Or to give it’s complete title – ‘Trust In The Digital Economy: how can Identity solutions help mitigate the erosion of consumer trust in transaction digital services?’.
In our recent webinar on the Identity and Privacy series, Iain McCallum checks how can Identity solutions help mitigate the erosion of consumer trust in transaction digital services?’ The panel included the MD of mVine, Frank Joshi, Shawn Brown, CEO of Trunomi and David Pollington of the GSMA.
The big players in identity
Frank Joshi stated his conviction on this subject that ‘the future of the internet is predicated on solving the identity issue’, a view echoed by the other panelists and many of my contacts and contemporaries across the digital industry.
Watch the MEF Identity Webinar in full
Unsurprisingly, the big players crop up quite early in this discussion with Google, Microsoft, IBM and Apple in the frame, allegedly spending lots of money to try and solve the Identity issue, no doubt with their own respective business strategies to the fore in their product and overall strategy development. As an example, Google’s data exhaust alone could well throw up many idiosyncratic behavioural identifiers that could set any offering by them apart not available to smaller players.
As pointed out by Shawn Brown of Trunomi, Apple hold the largest number of active customer credit card details and, as they are now a credit card issuer themselves, (in conjunction with MasterCard), they plainly understand the importance of financial attributes in any Identity play and could, presumably relatively straightforwardly, meet most criteria to enable them to become an Identity Provider.
Interestingly, one webinar attendee made a comment at this point that public trust in these companies was, for many, at the heart of the erosion of consumer confidence given the history of data breaches and the questionable and, at times, illegal use of customer data. Something that we at MEF, have tracked in our Consumer Trust yearly study
Frank Joshi proposed the UK government model of gov.uk/verify as a possible key player in the UK market, keen as they are to commercialise and develop their existing product after its disappointedly slow uptake with the UK citizenry. There is general agreement that it is a very robust solution, providing LoA2 (Level of Assurance 2 under the ISO/IEC 29115:2013 definition) authentication, but that the signup and on boarding process was both cumbersome and weighty.
However, as Frank went on to explain, some 12 months ago the HMRC enabled early income tax rebates for users registered with VERIFY and this subsequently generated a significant spike in registrations demonstrating that as long as sufficient value, (in this case financial value), is offered, the pain of the on-boarding process becomes far less of an inhibitor to uptake. If you want someone to do a relatively significant amount of work to register a service, then a relatively significant financial inducement might prove a necessary inducement!
Other likely candidates to be key players are banks and credit card issuers, belonging as they do to a highly regulated sector vertical with existing and deep KYC capabilities plus the global networks to facilitate cross-border interoperability, as ably demonstrated during the 2017 EIDAS trials where EU countries, including Norway, France, Finland and Estonia, developed a framework for cross-border, government-assured Identity assertion. The trial use case enabled EU citizens working in another member state to open bank accounts using government-assured digital identity mechanisms which proved a far more efficient and user-friendly experience than the incumbent model and its reliance on physical document-based identity assertion.
David Pollington also made the case for mobile network operators particular mixture of customer stickiness, network/handset assets and global interoperability using the Mobile Connect specification as key players. David went on to state that Mobile Connect is also designed to empower the subscriber by making it easy for them to determine what information and in what context or circumstances, their personal data, including their Identity attributes, should be shared with trusted third-parties to enable secure online transactional activity.
What types of identity solution are likely to succeed and why?
Here the panelists raised as one exciting development the Self-Sovereign Identity model where, in simple terms, a consumer/citizen can assert their digital identity using existing documentary and other physical and digital attributes to purchase goods or services and have such attributes verified by a network of Identity Providers under the Decentralised Identity Framework.
Brands and Enterprises have to start showing loyalty to their customers by communicating unambiguously exactly how and in what circumstances they want to use customer data and explaining how that can actually benefit that customer in a positive way“
Shawn Brown, Trunomi
Crucially, this initiative has thrown up an obvious commercial model allowing the verifying parties to charge for their services, though the thorny question of liability would still need to be resolved, but this needn’t necessarily prove a mountain to climb if the industry can agree a sensible way forward here.
David Pollington posits that the absence from today’s internet of a formalised identity layer lies at the heart of the public’s misgivings about transacting online and that, although many big players are working with, for example, W3C and the Decentralised Identity Forum to develop the required framework and attendant standards to combat such concerns, it is wise to remember that, in the final analysis they may in prefer the continuation of a siloed approach as a bigger win for them from a commercial viewpoint than the fruits of a globally standardised, fully interoperable and open framework that, whilst winning them plaudits from the public, may inflict deleterious effects from a shareholder perspective in the short-term.
What practical steps can brands and enterprises take today to ensure transactional security moving forward?
Shawn Brown feels that there is today an opportunity for those big companies we’ve already mentioned whose business strategies are predicated on the large-scale collection of consumers personal data to stop viewing consumer trust initiatives and regulation as unequivocally growth inhibitors and turn this debate on it’s head by being open and honest with consumers about how and why they use such data and by giving consumers the tools with which to manage such data both simply and securely – ‘Brands and Enterprises have to start showing loyalty to their customers by communicating unambiguously exactly how and in what circumstances they want to use customer data and explaining how that can actually benefit that customer in a positive way’. Effectively to ‘stop harvesting data for its own sake’ and to utilise openness and honesty as a mechanism for building a deeper and more trusted brand relationship with the customer as a result.
Is this a naive point of view? I believe absolutely not and that the first companies who can adapt to the new consumer-driven paradigm that Shawn posits will reap the ‘openess dividend’ that such a revolutionary change would bring.
Whether the management and shareholders of these companies are brave enough to do so is, naturally, a different matter.
Frank Joshi went on to concur with Shawn’s view but pointed out that, in his experience, many brands and enterprises would struggle to even locate all of the data that they hold on their customers, let alone be able to enable the engagement model that Shawn envisages due to the current disparate and disjointed nature of database management systems across Enterprises, (often there can be several with an organisation, each used for different siloed and proprietary purposes).
Therefore, one important step that Enterprises and Brands could take today is to begin the process of unifying their customer data in preparation for the new ‘enlightened consumer’ who will increasingly demand greater transparency and control over what data is used and how.