Last week in NYC, OWI hosted a panel discussion with BioCatch, InfoMart, Ipsidy, PTB Ventures and Uniken on Innovation in Identity.
Identity is Broken
The first question was, is identity broken? The answer was a unanimous yes. No one disagreed on that; rather the discourse was around what to do about it as global citizens and businesses.
We are all aware of high profile data breaches and the seemingly endless news of personal data being compromised. A popular view was that this is happening because of the many layers that we currently have around establishing identity. Entities tend to glue a lot of pieces together to verify an identity including passwords, devices, ID’s, biometrics and such.
Beyond the layers or pieces, you have other variables to consider. Take payments as an example. You have consumers, employees and multiple device types as variables. All of these must be considered and accounted for in a verification solution, and all agree that humans are the weakest link.
The view was that these layers are what make systems vulnerable and allow hackers to win, and what is missing is a complete identity verification solution that puts the pieces together wholly from the start, say at customer onboarding. The overwhelming majority of fraud is in the onboarding step and can be avoided with sufficient solutions. However, the identity must then be continually verified.
Further evidence to how pervasive the identity problem is, top carriers from the TelCo industry are joining together for Project Verify in which AT&T, Sprint, T-Mobile, and Verizon promise a solution to change identity management and security, replacing passwords with more secure, device-based, multi-factor authentication.
Trends in ID Verification Solutions
Most agreed that biometrics and Artificial Intelligence (AI) are key moving forward. Research group Goode Intelligence has projected that over 580 million bank customers will use cloud-based biometrics by 2020.
One trend is focusing on behavioral biometrics, which may lead to better solutions. This includes obvious things like keystrokes and device use/habits, but can also tap into subconscious behavior. This is one way to beat sophisticated hackers.
Biometrics will also continue to play a big role in the US Army Intelligence with Biometrics Enabled Intelligence (BEI) and in border and access control with continued terrorist threats. With 1.8 billion international arrivals expected worldwide in 2030, identity management is going to become even more complex because not all countries, government agencies, airports and airlines are at the same level of technological maturity.
Other trends included a focus on establishing trusted devices that are tied to identities, creating one single, strong login vs. multiple logins across accounts, mutual authentication – between businesses & consumers – and blockchain.
The US vs. the Rest of the World
Identity verification solutions vary greatly depending on the region. There are socioeconomics, governing systems and adoption rates to consider. In the US for example, there is not a strong identification background. There is a need to redefine this and build a stronger infrastructure. South America was mentioned as an example where identity is linked straight to the government database. Another example was the Bank ID program in Sweden. A consortium of trusted banks downloaded tokens on consumers’ computers and they use the bank ID system for activities such as voting.
Most felt that the emergence of technology will develop and be adopted outside of the US and migrate back. We are seeing many countries adopt verification technology around voting, airports/travel and payments like China’s Alipay and WeChat Pay.
What is the Solution?
Everyone recognizes there is problem with identity verification today. All industries will be looking to solve it and claim that they are “the platform.” It really depends on use case and industry to get a best of breed solution. There is no perfect solution out there.
The concept of a trusted Self Sovereign Identity (SSI) platform was discussed. Is this the answer? Not all agreed. The idea was that with SSI, consumers can present claims that are true to other people without having to go through a third party. Individuals would control what personal data they share, how and with whom. Advantages include enhancing privacy, economic benefits and decentralization.
All agreed that the private sector will drive the solutions and be led by the financial sector, as they have the most to gain and the most to lose.
It was also agreed that at the end of the day consumers want anywhere, anytime capability and convenience. They don’t want security to be their concern in transactions they conduct and do not view this as their problem. Rather consumers want the institution or business they are transacting with to deal with and solve it. Abandonment rates today are as high as 40%; if people can’t do it fast, they are on to the next. There are simply too many choices in every industry and a good experience is key. The bottom line is consumers will avoid friction – but at what cost?