The conversations about digital identity and how to secure it have never been more active – or more necessary - prompted recently by any number of news reports related to the compromise of a consumer’s identity in a digital environment.
There were the reports a few weeks back of Starbucks being “hacked” which turned out not to be a hack at all, but rather fraud perpetrated by crooks who had access to consumer card credentials and used them to create accounts used to, well, stay caffeinated, I suppose.
Then there were the reports that taxpayer information was stolen from the IRS using a standard request for taxpayer form and stolen credentials - name and social security numbers from other hacks. One hundred thousand households now have the privilege of knowing that crooks know not only how much income they earn, but their bank and investment account numbers, and how much is in them.
Of course, this follows the news earlier in the year of the Apple Pay “hack” which, like Starbucks, wasn’t a hack at all, but account takeovers thanks to the availability of cardholder credentials made possible by the retail POS hacks that happened in late 2013 and over the course of 2014.
Passwords, as the way to “secure” access to sensitive data aren’t cutting it any more. Not when the number of digital outlets that require them are proliferating and consumers, in response, use easy to guess passwords over and over and over again. Enterprising crooks get it right once and they have access to a consumer’s digital identity for many other things.
Naturally, enterprising innovators are working overtime to try to address this problem – and devising a number of novel ways to create and protect a consumer’s identity digitally.
Some are turning to the blockchain and developing blockchain-tied profiles. Others are innovating with biometrics, including facial recognition, a tactic that does not seem to pass muster with banks in China. More are leveraging Apple’s TouchID to enable access to payment capabilities as a way to authenticate a consumer. And even more are looking beyond payments to an area where the sanctity of consumer identity is even greater – healthcare – and how to quell consumer fears over privacy security while remaining compliant with HIPAA and other regulations that prohibit the sharing of data about a consumer’s medical history.
Investors are fueling this mission as well, pouring tens of millions into startups in an attempt to develop the “winning” solution that keeps consumer identity safe in a digital world, without introducing friction in the process – to either the consumer or the provider of the solution or service.
All of this also fuels the debate over where to start the process – and where we’re most vulnerable - and who is best positioned to enable the delivery of a secure digital identity. At the moment, it appears that regardless of where we turn, there’s a crack that the bad guys have found with which to wreak havoc. It’s also why so much of the activity today is in the “transact” ring of our ecosystem – it’s where the detection of the fraudulent use of a consumer’s identity can be shut down. Moving into the inner circle, however, where we begin to “generate” those identities is where it also seems the smart money is moving. A longer-term, but necessary, play.
Until next time,
CEO | Market Platform Dynamics
President | PYMNTS.com