Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Smart friction in fraud security: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Fraud teams should use targeted friction rather than blanket step-ups, because 67% of attendees said they are struggling to block fraud without flagging trusted customers, while 93% of consumers say they will accept additional security steps during checkout or login, according to Sift. The key challenge is making friction proportional, risk-based, and timely enough to protect both conversion and trust.

NHIMG editorial — based on content published by Sift: How to Reduce Friction Without Compromising Fraud Security

By the numbers:

Questions worth separating out

Q: How should fraud teams implement targeted friction without hurting conversion?

A: Start by classifying journeys by risk and customer intent, then assign the lightest effective control to each path.

Q: When does friction become a security problem instead of a control?

A: Friction becomes a problem when it is applied without context, repeated after a user has already proven trust, or triggered by static thresholds that attackers can learn.

Q: What do security teams get wrong about step-up authentication?

A: They often treat step-up as a single control rather than a policy outcome.

Practitioner guidance

  • Map friction to specific risk states Separate low-risk, medium-risk, and high-risk journeys and assign different controls to each, such as passive monitoring, step-up authentication, or manual review.
  • Audit threshold drift regularly Review step-up triggers, manual review queues, and abandonment patterns on a fixed cadence so controls do not become outdated or easy to predict.
  • Sequence verification to match user intent Place heavier identity verification after customers have seen value, unless the transaction risk justifies earlier intervention.

What's in the full article

Sift's full session covers the operational detail this post intentionally leaves for the source:

  • The live discussion of how to decide when friction belongs at signup, login, checkout, or account change.
  • The practical examples of step-up authentication, manual review, and identity verification used to balance fraud loss and conversion.
  • The audience poll results and commentary on where teams are struggling most with trusted-user flags versus fraud leakage.
  • The customer-experience framing that helps teams explain why a control exists without overloading users.

👉 Read Sift's session on reducing friction without compromising fraud security →

Smart friction in fraud security: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Right-sized friction is a policy design problem, not a UX preference. Fraud teams often frame friction as a customer-experience issue, but the deeper issue is governance. Every extra step is a policy decision about assurance, loss prevention, and user abandonment, and those decisions must be aligned to risk context rather than static thresholds. The strongest programmes treat friction as a dynamic control surface, which means the practitioners’ job is to tune policy to risk, not to maximise or minimise friction indiscriminately.

A question worth separating out:

Q: Who is accountable when fraud controls block trusted customers or miss fraud?

A: Accountability should be shared across fraud, IAM, product, and finance because the control affects security, conversion, and customer trust at the same time. Governance breaks when one team owns the rule but another absorbs the business impact. Shared review and clear escalation paths are the only practical answer.

👉 Read our full editorial: Smart friction in fraud security: why timing matters most



   
ReplyQuote
Share: