Photo Confirmation Should Not Exist in Every Action
Why risk-based photo confirmation in DARCA is not unnecessary friction, but a more mature antifraud logic
One of the weakest habits in fintech is trying to protect the product with the same level of friction for everyone. The result is predictable: normal users keep going through extra steps, while attackers are not aiming for the “average” action anyway - they are looking for the moment when the cost of a mistake is highest. That is exactly why protection that is always on often makes the product heavier, but not necessarily smarter.
In DARCA, photo confirmation is designed differently. It does not appear in every action and it does not become a mandatory ritual for everyone. It is triggered only when the system sees an anomaly: a large amount, unusual behavior, suspicious context, or a flow that falls outside the norm. If the action is not confirmed, it simply does not go through.
In my view, this is where the real line sits between blunt protection and mature protection. Blunt protection works from the logic of “check everyone more often.” Mature protection works from the logic of “escalate where the risk is actually higher.” In that model, photo confirmation is not a decorative security feature, but a precise step-up mechanism that appears exactly when the normal flow is no longer enough.
The most important part here is proof of intent. If the action is not confirmed, the disputed operation does not happen. That reduces not only fraud risk, but also the number of grey-zone cases that later have to be investigated manually. And that is why this mechanism matters not only for antifraud, but also for operational efficiency. When the product can strengthen verification in anomalous scenarios, support ends up with fewer disputed operations where the team has to reconstruct afterwards who really initiated the action and whether it was actually the device owner.
That is exactly why photo confirmation should not live in an always-on mode. The moment protection becomes permanent and identical for everyone, it starts punishing normal users more than it actually helps the system. But when it appears only where the cost of error is truly highest, it stops being noise and starts functioning as an intelligent part of the product.
For me, the main conclusion here is simple: mature security does not begin where the system endlessly verifies the user. It begins where the system understands exactly when stronger protection is justified, and introduces it at the point where ordinary verification is no longer enough.
And that is much stronger than simply adding one more mandatory check “for everyone just in case.”
Which security model feels more mature to you in fintech - constant verification for everyone, or precise step-up only in risk scenarios?
