I have recently been involved in creating logins on a number of sites, mostly financial, that exasperate me with their tortuous verification processes. One Step, Two Step, Three Step, Four Step, FYC, XYZ whatever! Yes, it is very clever to take selfies and instant photos of identity documentation but gets pretty tedious after the first few attempts as it invariably fails.
And when it fails for the third time, I am shunted onto robot chat that states the obvious or to a “help” page that treats me like a dumbass. It is insulting.
I would firstly query the need for such stringent measures. Has anyone/organisation actually done a risk assessment analysis of real-life cases of fraud or similar? If so, I would love someone to point me to a peer reviewed paper. Not to some anecdotal blog piece!
Secondly, given that some degree of caution is needed, there are better ways to verify a person is who he says he is. All phones have a fingerprint reader for example and my bank has no trouble issuing PINSentry devices to all its customers. Or most passports now have RFID type tags carrying basic information that a cheap device could read. This is the 21st Century for heaven’s sake!
I suspect all this security is simply a CYA exercise and has nothing to do with concerns for their customers.