To get to a true digital-first economy, to have credentials in place that can be used across a variety of online activities and settings, online identity verification must be bound up with authentication.
And that must be at the very start, Robert Prigge, CEO of digital identity verification firm Jumio, told Karen Webster in an interview. He noted that the pandemic has accelerated the embrace of all sorts of technologies.
On the consumer side of the equation, individuals have become more willing to use new weaponry in the fight to safeguard their data and identities, he said.
“There’s more of an understanding that when you are using your actual ID and your selfie, you’re really protecting yourself because these things are so much harder to fake,” he said.
He noted that the willingness to use biometrics and high-tech lines of defense against hackers comes as the pendulum has swung fully — and pretty much everything is being done from home and over mobile devices.
PYMNTS research across 15,000 consumers bears out the inexorable rise of the connected economy and the great digital shift. As many as 75 percent of consumers have bought retail items online over the past 12 months; 85 percent have paid bills online.
We’re well past the point of just banking online and opening new accounts through digital conduits. As Prigge noted, nowadays, we’re getting food delivered, alcohol delivered — and in many cases these and other services need to verify users’ ages and identities. Social media networks increasingly need to know that the folks posting are real people. We’re headed, in leaps and bounds, toward COVID-19 vaccine passports.
Two-Way Street Of Acceptance
The growing embrace of digital identities, said Prigge, has been eased by a two-way street of acceptance — indeed, critical mass. Companies want to make sure they are transacting with legitimate parties; consumers have gotten used to having their identities verified and scored hundreds of times, even thousands of times, through the past year and a half.
But the movement toward verifying identities with facial recognition technologies and imaging has its challenges, he said, spotlighted by Jumio’s own experience of verifying more than 1 million identities per day. As Prigge stated, any tech deployed in the service of identity verification, and the companies deploying them, need to be cognizant of the fact that facial structures, demographics and other attributes vary widely around the globe.
The verification industry at large, he said, has not really understood how far they still have to go on that front that they work with small data sets in general. Many firms still tend to go the cheaper route and rely on databases for matching. That’s an ineffective strategy because the database strategy doesn’t really tell the company whether the person sending in details is genuine — or merely a fraudster trying to impersonate a genuine customer.
At a high level, he said, identity verification/establishment is indeed separate from authentication. At the very initial stages of the relationship — let’s take banking as an example — the verification is the key focus and tends to be the purview of the business itself. Authentication is tied to authority/security concerns and tends to be focused in a bid to prevent account takeovers later down the line during the relationship. Budgetary concerns, particularly among smaller firms, tend to foster this mindset.
“What you really want to do at onboarding is know exactly who you’re dealing with,” Prigge said. “You bind the biometrics to the ID at that point in time, and then it’s easier to reauthenticate them later.”
Done in any other manner, he said, where the company separates authentication from onboarding, well, that’s a window of opportunity for fraudsters. Companies run the risk, with that gap in place, of onboarding the real person, and then having the bad actor sign up and take over the account. And then when they “re” authenticate, it’s still the bad actor.
We’ll need to crawl before we walk, he said, as certain verticals — healthcare, for instance — move toward establishing digital credentials, complete with biometrics, that can be leveraged across a variety of use cases. To get there, providers are going to have to solve the “last mile” problem, where it’s the data that count most of all and make a difference.
As he told Webster, it’s relatively easy to build a centralized identity. The problem is with a nod to the information used to construct and verify that ID, “if you’re letting garbage in, it’s garbage out, and so you cannot trust it.” Against that backdrop, companies have been shifting their security practices to include documents as well as voice and facial biometrics.
Interoperability will remain a challenge, but starting within the U.S. is at least a beginning, he said. There’s no reason why California, Illinois and Vermont should have different standards when it comes to gaming regulation, for instance — and no reason at all why they should have different and conflicting security laws.
Of that drive toward standardization of digital IDs and verification, he said, “You’d be pretty hard pressed to find a vertical that’s not well on this road or already there. The journey on that road has been accelerated, and we have got plenty of room to grow.”