Michael Becker, speaks with Surash Patel, VP EMEA for TeleSign and MEF Board Member about personal data & identity, the importance of mobile identity verification and what the future holds for the sector.
“We know now that technology and business models are accelerating at a faster pace than ever before in human history. In 10 years time, who knows what kind of conversations we’re going to be having, but the one thing we know is that we’re all going to be increasingly vulnerable, as more of our services, more of our citizen identity, move online.” – Surash Patel, VP EMEA, TeleSign Corporation 2021 (click here to listen).
I recently sat down with Surash Patel, VP EMEA for TeleSign and Board Member of the MEF to discuss the personal data & identity (PD&I) market, for a PD&I market assessment report I’m working on for the MEF (the report will be out in January 2022). Surash’s above quote stuck out to me because I think he is right. It also reminds me of another quote, one from WPP:
“By 2030 society will no longer tolerate a business model that relies on mass transactions of increasingly sensitive personal data: a quite different system will be in place.”
I took away three key insights, although there are more, from my interview with Surash:
- Enterprises must immediately start learning how to master [mobile] identity verification; mobile identity verification can help reduce losses to fraud and self-inflicted losses of revenue.
- Enterprises that effectively use mobile identity verification can create value and generate trust and engagement at every stage of the customer journey.
- There is much we—people, private organizations, and public institutions—need to know and do to equip for the now and prepare for the future.
The following summarizes my conversation with Surash. To watch the complete interview with Surash Patel of TeleSign (39:11 min), click here.
Risk Mitigation, Value Creation, and the Customer Journey
When introducing himself and his background, Surash opened with a wonderfully self-reflective quote:
“I completely missed a trick on my career and where it was going, in that I thought about the value exchange between the consumer and the brand. From a marketing perspective, I never really considered it from the digital identity perspective before–seeing the numbers on digital fraud right now I think that case is becoming more and more clear to me.” – Surash Patel, VP EMEA, Telesign Corporation 20213 (click here).
By reading between the lines of his statement, I gather that, as a marketer, he previously saw identity as a tool for audience targeting and promotion. But, once he went into the infrastructure side of the business, he realized identity plays an even bigger role throughout the industry. This is because identity has a critical role at every touchpoint along the customer journey–not just for marketing, but for fraud prevention, revenue protection, and trust.
Risk Mitigation and managing losses
Drawing from industry reports, Surash notes that businesses are losing upwards of $56 billion a year to fraud each year. Because of this, “knowing your customer,” ie. knowing that there is a legitimate human on the other side of a digital transaction, is not just a nice to have, but a business imperative. Surash points out that it’s not just fraud that brands must contend with when it comes to losses. They must also contend with self-inflicted wounds.
Surash referenced a report from Checkout.com which found that, in 2019, brands in the UK, US, France, and Germany lost $20.3 billion in 2019 due to false declines at check out, i.e. identity verification system failures. $12.7 billion of these losses went to competitors, while $7.6 billion just evaporated.5 My takeaway from this is that it’s necessary for brands to see identity verification as a strategic imperative, not just an IT function.
But, reducing fraud and managing revenue breakage is not all Surash brought up. He also noted that, based on findings in the Checkout.com report, consumers would pay an average of $4 to be sure their transactions are secure. So, not only can brands reduce fraud, but they can also retain sales by more effectively identifying their customers (listen to his comments here).
The potential for harm is real and must be dealt with
Let’s briefly return to Surash’s quote above:
“We know now that technology, and, you know, business models are accelerating at a faster pace than ever before in human history. In 10 years time, who knows what kind of conversations we’re going to be having, but the one thing we know is that we’re all going to be increasingly vulnerable, as more of our services, more of a citizen identity move online.”
I agree with him, the people, not just businesses, are at risk of being even more vulnerable than we are now, but that does not mean that the risks we face today are trivial. Harm from the misuse of personal data is all around us. We primarily measure in in finial terms. For example, in 2020, U.S. consumers reported losses of $86M to fraud originating from text messaging scams.
There is more privacy harm out there than financial loss, noted by Ignacio N. Cofone,8 and it is not a trivial discussion to be slipped under the rug. In fact, it is one of the fundamental drivers behind emerging people-centric regulations, industry best practices, and the reshaping of law.
This topic is too big to cover in this article, but I can provide a good resource for you on privacy harm. One of my go-to resources when considering this issue is Daniel Solove, who recently, along with Danielle Keates Citron, updated the Typology of Privacy Harms. This is a must-read if you are a student on the topic of being of service to the connected individual.
The Customer Journey and Balance of Power Shift
To address these privacy harms, Surash specifically calls for the government to get involved. However, Surash thinks brands and individuals alike can do more as well. Surash makes it clear that individuals need to be more aware and accountable for their own actions and interactions. He also thinks, however, that brands need to learn to engage people in an even value exchange for their data.
Furthermore, he recognizes that people are taking more control of their data, and as this continues, we may eventually see the evolution of consumer “curation services,” what may call “infomediaries.” Again, I’m drawn to the WPP quote above. Brands need to prepare for fundamental shifts in people’s attitudes and expectations. The implications of these shifts will be profound, as they will force a change in competition, business models, product offerings, and business practices.
There is Much We all Need to Know and Do
So, after taking all this in, what’s next?
What I learned from my time with Surash is that an effective identity management implementation can collectively save brands billions, while building trust and improving their ability to serve their customer throughout the customer’s journey.
Surash emphasized that the people must know that they are at risk and be aware of all that is going on in the industry. As a result of this knowledge, they can take steps to advocate for and protect themselves. He notes that individuals “absolutely need to know the value of their data” and “how they can challenge” the brands’ use of their data. Surash suggested that individuals need to start shifting the balance of power by approaching brands and questioning, “Do you really need that data to serve me? If not, don’t ask me for it.” Surash does recognize, however, that this is going to be hard for individuals to go up against the “large” brand. As noted below, we believe in both the companies’ and the government’s abilities to do more.
For brands, Surash wants them to:
- Take cyberattacks seriously and prepare as the attacks are expected to get worse.
- Get the fraud and marketing teams working together and not at loggerheads
- Not just onboard individuals after the first transaction, but to continually evaluate and authenticate their customers as their customers move along the journey. He suggests that brands must learn to evaluate the local context of each engagement, regularly verify and authenticate their customers, and show the people they serve some respect by making an effort to validate if individuals’ circumstances (preferences, address, phone number, etc.) have changed over time. Surash implies that these actions will both reduce the risk of fraud and cybercrime, but also improve the relationship they have with those they serve.
- Ensure there is always an even value exchange, and if the brand wants more in return during a transaction, e.g. more data to support a future upsell, then they should consider paying the individual for it.
As for public institutions, .e.g. governments, Surash suggests that “there isn’t enough being done to protect the consumers.” Governments should work with industry to refine value propositions, institute consistent standards, and advocate for consumers.
Clearly, this is all just the tip of the iceberg. There is definitely more to come.
Join the MEF Personal Data & Identity working group
The MEF Personal Data & Identity working group is undertaking a PD&I market assessment effort.
Please reach out to Michael Becker if you have insights (consumer insight, operational insight, solutions and technical insight, use case, recommended organization and leaders) that you think can help the MEF and its members make an impact.