Buying a new smartphone is not a crime

From time to time people switch devices, but this doesn't mean they are a fraudster.

Why do people get new phones?

This week Apple announced the iPhone 13 which will start another cycle of users changing their devices. My own personal phone journey started with a Nokia device at age 10, followed by a series of flip phone models, before I switched to an Android device in 2009 and an iPhone in 2012. 

Users switch devices because they want to upgrade to the latest models for new functionality, or they  need to replace phones that are lost and stolen. On average a user will change out their phone about every two years.

The reality is that only 0.5% of device changes are fraudulent. Yet the changing of a mobile device can be one of the highest friction tasks for a mobile user, removing some of the joy and excitement from the new phone experience. Today's mobile users have on average 40 mobile apps on their phone. When a user switches device, all these apps will want the user to re-authenticate to prove they are legitimate.

So why all the friction when changing devices?

When it comes to authorizing a new device, financial institutions add a lot of friction to make it harder for fraudsters to take over user accounts. We've seen a variety of high friction activities being required of users to enable access to their account from a new device, including being required to go in a physical branch, to call the contact center, or go through additional identity verification steps. Perhaps all this friction is intended to make the user feel like the financial institution is taking extra care? In truth, most users are not convinced. 

Location is the strongest trust signal

Today’s smartphones contain sensors and technologies that make it very easy to detect whether this is the legitimate user or a fraudster trying to take over a user’s account.

One thing shared in common by 89% of legitimate device changes, is that they happen when the "real" user is at a trusted location. A place that is part of their routine and highly frequented by them. By using location behavior patterns, financial institutions can reduce the friction for legitimate users and get them up and running quickly with their new devices.

To take advantage of frictionless device change, users need to opt-in for location permission on apps making use of Incognia zero-factor authentication.

For now I'm sticking with my current iPhone.

Most recent

Why Incognia when considering behavioral biometrics

Location behavior offers a compelling authentication signal for banking and financial services

Why it's time to stop relying on static credentials

Static credentials are vulnerable to exposure via social engineering attacks and data breaches.

Why OTPs shouldn't be part of a passwordless strategy

A one time password (OTP) is a password that lasts for just a short time - but it's still a password, and shouldn't be part of passwordless authentication