February 20, 2019
Reimagining Physical and Digital Identity
Posted November 15, 2018
In this episode Frank is joined by Kim Sutherland, Senior Director of Fraud and Identity Management at LexisNexis Risk Solutions. They explore how getting a truly comprehensive view of identity involves looking at both physical and digital aspects.
Frank: Hey everybody. Welcome back to another edition of Digital 360. We are honored to be coming to you from the beautiful Terranea Resort in Los Angeles, having concluded our Digital Identity Summit, and I am super proud to have Kim Sutherland, who is the Director of Fraud and Identity, at our parent company, Risk Solutions. And Kim just did a fantastic keynote on identity. So Kim as I think about it, welcome. And let’s get into it.
Kim: Thank you.
Frank: Good to have you.
Frank: Now Kim, one of the things you said that was really interesting to me was this idea of how identity has morphed from really a static, you know, government based documents that we know aren’t helpful and useful anymore, to this kind of fluid concept that includes my assertions about my identity, my behavior, the validation and proofing you’ve done. So maybe talk a little bit about your view on how our combined kind of solutions of physical and digital identity help inform that construct and flesh it out.
Kim: Yeah. So I really think that identity is continuous now. I think it’s a leveraging, the device you’re using to assert your identity. So to me, a driver’s license for example, is actually still a very good identity document. But it’s only good if you’re going to authenticate that it’s real. If you’re going to be able to look at the biometric, so looking at the face and then doing biometric recognition there. And then also figuring out, did it come from a safe device to start out with? And then starting to tie in all of those different digital attributes to see if that person exists in the physical world, and in the digital world.
Frank: You know what’s so interesting, I think you’re exactly right, so I’ve been fond of saying that online only, four things matter. The first thing that matters is the method of interaction with the digital world. And as you just said, that’s your device. In a real sense, the device is the new social security card, or driver’s license in the sense that it becomes the repository of identity. Right? The next thing that matters, and this will resonate with you giving all your email accounts, but the next thing that matters, stitching together your identity. In the real world, you and I have just met. You’re Kim, I’m Frank. Our identities are known to us. But in the online world, you could have 13 different identities that deal with coupons, and spam accounts, and kids’ alma maters, and those kinds of things. And so, stitching together those identities in a way that they’re validated is the second ingredient that matters. Then the third thing that matters is how you behave in real time. Because you know, Frank’s a good employee til he’s not. Frank’s a good internet citizen til he’s not. And so that behavior’s fluid, and then finally, and I think this is where our combined view of the world is so powerful, taking how you interact, who you are, how you behave, and correlating that to known threat vectors. Right? So to your point, if those originating documents are compromised and flawed, having a broader view of how those credentials behave is super cool. I know you finished saying you were excited. I think I’m equally excited. How do you think our customers will react to this idea of a broader identity and the fact that we effectively become the custodian of identity?
Kim: Well, I think that personas are fractured, right. Identities are not. An identity is a holistic amalgam of all those fractured components, right. So if you only had fractured identities, that would be kind of schizophrenia. So I think our customers are in a schizophrenic world right now. And having us together really does bring sanity to the whole picture around identity.
Frank: Yeah, so true.
Kim: So now they can look at things in a much easier way to look at the whole consumer, to really assess their risk and then have a better way to manage it in their company.
Frank: I think you’re entirely right. One of the things Kim that was interesting in this conference, one of the emblematic themes, certainly from those that were infrastructures, so those that are building infrastructure kinda deals, was that there oughta be government intervention, that government should establish a standard and then from that you move on. And Neil, from Interact talked about DIAC, others talked about identity vaults and things like that, but what’s interesting is, the problem with that in my mind with that model is that identities have to travel globally. And so, I have to be in a situation where I can authenticate and recognize that individual irrespective of point of origin or geography. So, talk about that kinda conflict between having a standard setting body that’s large and imposing, versus I think what we built as a combined company of this commercially based behavior based fluid identity.
Kim: Yeah. So since 2011 I’ve been involved with a lot of White House initiatives around fraud and identity, and the good news is that most of the time, those initiatives were not solely U.S. based. It was really important to know what was going on in the U.K., or even a country like Estonia to be able to look at all those different identity trends. So I mean I think that the concept of identity and how we develop solutions have to be global. The different attributes might not be the same in every country, but being able to look at things like mobile device, mobile’s
global. Email is global. How we interact is universal. So, those types of things are really important to make identity not just a domestic viewpoint.
Frank: One interesting distinction between our companies is that nobody in ThreatMetrix gets near the White House, they just won’t let us. So congratulations on increasing our pedigree.
Kim: Yeah that hasn’t happened in a couple years, that I’ve been involved.
Frank: Well there ya go. Hey one closing thought, that I think really speaks to the point you just said is that you know, the market I think, really dictates what the need is. And the velocity of commerce and the way things are changing, you mentioned mobile device, on how important that is as an anchor for all the other identity attributes and behavior. I think this problem gets solved in terms of identity not just as it is today. I loved your presentation where we were, where are we headed. But, I think we all recognize identity begins to morph and change right.
Frank: And I think this problem gets solved by virtue of the fact that we have so many touchpoints that we can bring to bear. One touchpoint that I was thinking about during your presentation is, think of how you strengthen identity by associating it with things that are now connected in your home.
Frank: It’s almost unspoofable in a sense that if I know that you’re at Frank’s kitchen, and my microwave’s talking to the internet and I can use that microwave as a frictionless point of an additional identity marker, because it’s very unlikely that somebody’s gonna be able to spoof both my mobile phone, my IWatch, and my microwave. I think the benefit of this combination is that we begin to solve the identity imperative in a way that’s extensible. We always talk about that in software, making sure we’re extensible. What are your views about that just the power we’ll have to kind of continue to adapt to those modalities?
Kim: Well actually I think you’re thinking like a fraudster. And here’s why.
Frank: Thank you. That’s why I can’t get near the White House.
Kim: Here’s the issue that really smart fraudsters, they will tap in online to see if you’re using your energy sources. So they’re gonna see are your utilities used right now? ‘Cause that means you’re at home. Being able to pay attention to those things within the house, the internet of things is really changing how we all interact. So if I see that your heartbeat is moving faster than normal, maybe you’re out running. If I can tap into your watch. So being able to use as many different data points to prove my identity is important, but also understand that fraudsters are really quickly evolving, so they’re trying to use as many data points as well.
Frank: Yeah. I think that’s so true. And I think it’s refreshing to know that as organized and as well as they communicate, that there’s guys on our end, our combined companies working to help strengthen that trust ability on the internet. It’s such a pleasure and honor to have you. I think, having listened to your presentation and spend some time together, just really encouraged by the degree of subject matter expertise that we’re bringing to solve this problem. And you know, our theme here is the ‘Power to Predict’.
Frank: And you close with that in your presentation. My view is that, and I think it’s gonna be a prediction that comes true is that LexisNexis and ThreatMetrix together are going to disrupt identity in a way that’s profound, and we’ll look back in a bunch of years and go, wow this was the inflection point.
Frank: Where we were able to do that.
Kim: We’re using the tag right now, identity reimagined. And I think that we are taking identity to a new level that hopefully people haven’t even thought. When you bring these types of attributes together, these types of analytics, and platforms, that you really can solve this problem much better, and much faster.
Frank: Awesome. Kim, thank you so much. Such a pleasure.
Kim: Thank you.
Frank: Thanks for joining us. Guys, from the Terranea Summit, Kim Sutherland from LexisNexis Risk Solutions. Her mandate there and her purview is digital identities and identity in general. So thank you very much Kim.
Kim: Thank you.