Conventionally, you have to rely on signals to trust a new user - on a device IP, a phone number, or credit database look-up. But these signals can also be exploited by imposters. This creates constant uncertainty, so you can’t focus on the user's experience, and instead start treating them with doubt.