Customers expect digital experiences to be fast, easy, and secure. They want to create accounts, log in, check out, and manage payments without unnecessary steps. But they also expect businesses to protect their accounts, transactions, and personal information from fraud.
That balance was the focus of Sift’s Blueprint session, How to Reduce Friction Without Compromising Fraud Security, featuring Jerry Hoff, Founder and CEO of AppSec Training, in conversation with Jeremy Cannon, Trust and Safety Architect at Sift.
The discussion centered on a challenge every fraud team faces: how to stop bad actors without slowing down trusted customers. Friction can protect a business, but when applied too broadly or too early, it can suppress conversion, frustrate users, and damage trust.
As Cannon put it, the goal is “figuring out what’s the right friction, when’s the right friction.”
The strongest fraud teams aren’t trying to remove friction entirely. They’re learning where it belongs, when it helps, and how to apply it based on real risk.
Friction is any extra step in the customer journey
Friction is any additional action a customer has to take before completing a task. That could mean entering a CVV, completing two-factor authentication, uploading an ID, responding to a step-up challenge, or waiting for manual review. As Cannon explained, it’s essentially “any additional step you have to make to complete the transaction or purchase.”
The mistake is treating all friction the same. A verification step that feels reasonable during a high-value withdrawal may feel excessive during signup. A customer logging into a financial account may expect stronger authentication, while a shopper buying a low-cost item may abandon the transaction if the process feels too complicated.
Cannon warned against layering on every available control: “If we applied all these, no one would buy anything.” The goal is to understand what each step is meant to accomplish and apply it only where it helps.
Too much friction costs revenue. Too little creates risk.
Fraud teams are often caught between two competing problems. Tighten controls too much, and real customers get blocked, delayed, or pushed away. Loosen controls too much, and fraudulent transactions, account takeovers, promo abuse, or chargebacks can spread.
That pressure showed up clearly in the session’s live poll. When asked where their teams feel the most pressure, 67% of attendees said they are trying to solve both problems at once: too many trusted customers being flagged and too many fraudulent transactions getting through. Another 22% said too many trusted customers are being flagged, while 11% said they don’t have clear visibility into either issue.
A high-friction strategy may look safe in a fraud report, but it can quietly hurt conversion. A low-friction strategy may look efficient until fraud losses begin to climb. The best strategy is not maximum friction or minimum friction. It’s targeted friction based on risk.
The best friction happens when customers understand the value
Timing matters. Hoff shared an example of signing up for a cloud service and being asked to upload a passport or driver’s license before he had fully experienced the product. The request felt disproportionate because he had not yet seen enough value to justify sharing sensitive identity documents, so he abandoned the process.
That example highlights a common issue: friction feels more acceptable when customers understand why it’s happening and when it aligns with the action they’re trying to complete.
In regulated industries, marketplaces, financial services, or any environment involving money movement, identity verification may be necessary. But the same step can feel intrusive if it appears too early or without clear context.
For some businesses, the better approach is to let customers browse, create an account, or experience the product before introducing heavier checks. As Cannon explained, “Let them create an account, let them scroll, let them see what you’re selling, and then add that friction at the checkout stage.”
Fraud teams should ask not only what control to add, but when that control will make the most sense to the customer.
The right amount of friction can build trust
Friction is often viewed as something customers automatically dislike. But some friction can actually increase confidence.
For sensitive accounts, customers may see strong authentication, security prompts, or step-up verification as signs that a business takes protection seriously. If a customer opts into an authenticator app, YubiKey, or another strong authentication method, that extra step can become part of the trust experience.
The difference is whether friction feels protective or repetitive. If a customer has already completed a strong security step, forcing them through additional checks without a clear reason can feel redundant. If a customer is making a risky account change or unusual purchase, a step-up challenge can feel reasonable.
The right amount of friction is relevant, proportionate, and easy to understand. Too much friction can feel random, excessive, or disconnected from the action the customer is taking.
Consumers will accept security steps when they make sense
Customers are not necessarily opposed to friction. They are opposed to friction that feels unnecessary.
Sift’s Q1 2026 Digital Trust Index found that 42% of consumers are extremely or very worried about fraud and 93% are willing to accept additional security steps during checkout or login. That gives businesses room to apply smart friction, but not permission to make every interaction harder. As Cannon said, customers’ willingness to accept friction “does not mean we can apply it all through the journey” or make the process overly complex.
The cost of getting it wrong is high. 52% of consumers say they would stop using a platform after experiencing fraud. Even when consumers believe their bank or card issuer shares responsibility, they may still blame the website or app where the fraud occurred. And unlike a bank, a retailer, marketplace, delivery app, or digital platform can often be replaced quickly.
Friction should be driven by risk signals, not blanket rules
A one-size-fits-all approach creates problems on both ends. It adds unnecessary steps for trusted customers while still leaving room for fraudsters to work around predictable rules.
Cannon emphasized the importance of using the data a business already has to determine when friction is necessary. “Use the data you have to understand when is the right time,” he said. If a customer is using the same account, device, payment method, and shipping address they have used many times before, the experience should be as seamless as possible. If that same customer suddenly logs in from a new location, changes account details, uses a new payment instrument, or shows unusual behavior, a step-up challenge may be appropriate.
That’s the difference between blanket friction and targeted friction.
Static thresholds can also be exploited. “If you set it at $100, that’s hackable,” Cannon noted. Fraudsters can learn the rule and stay just below it. More adaptive strategies make it harder for bad actors to reverse-engineer controls while keeping trusted customers moving.
Friction needs regular review
Friction is not a set-it-and-forget-it strategy. Customer behavior changes. Fraud tactics change. Product flows change. Rules that worked six months ago may now be creating unnecessary drop-off or missing new risk patterns.
In another live poll, attendees were asked when their team last audited step-up authentication or manual review triggers. 44% said they had not done a formal audit, while 11% said it had been more than a year. Only 11% said they had reviewed triggers within the last six months.
That gap matters. Fraud teams should regularly evaluate whether each friction point is still doing its job. Are step-up challenges reducing fraud? Are trusted customers abandoning? Are manual review queues growing? Are complaints increasing? Are fraudsters adapting around known thresholds?
The best reviews are cross-functional. Cannon recommended working with teams across the business, asking, “What is the customer experience team experiencing? Are people complaining that they can’t get their orders through?” Finance should also be part of the conversation, because fraud controls need to be evaluated against revenue impact, not just fraud reduction.
The goal is better decisioning
Reducing friction without compromising fraud security does not mean removing every extra step. It means applying the right response to the right user at the right moment.
For low-risk customers, that may mean a fast, nearly invisible path to conversion. For suspicious behavior, it may mean step-up authentication. For high-risk activity, it may mean manual review, a hard block, or post-transaction monitoring. For sensitive journeys like payouts, withdrawals, or account changes, it may mean stronger verification.
The common thread is precision. Smart friction protects revenue in both directions. It stops fraud from getting through and keeps trusted customers from getting pushed away.
As Cannon explained, the message to customers matters too: “You want to make sure that they know this is for their safety, to protect their purchases, their information.”
That is the opportunity for fraud teams: make security feel like part of the customer experience, not an obstacle to it.
Watch more sessions from Sift’s Blueprint series to learn how leading fraud teams are building smarter, more adaptive risk strategies.
