additionally, advanced solutions like MobbScan incorporate fraud detection techniques that analyse both the content and appearance of the document (verifying the integrity of QR codes, typography, and potential manipulation of the facial image).

with international regulations and standards

Global regulatory frameworks, such as PSD3 for financial transactions or eIDAS 2 in the European Union, require that verification processes meet specific security requirements. These regulations ensure that electronic transactions and identity verification are conducted securely, minimising the risk of fraud.

Adhering to these standards is essential for companies operating in critical sectors such as finance and banking, where security requirements are more stringent.

Mobbscan incorpora un módulo de detección de ataques de presentación (PAD) que incorpora medidas contra los siguientes instrumentos de ataque (PAI):

• Imágenes impresas.

• Máscaras de papel, silicona o látex.

• Capturas o imágenes en pantalla.

• Grabaciones de video.

• Caracterización o maquillaje.

• Deepfakes.

• Inyecciones de video.

Next up: Balancing user experience and security to prevent fraud

Ready for more? Follow the rest of this article on Mobbeel´s blog>.