MEF explores its recent Personal Data and Identity Management Enterprise Survey – supported by Boku – in a webinar on 9th December 2021. MEF Programme Director, Andrew Parkin-White, is joined by Michael Becker, CEO of Identity Praxis and MEF Advisor and Phil Todd, Director of Stereoscope, who co-authored the report.
From speaking to 450 enterprises in nine key global markets and understanding their identity management practices by sector, country and enterprise size, our goal is to understand how enterprises conduct identity management. We look at what are they doing, what are they dealing with and what are they struggling with.
From analysis of the extensive data in the survey, we can draw out three resulting key learnings:
- Identity management is an iterative process with three core elements – initial identification, authentication (re-identifying the individual) and verification (ensuring the individual is who they claim to be)
- Enterprises employ a vast array of technologies to execute these processes which are growing in scope and complexity
- Understanding why identity management is necessary to enterprises and how this creates opportunities for vendors
From the operational perspective, we see two main drivers – combatting fraud and securing enterprise interactions. At an overall level, fraud and security prevention are the most important operational drivers from the survey with 59% of enterprises citing these. Michael highlights some statistics from Gartner. In 2015, global fraud amounted to $3trn dollars in 2015. By 2025, the figure will be $10.5trn in 2021 from fraud and cybercrime. The implication is that identity and access management to enterprise system is becoming increasingly critical.
At an overall level, fraud and security prevention are the most important operational drivers from the survey with 59% of enterprises citing these“
Compliance is the second driver whereby enterprises need to adhere to a broad range of organisational and regulatory requirements. Around 22% of enterprises cite this with a couple of countries including Germany seeing it as more important than fraud or security. These compliance requirements can be global, regional, country-specific and even sectoral. Compliance is the next most significant at. Know your customer (KYC) in the financial sector is an example in how enterprises need to resolve compliance issues to a specific individual. Research by Gartner points to 10% of world being subject to people-centric regulations and this will increase to 60% in 2023. Enterprises need to understand how to comply, manage and implement these requirements.
From the business perspective, we can see three stages to customer engagement. Customer engagement is the first stage of the journey covering prospecting and first purchase. Retention represents the middle stage of the journey – retain and loyal customers. Feedback exemplifies the final stage of the journey.
It is important to recognise that there is a pull within the organisation from two different sides. The focus from the IT and infrastructure perspective is on the operational drivers. Phil points out that marketing places more emphasis on the business side with pressures are around the customer – expectations, complaints. Marketing wants frictionless but IT wants to put checks in place and need to ensure that processes are secure. This natural tension in the enterprises between these two major driving forces can create significant opportunities for suppliers in balancing these and in educating the enterprise. Suppliers need to understand that the end result is about the customer experience and not necessarily the technology. management.
A wide range of processes are in use to identify and authenticate the individual and are not mutually exclusive. The survey examines what is currently in use and what organisations are planning to and identifies where supplier opportunities lie. Single factor authentication is in use by 85% of enterprises with 75% using KYC. Cellular is used in 52% of businesses. There is a long tail of other methods used.
Looking at methods for verification, we are moving into a ‘cookieless world’, according to Michael and identity management is a key component of an enterprise data strategy across the customer journey. Around 98% of enterprises use verification for new customer onboarding.
Looking at the use of specific cellular services – 96% are already using digital identity proofing and 95% use biometrics. SMS OTP is in use in 88% of companies. There is plenty of scope for vendors to engage with enterprise on lesser used services such as SIM swap detection and cellular security checks. These verification technologies will become incrementally more important and it is important to convey these applications in terms of benefits to the enterprise and educate them accordingly. An enterprise will need to trust suppliers to provide the right tool that is reliable and not couched in industry speak terms.
Finally, it is important to recognise that there are a myriad of tools and process for enterprises to deploy and it is critical for them to find trusted partners who can deliver the right tools for them. The situation needs to be continually monitored to stay ahead of cybercrime. More education is needed around identity management education is needed. Technology companies are well placed to do this and to demonstrate how to gain greater competitive advantage from use of their tools.
MEF Members can download the full survey and data tables from MEF’s latest survey, supported by Boku – Personal Data, Digital Identity, Verification and Authentication in the Enterprise: Analysis and Opportunities. Non-members can download an executive summary.
MEF, supported by Boku, presents its latest enterprise survey report. In this survey, we have spoken to senior individuals in 450 enterprises of varying sizes in nine key geographical markets.