Turning Digital Identity Data into Actionable Intelligence
Posted July 26, 2018
In this episode Frank is joined by Julie Conroy, Research Director at Aite Group. They discuss how understanding digital identity data is key to enhancing customer transactions.
Frank: Hey everybody. Welcome to another edition of Digital Identity 360. I’m honored to have Julie Conroy from the Aite Group here with me today, and we’re filming from Paris at our Digital Identity Summit for 2018. Julie, thank you for being here.
Julie: Thanks for having me.
Frank Absolutely. Julie, you and I were talking earlier about kind of the proliferation of digital identity and what you’re seeing within your customer base. Can you talk a little bit about the trends you’re seeing as it relates to digital ID?
Julie: Sure, sure. We spend a lot of time talking to financial institution executives, eCommerce merchant executives, telecoms, about how they’re securing transactions.
Julie: Because right now we’re in this kind of unbalanced chess game where there’s so much data out there, the pace and the automation of attacks is so fast that it feels like for every three moves the bad guys get, the good guys get one.
Julie: And that’s just not sustainable.
Frank: Yeah, for sure. Yeah.
Julie: I think one of the key strategies to address that, that I’m seeing is, knowing that they’ve got all our credentials, they’ve got all of our identifying information, it really is up to us to merge that traditional identity data with this vast amount of digital identity data that can help us really better understand is this our good customer, is this a bad guy, and take the appropriate actions to either clear the path and remove the friction for the good customer, or stop the bad guy in their tracks.
Frank: Yeah, it’s so interesting. So our digital identity concept is starting to take hold in our group. In Europe this year, based on our Cybercrime Report, the vast majority of attacks are now vectored towards financial institutions. Makes sense, that’s where the money is.
Frank: And identity spoofing is the number one attack as it relates to payments, but also to new account openings. So I think this concept of the stuff’s already out there, is manifested clearly in what we see, right?
Frank: I’ve already got Frank’s credential, I just try to bank it through with different institutions, and see what happens. How are you seeing AI and some of that machine technology kind of help solve that problem?
Julie: Well, I think AI is really helping to enable this concept of digital identity, because we have so much metadata out there about how consumers are transacting, where they transact, what are their devices, what are the good email addresses, bad email addresses, that for years we’ve had that, but it’s been really hard to harness it. But with machine learning, with the ability to better understand this unstructured data, structured data, we can actually turn all of this data into some actionable intelligence.
Frank: Yeah, and that’s key, isn’t it? We do 110 to 120 million transactions a day. How do you manage that tsunami of information, right? Especially when, as you said, the trick is I don’t want to turn the screws so tight that people leave. So it’s a friction problem because the customers these days, especially millennials, we’re seeing abandon brands like crazy.
Frank: Right? I was reading a report in the US that millennials are twice as more apt to dump a bank and go to another bank than we are, because we’re tied in and go, “Wait, this is my bank.” So in that world, you’re right, it’s a force multiplier. The technology comes in, kind of helps me get it done. Which leads to our other conversation on GDPR, because now you’ve got constituents that are worried about protecting their data. What are you seeing in the GDPR world?
Julie: I’m seeing a lot of consternation about GDPR.
Julie: I think it’s kind of like our new Y2K. There’s a ton of activity going on. I think it’s going to be like Y2K also that once we get past the deadline, consumers aren’t really going to be coming en masse to exercise the right to forget.
Frank: That’s right.
Julie: We have to be able to support it, but at the end of the day it’s in consumer’s interest to be remembered because that’s what’s going to facilitate good experiences for them.
Frank: Absolutely. You and I were speaking earlier and it’s really interesting, if I’m the bad guy, I want to be forgotten. So the people that will opt in … In fact, it’s interesting, I think there might be an interesting rule that says who opted out, right? Who wants to be forgotten? And that’s probably your bad guy. That’s the black list guy, but you’re right. The other thing we’re seeing, and you and I talked about it a little bit, was just the operational cost for our customers to be compliant and it’s driving a lot of money. How much are you involved in kind of seeing the deployment of that, or in strategically guiding your customers, and kind of what’s their view generally of GDPR?
Julie: We get a lot of questions about GDPR. Does it apply to us if we’re not in Europe but we’re transacting overseas, but we’re transacting with a French consumer?
Frank: That’s right.
Julie: What do we have to do? There’s a lot of confusion out there. And there’s also a lot of folks looking out on the horizon saying, “Okay, Australia is coming next, and then it looks like Canada’s coming after that. What do we have to be doing and thinking about to be able to go from GDPR, to Australia’s version, to Canada’s version? And it all comes down to having a new view of identity, and how you manage that identity. It has to be central.
Frank: Yeah, it’s interesting, if you look at our large global network, and by the way, you talked earlier about the fact that we’re bringing physical attribution now to digital identities. This is the whole LexisNexis® Risk Solutions combination with us is, I know Frank’s digital ID, I know that Frank is … his credentials are being used on four different machines, three different continents, over two different times zones. Probably been hacked, right? A big problem. It would be really interesting to know, hey, Frank’s applying for a loan somewhere, is he really … does he really live at the address that he claims to live at, and have that physical attribution? What are your views of that combination, and how seamless it may or may not be to start bringing digital attribution and physical attribution together?
Julie: Well, that’s kind of the holy grail that the industry has been working towards for a long time is, yeah, the bad guys have all of this static stuff, so can we marry it with all of this digital data, bring it together so we’re not looking at it in isolation to really understand is this Frank, is this the way that he transacts, so that we can enable a good transaction, or stop a bad one. The other component of that is having the ability to share intelligence, and have … because the bad guys, these organized crime rings, they’re not just targeting one merchant or one bank, they’re coming against all of us. And so if we can share intelligence about good consumers and the bad guys, that can enable better transactions for everyone.
Frank: Yeah, and you know it’s so interesting, they are targeting us and they’re incredibly patient. So we saw a billion bot attacks stopped in the US, 80 million stopped in Europe in Q1 through our network. And it’s interesting because I think what they do is they hit it, it’s the kind of fast attack, and then they wait six or eight months, right?
Frank: If the credential tests well, they wait six or eight months, then they come back, and they monopolize or use that credential. So I think that ability to share is very cool. I’ll hit you with a curve ball here. We’ve been working really hard on a consortium with our UK banks, where they’re agreeing to share info. Are you seeing anything like that, maybe state side or anywhere else where your customer is saying, “Hey, we’d like to be able to more freely share information without fear of competitive threat, but we think by sharing we can get a better handle on these bad guys?”
Julie: Absolutely, collaboration is key.
Frank: Yeah, for sure.
Julie: There’s a saying among a lot of the banks that I work with that fraud is not a competitive issue.
Julie: We should be sharing information so that we can try to even out this uneven chess game.
Frank: That’s right. Yeah, because they’ll hit one and then the other, so ultimately they’re all in the kind of cross hairs of the bad guys.
Julie: Well, especially when they’re playing the long game. We’re seeing as they set up these synthetic identities, they’re nurturing these things for an average of 18 months.
Julie: So we’ve got to be sharing the data to get a step ahead.
Frank: Absolutely, think of the benefit of 18 months, right?
Julie: Oh yeah.
Frank: I mean they can monopolize that big time. So everybody, thanks so much. Julie Conroy, Aite Group. Fantastic time. Power to Predict is our theme this year. I predict that if you reach out to her team, you’ll have some fantastic subject matter experts to kind of help you navigate these choppy waters. Thanks everybody, from Paris. Thank you very much.