Note: This event was conducted under Chatham House Rules resulting in no attribution of the conversation.
On Wednesday, November 20th, the One World Identity (OWI) team and Uniken hosted a KNOW Identity Forum in Atlanta, the payments capital of North America, to discuss the future of payments and digital identity.
In our modern economy, the relationship between identity and payments is inextricable. The digital economy is dependent on the secure exchange of value from one party to another. Correctly identifying digital identities at scale, however, remains an ongoing challenge for digital marketplaces, platforms, and businesses.
Additionally, new data privacy regulations — CCPA and GDPR —have forced fundamental shifts in product design considerations. Payment platforms must balance security with user experience and figure out how to remain competitive while prioritizing security.
At the KNOW Identity Forum in Atlanta, we brought together industry professionals focused on building the next-generation of user-centric payment products. The KNOW Identity Forum brought together an expert panel including Brad Davis, CEO of Datalucent, Nathan Rowe, Chief Product Officer at Evident, Nishant Kaushik, CTO at Uniken, and Andrew Morris, Founder and CEO of the Fintech Agenda LLC. There was also a LIVE State of Identity Podcast featuring Roop Singh, Chief Executive Officer at Intuit Factory, and Cameron D’Ambrosi, principal here at OWI.
Please visit here for the full State of Identity podcast recording and show notes.
How Fraud Fraud Vectors are Evolving
The evening’s programming kicked off with a discussion around developing fraud trends, and despite technological innovation, the types of attack vectors professionals observe remain unchanged.
“The more things change, the more they seem to stay the same.”
Account takeover, phishing, and social engineering remain the dominant forms of cybersecurity attacks. As an industry, we’ve failed to develop solutions that are successful at defending against these types of attacks, giving bad actors no reason to change their ways. Many platforms, for example, still don’t require two-factor authentication (2FA) as a standard authentication practice. Until we can unify our defenses, fraudsters will continue exploiting the most accessible attack vectors.
Furthermore, regulators are not making cyber defense any easier for private companies by being overly prescriptive. In 2008, the National Institute for Standards and Technology (NIST) originally issued guidance suggesting 2FA through SMS, was a safe and secure channel. In 2016, they issued 800-63-3; this guidance unequivocally revoked the use of one-time passwords (OTPs) through the SMS channel, claiming it was unsecure. However, in 2017, they once again softened their stance on SMS OTPs.
For private industry participants who look to NIST for guidance, the lack of continuity makes developing a cybersecurity strategy even more challenging.
What can digital identity and payments professionals learn from one another?
The panel unanimously pointed to the payments industry as a leader of interoperability.
“Payments figured out interoperability and identity has not.”
Today, a user with a VISA credit card can go to most countries around the world and make purchases. The payments industry collaborated on agreed-upon standards that created the “payment rails,” or a network that connects the flow of money between banking institutions and credit card processors.
Digital identity, however, still faces portability challenges. Foundational identity credentials are typically restricted to the sovereign borders of countries, specific use cases, limited time periods, or app providers. These restrictions make digital identity siloed and create a challenging experience for users This makes digital identity incredibly siloed and creates a challenging experience for users.
Digital identity professionals can learn a great deal from payment operators on how to either leverage these payment rails or establish a similar network that would empower seamless and secure identity sharing.
Is privacy dead?
The conversation was welcomingly interrupted by a question from the audience. The attendee simply asked the panel to respond to the question “Is privacy dead?”
The panel was split.
The first response was “absolutely, privacy is dead, and it has been for 6-8 years.” Once big tech companies learned that personal data was monetizable, the race was on. Since its inception, the data economy encouraged the collection and distribution of personal data across the internet. Moreover, there are 5.112B unique mobile users, 4.388B internet users, and 3.484B active social media users. The prolific penetration of the internet network expands the ability to monitor activity across the network and glean more direct and indirect insights.
Other panelists argued that privacy is not dead and introduced the notion that privacy is about control. Real, verified users should be solely allowed to take action with their accounts. The trick is in taking away the power for fraudsters to use data sets to take action.
The “privacy is dead” coalition retorted that trying to install effective privacy-preserving measures into the user journey would be too burdensome on a majority of the population, creating an accessibility issue. We shouldn’t have to sacrifice access to goods and services because of friction.
The rebuttal played well for the nay side. “That is exactly right, and that is the challenge in front of us today.”
As we’ve traveled around the country, the theme of customer experience and user experience is one that continues to rise to the top! Digital identity and payment professionals should build effective privacy-preserving measures into user journeys that are seamless and invisible. The “privacy is not dead” side concluded with a call to action for the audience to solve this challenge and to not be complacent with sacrificing security for usability.
The KNOW Identity Roadshow Continues
Many thanks to the speakers and attendees who participated in the Atlanta KNOW Identity Forum! And a special thanks to our partner Uniken for their continued work in the digital identity and security space. At the front lines of innovation, they continue to push the conversation forward and provide the industry with best-in-class solutions. We’re looking forward to continuing conversations like these in 2020. The KNOW roadshow culminates in the annual KNOW Identity Conference in April 2020. We hope to see you there!