Who Are You?: Digital Identity in a Transactional World

An interesting phenomenon is happening in Fintech. In fact, you could see it on the tradeshow floor at Money 2020 this year. Where in 2017 there was a plethora of payment companies showcasing their novel ideas and disruptive technologies, this year, those companies were virtually (pun not intended) nowhere to be found.

With Visa announcing a 2019 Q1 roll out of B2B Connect (a blockchain-based visual identity system) on October 21, Singapore recently decreeing that it will create a centralized biometric system as part of its National Digital Identity (NDI) system, and PWC’s recent Digital Banking Consumer Survey pointing out an emerging preference for mobile banking which will only bring digital identity to an inflection point, it’s no wonder this year’s tradeshow floor at Money 2020 was a showcase for dozens of digital identity companies.

But Money 2020 isn’t the only place these conversations are coming to a head. Here in New York in September, the United Nations held the first ever summit of its ID2020 Alliance, a private public partnership committed to improving lives through digital identity. Indeed, the UN and World Bank ID4D initiatives set a goal of providing everyone on the planet with a legal ID by 2030. Even the American Banker’s recent RegTech conference zeroed-in on Know Your Customer (KYC), fraud, money laundering and fake accounts.

Being asked to produce “two forms of ID from the following lists” is hopelessly anachronistic in a world of automated password managers, RFID-drive payment systems, and biometric authenticators on our mobile phones. Indeed, a seamless and secure e-ecosystem is critical for fueling the growth of the digitized economy. The idea of having a single, digital identity that can replace a plethora of physical items from your passport and driver’s licence to your library card is a concept that is well passed its time, and already presumed to exist… but does it? Breaches seem to indicate we’re not quite there.

If Dave Birch of Consult Hyperion is correct, identity is the new money. So then it must go without saying that the future of financial transactions is keeping identity safe. We will want to be able to access and use it easily, and to be certain it is completely secure – exactly the conditions we have relied on our banks and credit card companies to ensure when it comes to our money for centuries.

To achieve a single digital identity, it’s mandatory to accurately identify each user and establish unique ownership of underlying transactions. With the increased use of online platforms to access financial and transactional services, there are some major outstanding questions to be addressed. Who will own the digital identity: the institution, the company, or the customer? Who will be liable if a digital identity is wrongly authenticated with damaging results? What would be the impact of a cyberattack that resulted in the hacking of a huge number of digital identities entrusted to the safekeeping of a provider? Should banks and fintechs be attempting to provide digital identity for everyone or just their own customers? Everyone in their home market or across borders in our increasingly global village? Will there ever be – and do we need – a universal digital identity as the UN suggests is required, and if so, what role should banks and or other financial services companies play here?

These are significant challenges for both incumbents and startups that are looking to expand or attract new customer bases as they build new product offerings.

Here are a few things to remember.

Monetizing Security Investments in New Products

Digital transformation, particularly mobile-first, will accelerate with rising consumer expectations for fast, frictionless experiences at scale. Incumbents in financial services, in particular, will be forced to fend off nimble entrants unencumbered by legacy systems, or turn investment in security to their advantage leveraging trust in their brands.

“Security and privacy teams need to know exactly who is accessing what and resolve identities across entry points. Marketing can use that same capability in the martech stack for personalization — transforming a security mandate into a CX enhancement.” (Forrester, Predictions 2018, A Year of Reckoning)

We agree.

‘1-Click’ eCommerce is Both a Game-changer and a Risk

Amazon’s patent on 1-Click commerce expired in 2017 opening the floodgates for online retailers that have managed to accelerate checkout speeds as much as 40 percent through their own innovations. But, eCommerce players will need to carefully balance friction and fraud to achieve optimal ROI—without turning off customers or rewarding savvy cyberthieves. As a Shopify partner, this is something we keep in mind on a regular basis when building for our clients.

Faster Payments = Faster Theft

With velocity increasing, new fraud tactics are quickly emerging in peer-to-peer and sharing-economy platforms — from Uber or Lyft rides that never actually happen to Saturday afternoon Venmo or PayPal transactions that turn into Monday morning nightmares. The fact is, the same technologies that streamline operations can be used to rob businesses blind. Delighting users can be both brilliant, but tricky but when building new products you cannot and should not sacrifice security in the build. If you do, you’ll either sacrifice your brand or never achieve anything but a sullied reputation.

Identity Credentials Now a Dime a Dozen… or Less

In a post-breach world, it’s inevitable that there is downward pressure on the cost of personal identity records. A recent study from Google shows that in just one year, nearly two billion login credentials went up for sale on dark web forums. And with “fullz”—a slang term used by credit card hackers and data resellers meaning full packages of individuals’ identifying information—now only fetching $10 a record, social security numbers, birthdates, usernames, passwords, challenge questions and more could soon come cheaper by the dozen which means volume will be the driver and more breaches will be inevitable if digital identity is not part of your product roadmap.

Responsible Product Builds

In emerging economies, nearly one billion people who’ve never even owned a bank account will soon find themselves managing their entire financial lives on mobile devices. In advanced nations, young consumers are embracing a host of new connected devices and otherwise savvy seniors are venturing online without a thought about privacy or security. These and other vulnerable populations will prove tempting targets to cyberthieves.

Those developing products with financial transactions at their core owe it to their users to reset boundaries when it comes to digital identity (check out our interview with Andre Boysen of SecureKey) to keep both their customers and their brands safe.

———————————————

Have a question about digital identity and a fintech product build? There’s more to come in future TWG newsletters. Sign up here.