As a sales manager, I love to challenge prospective customers with a new way of thinking about a topic. I speak to banks and financial service companies every day about e-signatures and how to go digital and mobile with their customer transactions. The same questions tend to come up over and over, but last week at In|Vest 2017, a wealth manager asked me a question about authentication that's worth sharing.
eSignLive and Appway Presentation
In|Vest is the wealth management industry’s leading financial technology event. Earlier this month, I was honored to co-present there alongside Appway.
Appway and eSignLive have a strong partnership. Our solutions are integrated and work together to enable fully digital onboarding. For the last few years, we’ve seen a noticeable increase in e-signature adoption in wealth management, where the primary use case for e-signature is digital onboarding. At In|Vest, we spoke about how clients expect a digital onboarding experience that's seamless and tailored to meet their needs. At the event, the interest in a digital and mobile onboarding process–complete with e-signatures–was easy to see. The room was full and there were plenty of questions.
But wealth managers are just not moving to digital fast enough.
The good news is that, “Rapid onboarding for new clients is a top priority for wealth in 2017 and digitization will replace the use of paper forms and wet ink signatures,” according to analyst firm CEB. In fact, “By 2020, 51% of wealth executives plan to adopt new e-signature technology, or replace their current e-signature solution.” By the way, eSignLive is offering a complimentary copy of this CEB report.
One of the most popular questions during our presentation was on authentication. An attendee asked:
“What’s the best way to authenticate millennials online, specifically those who have almost no electronic presence?”
The first step is identity proofing. First you need to confirm that Jane is who she says she is, before you can authenticate her online.
One of the most reliable ways to confirm a new client’s identity (in a remote onboarding scenario) is to use Dynamic Knowledge Based Authentication (Dynamic KBA). This provides a high degree of assurance that a new and otherwise unknown client is who they say they are. With dynamic KBA authentication, questions are compiled from public and private data such as marketing data, credit reports, or transaction history.
To start, basic identification factors (name, address, date of birth) must be provided by the client. These are checked against a third-party service, such as Equifax. Then out-of-wallet questions are generated in real time, making it difficult for anyone other than the actual user to answer correctly. “Out-of-wallet” information is something that wouldn’t typically be held in someone’s wallet, social media site, or even a utility bill, making it more difficult to impersonate that individual. For example, questions about previous addresses, like:
Which of the following streets have you NEVER lived on?
According to LexisNexis, “Dynamic KBA can be made more effective because of the depth and breadth of questions which reference both current and historical information. The data used to generate these questions should include sources that are generated through non-traditional or ‘alternative’ data in order to capture customers who may not have traditional credit profiles. […] These data sources need to take into account populations that may not have typical credit profiles, referred to as thin credit customers, such as those in younger demographics.”
I asked attendees to think about what they're already doing today. How do they authenticate new clients–especially those with no electronic presence? Through their call center or by mail?
At this point, our In|Vest presentation really took off.
For the initial onboarding, many still require a face-to-face meeting where the client uses a piece of government-issued photo ID to prove their identity. Either the wealth manager travels to the client, or the client travels to the wealth manager’s office. If you're asking prospective clients to fax or mail in a copy of their driver’s license, you can get them to take a photo with their smartphone and upload that instead.
We also heard some very interesting alternative identity verification methods that firms have adopted. The first-place ribbon for creative solutions goes to the age of the email address the prospective client is using. This is not an authentication model we would recommend you use, but I will say it was creative.
Authentication is Step #2
Once a client’s identity is confirmed, they're typically given credentials such as a username and password to facilitate future transactions. User authentication is the process of verifying credentials, prior to giving access to a system–in this case, the e-signing ceremony.
When using eSignLive, you have a few options for authenticating remote clients, but I recommend SMS PIN. It’s easy to use and we're all familiar with texting. eSignLive generates a unique PIN and sends it to the customer’s cell phone. The signer types it into a browser to authenticate. Email authentication, combined with SMS PIN, provides a reliable two-factor authentication process. And unlike DocuSign, there's no additional charge for SMS authentication with eSignLive.