Trust is Everything in the World of Digital Identity
Posted November 21, 2017
In this episode Armen is joined by Dasha Cherepennikova, Chief Strategy Officer of One World Identity. They discuss the importance of trust in the new age of digital identity.
Armen: Hello! Welcome to Digital Identity 360, I’m Armen Najarian your host. I’m actually on location here at the Digital Identity summit in San Francisco, and I’m sitting here with a guest, Dasha Cherepennikova, from One World Identity. Welcome to the show, Dasha.
Dasha: Thanks so much for having me!
Armen: Really appreciate you spending some time with us here. So Dasha, let’s get right into it. There’s been a lot of large-scale events that have taken place in the identity and data space over the past several weeks. These are things that are not unprecedented. These issues have been happening over the years, but it just feels like this time around more than others there appears to be heightened level of awareness and sensitivity, particularly at the consumer level, certainly at the business level. I’d love to get your thoughts from the One World Identity perspective of how you see that playing out, and why this more heightened level of sensitivity now than ever before?
Dasha: I think that’s a great question. One of the things that we’ve thought about from an Identity perspective … We said that identity, as we know it is broken today. On one hand we have over 1.1 billion people globally who actually have no verifiable identity, no legally recognized identity. On the other hand, like you said, in the events of recent weeks, we have a lot of data breaches, so for those of us that do have a verified identity, what we’re finding is it’s increasingly difficult to use it because it might be the fraudsters that are actually using it. I think enterprises have been struggling with this as well for things like synthetic identity.
You’re absolutely right in that I think that the events of recent weeks have really made it so that this is in the forefront of the everyday consumer. What we’re seeing is that mainstream media is really picking up this story, so I think now not only are we at this inflection point in the industry, but at a time when consumers are really watching us, and I think that’s important.
Armen: Clearly consumers are watching us, and I think a lot of different entities are watching what’s happening. I think the question I would have is, in light of that, in light of that all eyes are on the broader data and identity management space, what actions are you suggesting, if any, from your perspective on measures businesses can take, or vendors like ThreatMetrix and others in this space should be taking to address and recognize this heightened sensitivity that now exists?
Dasha: Absolutely. I think that’s a great question. We see the sensitivity from regulators in Europe, we see it from everyday consumers here in the US, and I think that one of the things that we as an industry, as an identity industry, need to think about is: How do we regain trust? Right now we’re in a position where a lot of people are questioning what we’ve been doing and what we’re proposing to do. So how do we articulate to consumers that personal data isn’t necessarily bad? There are plenty of times when I have a great attraction with a company online, and I share some data because I get something back out of it. If I’m applying for car insurance I want them to know I’ve got a clean driving record, knock on wood.
Armen: Save a little bit of cash, right?
Dasha: Save the cash, exactly! So in that situation, we really need to make sure that we’re getting the trust of the consumers back, so I think about from three standpoints. How do we ensure that the data that we’re collecting is relevant, that it’s transparent to the consumer, and that it’s accurate? How do we as an industry show that we’re good stewards of this? I think that’s the call to action, and I think that’s going to be what’s increasingly important, for us to get both the trust of the consumers and to make sure that regulators are comfortable with what’s happening.
Armen: So trust is a huge issue?
Dasha: It’s everything.
Armen: It’s such a big issue; the theme of this summit that we’re sitting at is the Currency of Trust. When we thought about that theme a year ago, clearly there had been other large scale data breaches, but from our point of view, it’s the identity itself, and the richness of the connections and all the attributes associated with that identity, that empowers businesses to make really important decisions in a confident way. To operate their digital businesses because they have the confidence, knowing that the identity of the person knocking at their door, or attempting to open up a new account, or make a login transaction, or a payment transaction, they have the confidence that they know who this person is. So it all is built on trust, in the large-scale community, the vendors like ThreatMetrix, the providers of data out there, the regulatory authorities that are all looking out for the best interest ultimately of the consumer.
With that, the question I’m driving towards is, there’s this ever-challenging balance to make, between driving a trustworthy and secure experience with a transaction, yet also providing a good customer experience. That delicate balancing act, basically keeping the bad people out and letting the good people in with minimal friction. How do you react to that when you think about the role of trust with this balancing act that we know exists across the industry?
Dasha: I think first of all it’s great for job security, because we find new challenges in every space. That balancing act is certainly one that I think about a lot. I think about it with four factors. I think about privacy, security, user experience, and cost. What we find is we can build a very very secure solution. The problem is it’ll be so hard to use that none of us can get in, or it’ll be so costly to deploy that none of us can get in.
I think every organization needs to be aware of where they actually measure all of those when we think about improving. A lot of people talk about improving the user experience or improving security. They talk about, “Is this a trade-off?” I think one challenge that we have is first we have to measure it. We have to quantify it in some way to be able to say, “Are we moving the needle forwards or backwards?” I think that’s something that we’re starting to do more of as an industry, but I think first quantifying and really understanding the problem before getting into the solutioning is something that I see happening a lot.
Armen: I think it would be helpful for our audience, and I should have done this up front, if you could just introduce who One World Identity is, and the role you play in the industry.
Dasha: Absolutely. We provide independent research, consulting, and events, just about identity, so we’re really excited to be here today. One of the things that we’re really passionate about is bringing people together to solve this problem. What we find is that we need a shared vocabulary, we need cross-sector collaboration, and we need to connect people to each other and to experts and resources to really move this forward.
Armen: Excellent. From where we sit at ThreatMetrix, we are excited that an organization like One World Identity now exists. There’s such a void in the space, of an organizing body, a standards body, that’s helping to shape a common point of view and frameworks … That will hopefully help propel this space as a whole and drive the adoption in a meaningful way to bring that balance that we’re talking about between security and great customer experience.
Shifting gears a little bit, we’re here live on the floor; you can see the background commotion-taking place, as we’re setting up and the loud audio. You’ve been here now for a half of a day at the Digital Identity Summit, which formally kicks of tomorrow. What are your thoughts, what do you hope to get out of the next couple of days?
Dasha: I really want to hear from more folks who are battling these challenges, to hear what’s keeping them up at night. That’s usually my favorite question to ask, because what was keeping people up at night yesterday isn’t the same thing as it was two weeks ago, and certainly not the same thing that it was last year. That’s an area I’m really excited to learn. I think in general, looking at that cross-sector view. What’s unique about this event, looking from the list of folks you have participating, it’s organizations large and small and that really represent a wide variety of people who have these problems. That’s always a great place to be in, to hear that voice of the user from all of these different folks. That’s personally what I am most excited about.
Armen: Good, well I am confident having taken a very close look at the agenda that you’ll see a lot of points of view that are very consumer-centric in perspective. How does that consumer-centric affect decisions around policies with identity and deploying globally versus locally, and having policies at three different segments, and what are the outcomes that people expect in the metrics? You mentioned metrics in your comments just now. I would be curious — when you think about metrics, do you have a shortlist of things that you would recommend people like ThreatMetrix and others in the industry pay attention to in thinking about what makes for an effective digital identity solution?
Dasha: I look at it from the lenses, again, of privacy, security, cost, user experience. Most of us are probably used to measuring cost, those of us who have a budget at all to maintain. User experience is something that folks are increasingly measuring and understanding. Cart abandonment rate in e-commerce spaces, things like that. What’s hard to measure, to be perfectly honest, is the security and integrity of systems. Historically a lot of times we’ve felt we’re building something that’s really secure, and it’s secure until it’s not. There I challenge folks to actually think about measuring, what is their response? Whether it’s to a privacy incident or a security incident, it’s about how prepared are you really. That’s also really important. Having the systems, the organization in place to do that crisis response, also to think about how do we keep challenging ourselves in that, measuring where we are.
Armen: Great. From a metrics perspective, in addition to what you mentioned, how do you lower the false positive rate, and lower the false negative rate? As a starting point, that’s not an all-inclusive set, but as far as driving that good customer experience, knowing definitively if you’re dealing with someone that’s less desirable, as far as their risk, keep them out or put them into a review cycle. Someone who’s consequently not posing a threat, to let them in with minimal friction.
Dasha: It’s kind of almost like the needle has swung in the opposite direction. I’ve heard some stats recently that good user declines are actually about 10x of the problem of false positives when you let people in, so our false negative problem is actually significantly larger. I think for businesses, especially young ones that are starting out and trying to acquire customers, that customer insult can really have an effect. So, I think that what you mentioned with the false positives and false negatives is really important.
Armen: It is, and as we say, every business is a digital business so really this applies to really everyone in the market, anyone who has a shingle out there can relate to these issues.
I am getting a signal from off stage that our time is up, and so I sadly must end this discussion. Thank you Dasha Cherepennikova from One World Identity, and again this is Digital Identity 360 live from the Digital Identity Summit in San Francisco. Thanks very much for joining us today.