Here are some lessons I’ve learned as a Product Manager during my time at JUUL on their Connected Devices team. These lessons draw on observing over 500 users complete eIDV in-person with both a physical scanner and mobile app performing ID check and selfie match in Canada for a pilot.
The JUUL mobile app I helped develop onboarding for.
Lesson 1 : Speed Matters
- 72% of users believe onboarding should be complete in less than 60 seconds (Clutch, Elizabeth Ballou). Balancing this user expectation with each company’s unique Risk Team requirements is near impossible when relying on legacy vendors employing human verification.
- On average users would receive a verification response from the eIDV vendor in 70 seconds. This felt like an eternity to a customer waiting to use their product (i.e. goal conversion) and lead to users leaving onboarding and never revisiting again. Oftentimes verification could take more than 3 minutes if image glare was present or the manual verification was flooded with a spike in traffic.
- Berbix takes a fully automated approach to eIDV to provide deterministic results with a P99 response time of less than 2 seconds. With a recent vendor bake-off this translated to a 20% increase in user acquisition. Speed matters.
- eIDV answers if a user is who they say they are. Firstly, this is achieved by verifying a credential like a driver’s license is valid (authenticated to be issued from a trusted authority like DMV and not fraudulent). Secondly, eIDV should then locally authenticate a user (selfie vs. ID portrait photo match) to prove they are present when that credential is asserted. When validating a credential most eIDV first took an approach to the market relying on OCR (optical character recognition) based on the front of ID and creating a library of valid ID templates. Learnings from the Trust & Safety team at Airbnb taught the Berbix founders that this approach is slow, cumbersome and oftentimes inaccurate. By coupling a back-of-ID scan Berbix leverages information contained in the barcode of an ID to to quickly validate a credential while also leveraging front of ID components. This patent-pending approach means users are validated more quickly than with legacy vendors to deliver you more verified customers.
Trailing 90-day API Cycle Response Time P99 <2 Seconds
Lesson 2 : Give Feedback ASAP
What is intuitive to you, may not be to your users. While adoption of ID scans and selfies on mobile is increasing across all industries and becoming a consumer expectation during this contactless age of COVID-19 - your users will likely not retain any of your onboarding guidance. Berbix’s founders learned from founding the Trust & Safety team at Airbnb that front-end validation is necessary to give users quick feedback in order for them to successfully complete the eIDV flow.
Berbix example of coaching users through liveness detection with auto-capture.
- Fast feedback means users are coached in real time. As Berbix uses frontend validation with lessons learned from Airbnb this is what our users experience. Our WebRTC camera-capture process coaches users to get the highest quality image possible. This ensures the expiration date is visible, a user is performing a liveness check correctly and the image is of high enough fidelity to match to the portrait photo on ID.
- Providing users feedback after image submission and processing of 70 seconds or longer is simply too long. At that point the user has lost interest and may have forgotten the reason their image was rejected in the first place. Additionally, many eIDV vendors require users to complete all eIDV steps all over again (front, back of ID scan, selfie and liveness check)! In contrast Berbix returns a user mid-flow to complete the eIDV step with an acceptable error. In turn, this drives significantly higher completion rates than other vendors. Provide a dead simple UX and deliver value to your users ASAP.
- Front-end image validation is necessary if user acquisition matters to you. API based image upload and processing validation means the response time to a user on why a certain image has failed takes significantly longer. Factors validating image quality like lighting, legibility, glare, machine readable zones, and liveness detection done in realtime for users mean that the user has the chance to correct the issue on the spot. An API wrapper based approach does not allow for the highest-conversion rate, best UX or most accurate results. Take this into consideration when testing vendors.
Lesson 3 : Explain The Why
If you have read this far you probably have come across Simon Sinek’s “Start with the Why” TED Talk and know the importance of speaking to benefits instead of features. Whether it is a marketplace where you are building trust among users by verifying identities or onboarding new customers at a Fintech company, explaining why eIDV benefits the end user is critical as users become more concerned with how their data is used.
- At JUUL making users feel like they were heroes for completing eIDV successfully because they are combating underage usage was key. Messaging and success screens explaining the company mission statement “...transition the world's billion adult smokers away from combustible cigarettes, eliminate their use, and combat underage usage of our products” meant end users were more willing to provide sensitive PII as they were part of something larger than themselves.
- This principle holds true in marketplaces where bad actors threaten the integrity of car sharing platforms and gigworkers delivering goods or taskers setting up IKEA furniture. It is a lot easier to do business with people you know and trust, a quick proxy for that is a verified government issued-credential and ensuring that person is actually present (i.e. local authentication).
- Berbix has actually found that asking for users to opt-in to eIDV actually translates to higher conversion rates among Berbix’s user base. Gaining user consent by explaining why remote-proofing must happen and why user data is secure gets buy-in to onboard more users. Explain the why and get higher completion rates. Find a partner with SOC 2 type 2 compliance, HIPAA, and BPA compliant and offload the internal resourcing required to deliver customers a secure, trustworthy eIDV process.
In my next post I’ll detail some more learnings from my experience auditing >1,000 records in an admin dashboard and using legacy eIDV vendors during the time I was responsible for user onboarding and unauthorized use as a Product Manager. Care to discuss?
-Christian Kendall, Chief of Staff, Berbix | LinkedIn