Key Issues Plaguing Digital Identity Services

thesevenlawswordle-27kzp5y1

Sachin Mahajan, (TELUS & MobileLive)

The Internet without high assurance identity services is akin to a house without plumbing and electrical wiring. As we collectively start launching services (Mobile Connect, Identity Verification & others) the hope is we build a strong foundation to allow Digital Banking, IoT and other services to unleash their true potential with a friction-less user experience.

From my perspective here are the top 3 issues with Identity today:

Issue #1: None of the existing products largely address the markets needs

In February of this year, I went to Barcelona to attend MWC, where over 150,000 telecom professionals from around the world congregated. It was the perfect place to discuss the latest developments and trends in Digital Identity & IoT.  I had one evening free to myself, so I decided to walk around the city. Given Barcelona’s reputation, right before I left my hotel room I took all my important identity documents i.e. passport, credit card, driving license and locked them up in my room’s locker….and dually walked out with my prepaid euro chip and pin card. So the point being the things that were important to me were locked up in my room- safe and secure, as they should be but I had no access to them….which is the exact issue or problem with the digital world.

Issue #2: There is an immediate need for a High Assurance or Trustworthy Digital Identity solution

Often done to death, but worth a quick mention is the fact that the terms “digital world” vs “real world” are becoming so intertwined that soon we will be unable to distinguish between them. Terms such as “Away from Keyboard” (AFK) might become more prevalent. Given that I sleep with my cell phone 3 feet away from myself…AFK never really happens, until and unless my device runs out of battery these days.

Issues #3:  We want everyone else to provide their police clearance certificates to prove their identity in the online world but do not want to do the same at their end.

An interesting episode from my life a few months back, highlights the most important issue I believe plagues our digital world. I have a 10 year old niece, and she and I discuss all things important. She along with her friends were setting up a musical concert in the neighborhood and wanted to promote it online. In a bid to engage more people she was contemplating discussing it on 2-3 chat groups, which she thought were relevant. The moment I found out, I told her she had to keep 2 things in mind:

  1. Not to trust people in chat rooms. They could very well be perverts, criminals, frauds, cheaters or who knows what
  2. Giving out real name and contact information was an absolute No No

Here in lies the paradox…we want others to provide all their identity related information, but do not find the web safe enough to share our own….. this is a log jam!

PS: The intent of writing this quick piece is to engage my stakeholders, so please comment and help me better understand your needs.

Advertisements

Digital Identity: Peeling back the onion…..

Sachin Mahajan, (TELUS & MobileLive)

Five months of heading the portfolio and it is becoming glaringly evident that “Digital Identity” has dramatically different affect on people. For a large majority it seems to be the code word for “now the eyes glaze over and I read emails” but every now and then I run into a handful of others whose ears perk up and a warm smile engulfs their face saying, “about time someone did something about it”.

What is Digital Identity?

There are way too many definitions & perceptions about digital identity, which partly is the problem.  For me, it is as simple as “a mechanism for an individual or a business entity to identify themselves on the internet with some level of assurance (trust).”

Some of the others include:

  • Digital Footprint left behind when one surfs the internet

Companies such as Google and Facebook create online profiles of people to provide a focused, relevant and contextual experience. For e.g. if I searched google images for the key word “Jaguar”, I would instantly be shown images of a car whereas my wife would be shown images of the almost extinct Panther species.

  •  Online persona adopted or claimed by an individual.

I came across a company from the UK, whose tag line is, “When your heart stops beating, you’ll keep tweeting’”.  It is somewhat of a controversial app that updates an individual’s Twitter feed in the same style as they would normally tweet. In essence ones digital persona would continue to live even beyond the grave. A very interesting thought indeed.

  • It comprises of characteristics, or data attributes, such as Username and password, Date of birth, Social security number etc.
  • And a million other BORING definitions

Why should one care about it?

Two simple reasons: Economics and superior quality of experience!

  • Did you know that MasterCard and Visa charge anywhere between 1.5-3.5% of the transaction value in the physical world vis-à-vis 6-9% in the online world!!! The reason for the disparity is as simple as the inability of companies to authenticate people digitally in a secure, reliable & robust manner!
  • Did you know that between Google, Facebook and other online giants, they collectively make an average of $200-250/North American broadband user annually? What that means is that “Digital Identity” has let them unlock $50+ Billion of annual revenue….and growing!
  • Did you know in 2012, the average cost of recovering from identity fraud was upwards of $20,000 with almost 50% people admitting that if their identity was stolen they would not have the means to manage the recovery process

What are the different levels of assurance of digital identity?

The following chart helps provide a framework to begin to better understand and categorize the various levels of assurance & Strength of Authentication across multiple digital channels:

CHY

Source: Consult Hyperion/Telus

Levels of assurance:

  • Level 1 – Little or no confidence in the asserted identity’s validity an example of it would be registration requests on a news website
  • Level 2 – Some confidence in the asserted identity’s validity
  • Level 3 – High confidence in the asserted identity’s validity to enable accessing sensitive personal data online
  • Level 4 – Very high confidence in the asserted identity’s validity. A typical use case would be providing remote access to a law enforcement database

Digital identity is evolving quickly and is becoming a key enabler across multiple portfolios; be it IoT, Security, mobile wallets or e-commerce.  Consumers are being presented with a greater variety of low assurance authentication methods as the competition to become the de facto identity provider among some of the world’s biggest companies is heating up (Apple, Facebook, Google, Amazon etc.). On the other hand Telcos(AT&T, TELUS, Vodafone, O2), Banks and Governments are focusing on higher assurance authentication methods, where its imperative to know the identity of the person on the other end (Medical Insurance, Drivers license renewal, Access to medical reports, Registry services etc.)  It clearly is a fascinating space right now and I can’t wait to see how we help it evolve over the next few years!