Michael Becker, speaks with Virginie Debris, the Chief Product Officer for Global Messaging Service (GMS) and a board member of the Mobile Ecosystem Forum about a range of topics around the role of personal data and identity and how enterprises can better engage with such data to the mutual benefit of them and their customers.
I recently sat down with Virginie Debris to talk about personal data and identity (PD&I). We had an enlightening discussion (see video of the interview). The conversation took us down unexpected paths and brought to light several insights and recommendations.
In our interview, we discussed the role of personal data and identity and how enterprises use it to know and serve their customers and to protect their interests. And, to my delight, we uncovered three ideas that could help us all better protect PD&I and improve the market’s efficiency.
- Idea one, build out and refine “The Trust Chain,” a “chain of trust,” a PD&I industry value chain framework envisioned by Virginie.
- Idea two, refine PD&I industry practices, optimize all the data that mobile operators are holding on to, and ensure that appropriate technical, legal, and ethical exchange mechanisms are in place to ensure responsible use of PD&I.
- Idea three, standardize a connected individual transaction scoring scheme, i.e., a scheme for identity and transaction verification, often centralized around mobile data; this scheme is analogous to credit scoring for lending and fraud detection for credit card purchases. It would help enterprises simultaneously better serve their customers, protect PD&I, mitigate fraud, and improve their regulatory compliance efforts.
According to Virginie, for an enterprise, being able to know their customer, to verify the customer’s identity prior to and during engagements, is a commercial imperative. Knowing the customer helps enterprises not only better serve the customer it also helps them manage costs, reduce waste, mitigate fraud, and stay on the right side of the law and regulations. Virginie remarked that her customers are saying, “I want to know who is my end user? Who am I talking to? Am I Speaking to the right person in front of me.” This is hard enough in the physical realm, in the digital realm is is extremely difficult. Players like GMS can help.
Consumer Identity and the Enterprise
The mobile phone has become a cornerstone for digital identity management; in fact, Cameron D’Ambrosi, Managing Director of Liminal, has gone as far as to suggest mobile has an irreplaceable role in the digital identity ecosystem.
According to Virginie, for an enterprise, being able to know their customer, to verify the customer’s identity prior to and during engagements, is a commercial imperative. Knowing the customer helps enterprises not only better serve the customer it also helps them manage costs, reduce waste, mitigate fraud, and stay on the right side of the law and regulations.”
To successfully leverage mobile as a tool for customer identity management, often referred to as “know your customer” or KYC, enterprises work with organizations like GMS to integrate mobile identity verification into their commercial workflow. In our interview, Virginie notes that GMS is a global messaging aggregator, the “man in the middle,” and provides messaging services powered by personal data and identity to enterprises and mobile operators, including KYC services.
Benefits gained from knowing your customer
There is a wide range of use cases for why an enterprise may want to use services provided by players like GMS. They can,
- Improve customer experience, knowing the customer and the context of a transaction can help improve the customer experience.
- Maintain data hygiene, ensuring data in a CRM or customer system of record is accurate can improve marketing, save money, reduce fraud, and more.
- Effectively manage data, reducing duplicate records, tagging data, and more can reduce costs, create efficiency, and generate new business opportunities (side note: poor data management costs enterprises billions annually).
- Ensure regulatory compliance, industry and government best practices, legislation, and regulation is not just a nice to have; it is a business requirement. Staying compliant can mitigate risk, build trust, and be a differentiator.
- Mitigate cybercrime, cybercrime is costing industry trillions of dollars a year (Morgan (2020) predicts the tally could be as much as $10.5 trillion annually by 2025), losses that can be reduced with an effective strategy .
The connected individual transaction and identity scoring scheme
When a consumer signs up for or buys a product or service, an enterprise may prompt them to provide a mobile number and other personal data as part of the maintenance of their profile and to support the transaction. An enterprise working with GSM, in real-time, can ping GMS’s network to verify if the consumer provided mobile number is real, i.e., operational. Moreover, they can ask GMS to predict, with varying levels of accuracy, if a mobile number and PD&I being used in a transaction is associated with a real person and if the presumed person conducting the transaction can be trusted or if they might be a fraudster looking to cheat the business; this is a decision that is based on relevant personal information provided by the individual prior or during the transaction as well as data drawn from other sources.
This type of real-time identity and trust verification is made possible by a process Virginie refers to as “scoring”; I refer to it as “the connected individual transaction and identity scoring scheme.” Scoring is an intricate and complex choreography of data management and analysis, executed by GMS in milliseconds. The dance consists of pulling together and analyzing a myriad of personal data, deterministic and probabilistic identifiers, and mobile phone signals. The actors in this dance include GMS, the enterprise, the consumer, and GMS’s strategic network of mobile network operators and PD&I aggregator partners.
When asked by an enterprise to produce a score, GMS, in real-time, combines and analyzes enterprise provided data (e.g., customer name, addresses, phone number, presumed location, etc.), mobile operator signal data (e.g., the actual location of a phone, SIM card and number forwarding status), and PD&I aggregator supplied data, and produces a score. This score is used to determine the likelihood a transaction being initiated by “someone” is legitimate and can be trusted, or not. A perfect score of 1 would suggest that, with one hundred percent certainty, the person is who they say they are and can be trusted, and a score of zero would suggest they are most certainly a cybercriminal.
In our interview, Virginie notes, “nothing is perfect, we need to admit that;” thus suggesting that one should never expect a perfect score. The more certain a business wants to be, the more the business should expect increased transactional costs, time, and friction. In other words, businesses should develop a risk tolerance matrix, based on the context of a transaction to determine if they want to accept the current transaction or not. For example, for lower risk or lower cost transactions (e.g., an online pizza order) the business might have a lower assurance tolerance, i.e. they’ll accept a lower score, but for higher risk or higher cost transactions (e.g., a bank wire transfer) they might need a higher assurance tolerance, i.e. they accept only higher scores.
Example: Detecting fraud in a banking experience
Virginie used a bank transaction as an example. She explained that a bank could check if a customer’s mobile phone is near the expected location of a transaction. If it was not, this might suggest that there is a possibility of fraud occurring, which would negatively impact the score.
Mobile scoring is happening every day, not always by this name, however, others refer to it as mobile signaling or mobile device intelligence. Virginie alluded to a challenge, however. There is no industry standard for scoring, which may lead to possible inconsistencies in execution and potential bias across the industry. She suggested that more industry collaboration is needed.
The Trust Chain
In our conversation, Virginie proposed a novel idea to help frame what we in the industry need to do to optimize the value created from the use of PD&I and to use it responsibly. Virginie said we need to build “The Trust Chain”.
I’ve taken poetic license, based on our conversation, and have illustrated The Trust Chain in the figure below. The figure depicts connected individuals* at the center, resting on a bed of industry players linked to enterprises. A yellow band circles them all to illustrate the flow of personal data & identity throughout the chain.
Defining the connected individual and being phygital, it is so easy in business to get distracted by our labels. It is important to remember the terms we use to refer to the people we serve—prospect, consumer, patient, shopper, investor, user, etc—are contrived and can distract. These terms are all referring to the same thing, a human, an individual, and more importantly, tend to refer to a contextual state or action at some point along the customer journey, i.e., sometimes I’m a shopper considering a product, other times I’m a consumer using the product.
The shopper and the consumer are not always the same person. Understanding this is important to ensure effective engagement in the connected age. In the context of today’s world, and this discussion, the individual is connected. They are connected with phones, tablets, smartwatches, cars, and more. These connections have made us “phygital” beings, the merging of the digital and physical self. And each and every one of these connections is producing data.
According to Virginie, the key to making the industry more effective and efficient is to find a way to tap into more and more of the connected individual data held and managed by mobile network operators since, in her own words, “they know everything.” To tap into this data, Virginie said a number of technical, legal, and ethical complexities must be overcome and an improved model for data exchange amongst the primary actors of the industry—Mobile network operators, enterprises, messaging aggregators (like GMS), and PD&I aggregators—needs to be established. In other words, “The Trust Chain” needs to be refined and built. And, of course, it should go without saying that we have to build in appropriate connected individual, consent, preference, and PD&I management models into the chain. The presumption behind all of this is that the current models of data exchange can be found wanting.
What we need to do next
Virginie concludes our interview but suggesting that the industry should come together to tackle,
- the technical, legal, and ethical complexities to enable more effective access to the treasure trove of data held by the mobile network operators
- the standardization of a connected individual and transaction scoring scheme
- the development and integrity for The Trust Chain
My takeaway from our discussion is simple, I agree with her. These efforts and more are needed. The use of personal data and identity throughout the industry is accelerating at an exponential rate. To ensure that all parties can safely engage and transact, and thrive, it is critical that industry leaders develop a sustainable, and responsible, marketplace.
I encourage you to watch to the full interview here.
Join the MEF Personal Data & Identity working group
The MEF Personal Data & Identity working group is undertaking a PD&I market assessment effort.
Please reach out to Michael Becker if you have insights (consumer insight, operational insight, solutions and technical insight, use case, recommended organization and leaders) that you think can help the MEF and its members make an impact.