Who Are You?: Digital Identity in a Transactional World

A view from the financial capital of the globe

Rob Kenedi General Manager, TWG NYC

Nov 1, 2018 • 6 min read

An interesting phenomenon is happening in Fintech. In fact, you could see it on the tradeshow floor at Money 2020 this year. Where in 2017 there was a plethora of payment companies showcasing their novel ideas and disruptive technologies, this year, those companies were virtually (pun not intended) nowhere to be found.

With Visa announcing a 2019 Q1 roll out of B2B Connect (a blockchain-based visual identity system) on October 21, Singapore recently decreeing that it will create a centralized biometric system as part of its National Digital Identity (NDI) system, and PWC’s recent Digital Banking Consumer Survey pointing out an emerging preference for mobile banking which will only bring digital identity to an inflection point, it’s no wonder this year’s tradeshow floor at Money 2020 was a showcase for dozens of digital identity companies.

But Money 2020 isn’t the only place these conversations are coming to a head. Here in New York in September, the United Nations held the first ever summit of its ID2020 Alliance, a private public partnership committed to improving lives through digital identity. Indeed, the UN and World Bank ID4D initiatives set a goal of providing everyone on the planet with a legal ID by 2030. Even the American Banker’s recent RegTech conference zeroed-in on Know Your Customer (KYC), fraud, money laundering and fake accounts.

Being asked to produce “two forms of ID from the following lists” is hopelessly anachronistic in a world of automated password managers, RFID-drive payment systems, and biometric authenticators on our mobile phones. Indeed, a seamless and secure e-ecosystem is critical for fueling the growth of the digitized economy. The idea of having a single, digital identity that can replace a plethora of physical items from your passport and driver’s licence to your library card is a concept that is well passed its time, and already presumed to exist… but does it? Breaches seem to indicate we’re not quite there.

If Dave Birch of Consult Hyperion is correct, identity is the new money. So then it must go without saying that the future of financial transactions is keeping identity safe. We will want to be able to access and use it easily, and to be certain it is completely secure – exactly the conditions we have relied on our banks and credit card companies to ensure when it comes to our money for centuries.

To achieve a single digital identity, it’s mandatory to accurately identify each user and establish unique ownership of underlying transactions. With the increased use of online platforms to access financial and transactional services, there are some major outstanding questions to be addressed. Who will own the digital identity: the institution, the company, or the customer? Who will be liable if a digital identity is wrongly authenticated with damaging results? What would be the impact of a cyberattack that resulted in the hacking of a huge number of digital identities entrusted to the safekeeping of a provider? Should banks and fintechs be attempting to provide digital identity for everyone or just their own customers? Everyone in their home market or across borders in our increasingly global village? Will there ever be – and do we need – a universal digital identity as the UN suggests is required, and if so, what role should banks and or other financial services companies play here?

These are significant challenges for both incumbents and startups that are looking to expand or attract new customer bases as they build new product offerings.

Here are a few things to remember.

Monetizing Security Investments in New Products

Digital transformation, particularly mobile-first, will accelerate with rising consumer expectations for fast, frictionless experiences at scale. Incumbents in financial services, in particular, will be forced to fend off nimble entrants unencumbered by legacy systems, or turn investment in security to their advantage leveraging trust in their brands.

“Security and privacy teams need to know exactly who is accessing what and resolve identities across entry points. Marketing can use that same capability in the martech stack for personalization — transforming a security mandate into a CX enhancement.” (Forrester, Predictions 2018, A Year of Reckoning)

We agree.

‘1-Click’ eCommerce is Both a Game-changer and a Risk

Amazon’s patent on 1-Click commerce expired in 2017 opening the floodgates for online retailers that have managed to accelerate checkout speeds as much as 40 percent through their own innovations. But, eCommerce players will need to carefully balance friction and fraud to achieve optimal ROI—without turning off customers or rewarding savvy cyberthieves. As a Shopify partner, this is something we keep in mind on a regular basis when building for our clients.

Faster Payments = Faster Theft

With velocity increasing, new fraud tactics are quickly emerging in peer-to-peer and sharing-economy platforms — from Uber or Lyft rides that never actually happen to Saturday afternoon Venmo or PayPal transactions that turn into Monday morning nightmares. The fact is, the same technologies that streamline operations can be used to rob businesses blind. Delighting users can be both brilliant, but tricky but when building new products you cannot and should not sacrifice security in the build. If you do, you’ll either sacrifice your brand or never achieve anything but a sullied reputation.

Identity Credentials Now a Dime a Dozen… or Less

In a post-breach world, it’s inevitable that there is downward pressure on the cost of personal identity records. A recent study from Google shows that in just one year, nearly two billion login credentials went up for sale on dark web forums. And with “fullz”—a slang term used by credit card hackers and data resellers meaning full packages of individuals’ identifying information—now only fetching $10 a record, social security numbers, birthdates, usernames, passwords, challenge questions and more could soon come cheaper by the dozen which means volume will be the driver and more breaches will be inevitable if digital identity is not part of your product roadmap.

Responsible Product Builds

In emerging economies, nearly one billion people who’ve never even owned a bank account will soon find themselves managing their entire financial lives on mobile devices. In advanced nations, young consumers are embracing a host of new connected devices and otherwise savvy seniors are venturing online without a thought about privacy or security. These and other vulnerable populations will prove tempting targets to cyberthieves.

Those developing products with financial transactions at their core owe it to their users to reset boundaries when it comes to digital identity (check out our interview with Andre Boysen of SecureKey) to keep both their customers and their brands safe.

———————————————

Have a question about digital identity and a fintech product build? There’s more to come in future TWG newsletters. Sign up here.

Keep Reading

Five Things You Need To Do To Prepare Your Ecommerce Site For 2018 Holiday Sales

Nov 11 • 6 min read

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
personalization_id	2 years	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
_gat_UA-78951495-1	1 minute	No description
_hjAbsoluteSessionInProgress	30 minutes	No description
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 9 months 2 days 8 hours 3 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.