In this webinar, Michael Becker, MEF PD&I Working Group Chair and CEO at Identity Praxis is joined by Surash Patel, VP EMEA at Telesign and John Brunner, CEO at Aegis Mobile to explore consumer sentiments around trust and the efforts that they, and their partners, are undertaking to introduce systemic trust throughout the mobile ecosystem.
“Trust, but verify” has been a primary tenant of most human engagement since the dawn of time. But as the world becomes more digital, this proverb has become a slippery slope. Today, we need to think in terms of “verify, then trust.”
Organisations and their customers face ever-increasing threats of fraud and related cybersecurity issues. Consumers expect brands to protect them. According to the 2023 Telesign Trust Index, 94% of consumers surveyed agree businesses bear responsibility for consumers’ privacy. And when consumers trust a brand, they reward that company with their business. According to Deloitte, people spend 25% more money with trusted brands.
In this session, we explore: • Consumer expectations for the companies they engage with to protect them from fraud • The possibility of gaining or losing customer trust at every engagement through the customer journey • Evolving industry and government initiatives that establish systemic trust and how these should influence future company policies.
Telesign Trust Index
Let’s start by reviewing the 2023 Telesign Trust Index. Telesign, June 2023, released its first of several regional trust index studies; this first study focuses on the U.S.
Surash reviews the findings of the study, which are clear;
- consumers believe (94% in fact) that it is the responsibility of enterprises (a.k.a. brands) to secure and protect an individual’s privacy;
- consumers feel fraud is on the rise and will hold companies accountable if they are victimized;
- consumers experience both financial and psychological harm from fraud.
And perhaps most importantly, from the brand’s perspective, consumers report that even a single data leak can cause significant reputational brand damage and negatively impact the brand’s bottom line. The report found that 43% of consumers personally stopped associating with a brand after the brand experienced a data breach, and quite a few made their friends and members of their social media network know about the breach.
we can no longer “trust, then verify,” but rather we must “always verify, and then trust.” meaning that in a world of ever-increasing digital sophistication, it is becoming increasingly difficult to distinguish good actors from bad actors and valid messages from good messages.“
In other words, data privacy and data security are no joke, and brands must take appropriate measures to protect their consumers. But what can brands and the industry do?
Telesign Continuous Trust Authority
In addition to kicking off the Telesign Trust Index, Telesign has also launched the Telesign Continuous Trust™ Authority initiative. The initiative is “designed to help make the digital world safer every day.” Telesign invites players from around the industry to join it in its effort to help build and maintain trust while reducing fraud in the digital economy.
Steps Being Taken to Protect Brands, Consumers, and the Industry From Fraud
Throughout the course of the webinar, both Surash and John explored various actions that brands can take to protect brands, consumers, and the integrity of telecom communications channels (e.g., calls and messaging).
Mobile Phone Intelligence and Phone Number Risk Scoring
Surash shares with us how Telesign is helping brands risk score consumer engagements, both on and offline, across every stage of the customer journey, for example, when an individual is onboarding to a new account or engaging in a transaction.
Surash explains that Telesign, on behalf of enterprises worldwide, delivers billions of messages to mobile devices globally. Telsign, by analyzing its messaging traffic and collecting network and behavioral signals on mobile numbers from its partners, can risk score mobile phone numbers.
For example, one signal that Telesign leverages is the SIM Swamp signal. It has been found that SIMS that have been swapped within 24 hours of a transaction, especially between one carrier or another carrier or between devices, are at a higher risk of being under the control of a cybercriminal and thus have the potential to lead to fraudulent transactions. SIM swapping is just one of the numerous signals Telesign monitors.
Mobile phone risk scores range from 1 to 1,000. The score, combined with other data a brand holds, helps brands determine the riskiness or trustworthiness of a mobile phone number participating in a transaction or at a moment of truth along the customer journey. Brands partnering with Telesign use this risk score in real-time to determine the most appropriate approach to engage their customers.
For instance, they may use the score to determine if they onboard the individual or approve a transaction immediately or if they should choose to challenge the individual with additional online screening or to hand them off to additional levels of support. Brands can run these checks periodically and at points of high transaction risk through the customer life cycle, thus protecting both the brand and the customer from potential harm and fraud.
Organizational Risk Scoring and Messaging
Mobile phone number risk scoring is not the only practice that is in place to help product brands, consumers, and the integrity of mobile networks. For instance, John explains, in great detail, how Aegis Mobile, in partnership with the U.S. mobile operators and The Campaign Registry (TCR), automatically risk score the legitimacy of brands before approving them to send 10DLC (ten-digit long code) text messaging traffic to consumers.
The process is fairly straightforward. A brand works with their messaging provider to set up and provision a messaging campaign. The messaging provider reaches out to TCR for approval for the brand to run messaging traffic. TCR in term reaches out to Aegis Mobile to obtain a brand risk score.
To calculate this score, Aegis Mobile performs a brand identity check, i.e., to check if the brand has valid legal standing. It can perform this check in less than 3 seconds. For brands that want to run high-volume messaging traffic, a background check is also needed, which Aegis Mobile can perform in less than 15 seconds. Aegis has performed over 1.3 million automated business checks across 180 counties in the last 18 months and has performed as many as 36K in one day.
This automated vetting of companies is similar to the vetting Telesign performs on individual phone numbers. Collectively, these services help secure mobile campaigns, keep bad actors out of the system, and protect brands and consumers alike.
Prepare for a New World of Systemic Trust
I opened the webinar by emphasizing the importance of trust in commercial relationships and clearly stating that we can no longer “trust, then verify,” but rather we must “always verify, and then trust.” meaning that in a world of ever-increasing digital sophistication, it is becoming increasingly difficult to distinguish good actors from bad actors and valid messages from good messages.
To this end, I introduced the concept of systemic trust, the systemized trust that will occur when every message and interaction between organizations and individuals (people, brands, bots, machines, APIsc, etc.) is cryptographically signed by each actor.
This process will enable us to hold the sender (e..g, a brand) and the receiver (e.g., a consumer) accountable for each other’s actions. An example of this cryptographic signing process is the digital token that Aegis provides the brand when their company has been vetted and approved to run messaging traffic. The brand uses this token to sign off on their campaigns.
It is still early days, but the dawn of personal and organizational identity is on the horizon. Very soon, both individuals and brands will be able to receive and cryptographically assert verifiable claims about themselves when they interact, thus making it possible for each to hold the other accountable for their actions and for each actor to verify the authority of their other, all while preserving dignity, privacy, and security.
For brands, this very well may establish a new business metric. For instance, no longer will they be reporting on how many email addresses or “customer records” they have; rather, they’ll be reporting on how many verified connections they have, i.e., how many people are willing to cryptographically sign off on their willingness to engage and interact with a brand.
However, this idea of a new business metric will take time to mature. For now, we can focus on adopting and rolling out programs like those discussed here.