Digital identity regulation changing for consumers
Kathleen Peters is the Chief Innovation Officer at Experian Decision Analytics. As the world’s leading information services company, Experian empowers consumers and businesses, and is focused on issues becoming top-of-mind for its clients. Diversity is one of these (the company was recently named Best Workplace for Diversity by Fortune) as are trust in digital transactions and concerns about data privacy. Kathleen talked about what’s surprising and changing in client attitudes and technology solutions with Mike Sasaki, leader of the Mitek Systems global customer success team.
I’ve posed the question “Why identity and why now?” to more than a dozen people in our Innovators series. I see that you have an MSEE and a BSEE in electrical engineering, so I’m thinking your answer will be about technology developments. Am I right?
Kathleen: It’s more complicated—and more interesting—than just new technologies. Sure, technology is making so much more data than ever available and enabling us to do things with it we couldn’t have imagined before. But what really makes this such an amazing time is that the technology trends are intersecting with social trends to create heightened awareness, and a whole new public conversation has emerged around consumer trust and privacy. Attitudes and ideas are changing—even to the point of what we mean by “identity.” My identity no longer means just my name, date of birth and SSN. There are also all these digital manifestations of us out there: screen names, email addresses, mobile phone numbers, device identifiers and all the “exhaust” we leave behind as we travel the internet. So the question naturally comes to mind: “What does my digital ID mean?” And also, “Do I own my own identity?” “Who manages it, and who protects it?”
How are consumer attitudes changing?
They’re changing dramatically in regard to concerns about trust and security in digital transactions. You can see that if you compare the results of Experian’s annual Global Identity and Fraud Survey. Several years ago consumers were really excited by all the new digital capabilities and the speed, ease, and convenience they provided. Last year, we found that while consumers still wanted all that, they also wanted a little more security in the balance. In the 2019 survey results, there was a definite shift. Consumers essentially said, “I need to trust the entity I’m transacting with online and to establish that trust, I need to see visible signs that this transaction is secure and my identity and data are being protected.” That actually surprised me, to see how quickly the mood has changed, especially here in the US.
Does that mean consumers today are more willing to put up with some friction in return for increased security?
Yes, I think it does, provided the friction comes into play at the right time in the right way. We’re finding that consumers are more tolerant of a bit of friction during the enrollment process—as a means of building trust. But when they return to the app or website, they want to be recognized. So companies need to hit that delicate balance by using layered technologies, some of which are active and visible to the consumer, and some of which are invisibly working in the background to confirm the identity of returning customers.
Are these changing consumer attitudes driving identity verification to the top of business agendas, or is it regulatory pressure?
Both. Look at just one aspect of trust, data privacy: Regulations are stronger, of course, in Europe, with the GDPR, which global companies like Experian are complying with. California has just enacted the
CCPA, and a few other states are trying to craft their own rules around these models, but I don’t think it’s clear yet what the regulatory situation in the US is going to look like. Many companies aren’t waiting
to find out. To meet the changing expectations of consumers and compete, if you will, on trust, companies are looking for ways to do more now.
In general, I have to say that while digital identity regulations have a really important role to play in protecting consumers, especially in finance and credit, they haven’t kept pace with technology and social change. The digital world is evolving at a very fast pace, and there are so many new ways for companies to collect information about us and use it to characterize us, not only to verify our identities but to target goods and services. How do we know all these fragments of data—and the views of us they form—are being protected and properly used? Regulators are trying to catch up with that new reality.
We’re also seeing the roles of government agencies evolve. In the US, the Social Security Administration’s purpose is to provide benefits to US citizens, not to maintain a national identity database. Yet that’s exactly the direction it’s going with the Consent Based Social Security Number Verification (eCBSV) system now under development. And the identity verification systems are really going to be very helpful in stopping the double-digit year-over-year growth in identity theft we’re seeing in this country.
You say innovative companies aren’t waiting for the government. What are they doing right now?
There’s a lot of innovation and adoption around biometrics, both physical and behavioral. It turns out there are so many things about each one of us that are as individually unique as our fingerprints. But I don’t think we’re going to see one biometric technology come out and take care of the whole digital identity framework question. I think we’re always going to be using a layered approach which includes information presented by the user, information gathered from the device and from looking at biometrics, and information collected from third parties. The question businesses have to ask is: How can I combine cool new techniques and new types of data with existing techniques and data to create an experience
where consumers feel engaged and protected?
The Apple Card is a great example. Consumers trusted Apple, trusted using their iPhone to apply for the card and trusted that the information they were providing and getting back was secure. At the end of the process, in just a few minutes, they were delighted with a new digital credit card they could use immediately. I think that’s the direction digital onboarding is heading.
You sound optimistic. Am I reading you right?
Yes, I am optimistic, which is not to say I don’t recognize the challenges ahead. I even think the “speed bumps” we’re encountering with rising concerns about data privacy are a good thing. After all, I’m from Missouri—the “show me” state of natural skeptics.
But because I’m an engineer by training, that natural skepticism about digital IDs translates into curiosity. I’ve always been intensely curious about how things work technically and how new ideas could work. So I’m really excited, because as fast as things are moving, I think we’re only at the cusp of it, only beginning to see the possibilities of digital identity frameworks. And I cannot wait to see what happens next!