Continuous Authentication for a Changing World
Posted November 1, 2018
In this episode Frank is joined by Lakshman Kannan, a Partner/Principal at PwC and Ian Mitchell, Principal of Fraud Technology at PwC. They discuss the power of authenticating customers in a seamless way, which makes them feel secure without adding unnecessary friction.
Frank: Good afternoon everybody! Welcome to another edition of Digital Identity 360. Coming to you from the beautiful Terranea Resort and our DI Summit for 2018. One of the really profoundly cool deals we have here is the incredible partner system, we have an ecosystem, and one of our great partners is PricewaterhouseCoopers and they’re a fantastic organization. We rely on them as LexisNexis and ThreatMetrix to guide and inform us in many ways. I’ve got Lakshman Kannan today from the Financial Crimes Unit and Ian Mitchell as well. We’re gonna chop it up a little, but just on a couple of issues related to identity and friction. So welcome gentlemen, good to have you.
Lakshman: Thanks Frank!
Frank: Awesome! You know we were just talking before the podcast started that this interesting idea of who owns identity, right? And so give me your thoughts on how you think that winds up?
Lakshman: My thought is it’s gonna be eventually owned by the government, right? If you look at who issues your social security, who issues your driver’s license, passport, it’s all by the government, that’s the one. I cannot fire the CEO of Google, but I can make sure not work for the same current administration, so I think that’s the direction it’s going. David also talked about India taking the step forward. There are definitely questions whether government is equipped, but funding-wise it’s there. It’s trusted by the people, at least in democratic countries, they work for them.
Frank: It’s such an interesting concept as we discussed. You had this really interesting dynamic tension. On the one hand, you have the market dictating because of the velocity of commerce. You’ve got companies that are saying, “Look, we need to have a ubiquitous identity that’s trusted.” And on the other hand, you have governments that are so reactive, and many times so behind. What we’re seeing in our world is that the government interaction at this point is throwing up constraints over privacy, but not really understanding the imperative for this global identity. And then the other thing that is so interesting is, what matters most online, and David did this in his presentation today, is there is some predicates for authenticating people that are becoming more and more important because of what we do. The challenge is, your right, someone needs to own it and centralize it. I think our view is the market will begin to inform the identity. And that the identity begins to be shepherded and protected by government agencies. But at the same time, it has to be fluid enough to allow for commerce to do its thing. Ian, this leads me to a question to you. One of the things that you are going to find throughout this conference is this ongoing challenge between too much friction, which means it slows down on-boarding, versus I’ve got to have some friction because I’ve got bad guys. As we this mornings session. There aren’t cyber criminals rampantly running around attacking these institutions. So, maybe your thoughts on that friction.
Ian: The way I look at friction, thanks Frank, the way I look at friction is it’s one of the four main fraud risk factors. So we’re obviously in the game of stopping fraud and stopping criminal activity, right? So you have the customer experience being an important one. You have the revenue generation and the opportunity there, and the regulatory components. And honestly, authentication and verification fit all four. The dynamic you’re bringing up though is interesting ’cause it’s a balance you’re striking. What you need to do is make sure that, one, you’re stopping the major fraud events. You have the right infrastructure in place. But secondly, what you find is the friction placed in the right places actually facilitates growth. It facilitates revenue. So, I think that’s the dynamic that we’re beginning to understand more as an industry. How to find that balance, how the right amount of friction can facilitate new account relationships, facilitate new functionality within mobile apps. And so I think that balance is what institutions are needing to use technologies like ThreatMetrix, other risk platforms and risk engines to really get into the enablement mindset of run authentication. But lastly what I’ll tell you is, too little friction, so too much friction gets in the way of business. Too little friction though, we’ve seen and experienced that too little friction actually makes customers feel insecure. So that lack of security, honestly it does the reverse.
Frank: Yeah, you’re banking and there’s no friction. What’s up? Right?
Ian: So it’s a crazy balance we’re trying to do. Facilitate growth, stop the fraud guy/bad guys, but not put everything so behind the scenes that customers aren’t feeling secure. So, that right amount of friction, it is a balance and it is something that each organization needs to find that right balance for them. But it’s beautiful…I mean authentication, verification, all these are great weapons for us to fight financial crimes.
Frank: It’s so interesting, both of you are an in important space with tremendous customers and clients. What we find is that it has to be continuous authentication because everything changes so quickly. You had mentioned that India has done a great job, and they have in the sense that they’re very forward looking in terms of identifying the populous. Whatever the reasons were, taxes weren’t being collected or whatever, they finally got there. It’s interesting, you know, customers like Flipkart, which is one of the largest growing e-commerce companies in India, I think they do expect some friction because that’s the culture they’ve grown up with. I think what we see, and I think it’s a little bit of a “red herring”, is that friction is bad, and I think friction is bad because customers will abandon and I don’t think that’s true. You said it, in some degree of friction, they feel comfortable and secure.
Ian: You’re dealing with financial transactions. I mean, there are countless examples of when friction is expected. Right? It’s up to us as risk managers to go and put the right friction in the right places to facilitate the right transactions.
Lakshman: I think the key thing with right, to make certain transactions go frictionless, right? Uber is a great example. I didn’t know that paying a cab at the end of the ride was such a painful, until I experienced Uber. Let’s get out and don’t have to worry about whether they accept credit card. So the key thing is, I totally agree customers expect some friction, but the organizations need to have the ability for certain transactions, certain customers, to go through without friction.
Frank: This is such an interesting comment because the Uber experience is emblematic of two things. One, they’ve done the proofing and authentication up front. So when you get in the car and drive away, here’s what’s beautiful of their friction or limited friction but still some touch points, you get out of the car but you rate the driver. So you’ve got this feedback loop that’s so important because you as a consumer feel comfortable that you are in a trusted environment, with a trusted app, with a trusted driver, and they can do a feedback loop. So in that case, they’re comfortable and engaged, limited friction, some a little bit when you sign up, but they’re able to use that as a feedback loop.
Ian: I’ll tell you that’s the beautiful part about doing banking in a risk management, fraud risk management, in this environment. We have customers wanting to be on both sides of the transaction. One, they’re wanting to facilitate. Also they’re wanting to feel secure. So we’re in this exciting environment where we have data, we have tools, we have infrastructure. We can use risk principles to manage that experience. We can feed that expectation of feeling secure, but the expectation of also not being inconvenienced.
Frank: Yeah, it’s interesting gentlemen, there’s a term we use here, disrupting identity. Sometimes it’s cliched disruption, but the reality is, identity is being disrupted and changing. We are profoundly grateful for our relationship. Thank you for coming to the Summit. Folks, PWC absolute luminaries and leaders in this field. Thank you gentlemen.
Lakshman: Thank you.
Ian: Thank you, Frank. Appreciate it.