The basic rule of personal security has changed little since ancient times: A person’s home — or hut, cottage, hovel or flat — is that person’s castle, the main location where relatives and valuables are secured from nefarious forces outside the door.
Not any longer.
That’s according to Tony Ball, senior vice president and general manager of identity and access management for Entrust Datacard, during an interview with Karen Webster for the PYMNTS “Economy of Trust” podcast series. During the second part of their discussion about trust in the digital economy, Ball made the case that, with identity driving so many financial transactions, consumers should worry more about protecting their personal data online than physical possessions inside their houses.
People spend money on home security systems because “we thought that’s where we were most vulnerable,” he said. That outlook held true for centuries. “With identity being the new currency, that is not where you are most vulnerable. If anyone is going to make a fortune around you, they will make it online, and they will make it by compromising your identity.”
Before getting to the full implication of what amounts to a major societal change, it pays to step back and view identity and trust from the perspectives of banks and their customers.
It’s all but cliché to point out how firmly the modern economy is anchored to mobile and web technology. But to hear Ball talk, one realizes that no matter how masterful consumers have become with online banking and shopping, or how digital has become deeply ingrained in daily commerce, financial institutions and their clients still bumble around when dealing with online trust.
As an example, take the common annoyance of having a transaction blocked — maybe at an ATM in a foreign country or when trying to buy an expensive item from a big-box merchant. The issue of online trust permeates those actions. Ball gave credit to the financial institutions that use risk management technology to analyze digital footprints and other behaviors to reduce the friction that slows or prevents out-of-the-ordinary purchases and cash withdrawals. Such financial institutions grasp that “identity is dynamic, not static,” he said.
Other organizations take a more reactive approach, Ball said. After detecting a suspicious transaction, they “don’t advise us what they want us to do. The individual is being asked to do all the leg work. That’s very frustrating.”
That’s also a way to lose consumer loyalty and future business — the digital era is nothing if not merciless, given all the choices at consumers’ fingertips. “After one or two instances where I am being put through more friction than is necessary, I start to question whether I am with the right organization,” Ball said.
Granted, it’s not the easiest task to balance security and convenience. But Ball offered guidance for financial institutions committed to earning and keeping consumer trust. “Really try to get ahead of the next level of risk rather than always be behind it,” he said.
In the next decade or so, business executives will likely feel more pressure to stay ahead of the game when it comes to trust and digital security. Regulators are stepping in. The European Union’s General Data Protection Regulation (GDPR) comes into force this year and promises significant — even material — fines for organizations that are sloppy or reckless with securing consumer data.
“I think you are going to see a larger number of breaches” in the coming years “and larger fines being administered,” Ball said. Financial institutions and data managers will pay “a heavy price for not having taken this seriously.”
All of that could create new business opportunities, of course, as banks partner with technology companies to craft new consumer protections. Ball said he foresees the creation of “insight engines” that would essentially come up with sophisticated risk profiles for groups of customers or individuals. The insights gained from those “engines” would enable organizations to address data risks and breaches with more precision, reducing the hassles consumers often face when attempting out-of-the-ordinary transactions.
The whole point, after all, is to not alienate reliable sources of profit. “When you think about those consumers that clearly are driving your revenue and profit, you cannot afford to get in their way,” Ball said.
During all of this change to the standards and practice of trust, Ball does not view consumers as passive bystanders. Hardly. Consumers not only need a deeper understanding of data protection and security, and the often contradictory role of convenience — an understanding that financial institutions and other custodians of data can encourage through education — but they also must adopt a mindset of personal responsibility.
And that brings the trust discussion back to why identity deserves more of a security focus than one’s home.
Ball said he could imagine businesses charging, say, monthly fees to protect identity in its dynamic forms. Those risk profiles could help too, as they would give consumers a picture of where they are most vulnerable in this digital world.
“Where should I be more mindful now that the risk is higher, and what decisions should I be taking [to change] my behavior?” Ball asked. Investments that take consumers to those points will be more pragmatic than home security systems. “You have to think about what I am going to do to protect my identity in the future and think about the way it is managed.”