Socure CEO Sunil Madhu predicts where the Payments Industry is going from a security perspective in this guest article for ETA Transaction Trends. The Electronic Transactions Association (ETA) is the trade association for the payments industry. In the article, Sunil explores how the forces of EMV, IoT, and mobile elicit revision of the trade-offs between usability, privacy and security.
Karen Webster and Socure’s Ken Allen hosted a digital discussion recently about how the payments and financial service providers should manage the digital identity crisis facing them and reliably authenticate consumers. One framework and 4 pillars later, they offered an approach that might help the ecosystem reconnect with its authentication ego-id-superego.
The smartest organizations are taking a layered approach to consumer decisioning, by separating identity verification from credit determination. Big Data enables them to blend intelligence with conventional offline data for hyper-informed decisions, in a way that doesn’t cut corners on the best security practices. (PODCAST)
Acquiring that financial health means financial institutions are able to not only know, but accurately identify, their customers.
But for many financial institutions, the use of credit as a determining factor on whether to provide access to banking products or not transforms the decision from one based on identity to one based on credit – a choice that can subsequently lock millions out of the financial world.
In the early 1960s, Scottish engineer James Goodfellow was given a problem to solve. A colleague had invented a way to insert a card into a machine and get money out. Goodfellow’s task was to figure out a way to ensure that only the card’s legitimate owner could use these new “ATM” machines to obtain cash. So he created the personal identification number, what we call the PIN, the most secure implementation of card access the world had ever seen. Goodfellow was awarded the patent on the PIN and, later, Queen Elizabeth II awarded him the Order of the British Empire.
If the identity management system is broken, it's not for lack of vendors offering solutions.
Banks have been on a mission to find the right technology to verify mobile and online customers in a way that is highly secure, yet "frictionless" (quick and painless for the consumer). Many banks have rolled out voice, fingerprint, iris, and facial recognition software during the past year. Time will tell whether any of these prove to be the answer. But solutions are needed more than ever, given the rise of mobile banking and the amount of personally identifiable information that's been stolen or is openly available on the Internet for fraudsters.
Fraudsters are taking advantage of the fact that identity verification, in large part, is stuck in the past, relying on static variables that are easily (mis-) appropriated. With so much information about individuals available online, why aren’t more verification systems utilizing that wealth of data to create a fuller picture of consumers’ behaviors, in order to protect them from fraud?
Unfortunately, online criminals don't find it very difficult to invent or steal financial records or social security numbers. But more than 20 years into the Internet era, it's actually really hard to fabricate a person with a track record of doing what real humans do online.
Socure cofounders CEO Sunil Madhu, (left) and Johnny Ayers, vice president of business development.