Making sure you are who you say you are is the central tenet in transactions, online and off. But in an age where identities have disparate digital attributes, how do you separate the wheat from the chaff from the synthetic persona on the other end of the internet? IDology CEO John Dancu weighs in on the brave new digital world of IDs.
Who you are matters. Especially in cyberspace, where who you are may not be who you say you are, which can put billions of merchant dollars at risk with just clicks of a mouse. Screen names and passwords are not enough. In the brave new world of cybercrime (OK, it’s not that new), identifying the bad guys has gotten a bit tougher, while onboarding legitimate customers has become more cumbersome, putting revenue at risk.
In an interview with PYMNTS’ Karen Webster, John Dancu, CEO of IDology, stated that the objective is to digitize the activities that were done before in person — shopping, for example, or getting a license or picture taken. But even the most upright of citizens encounter pain points — they are “legitimate people who have to go through a lot of verification effort that they shouldn’t have to do,” and Dancu added that one of the goals for IDology is to make some of those processes invisible.
As for identity, Webster noted that there are “different personas” tied to certain actions across the Web. For example, a persona tied to shopping online perhaps need not be as robust as a persona or identity tied to sending a wire transfer. This begs the question, “How do we define identity today?”
Answered Dancu, “I think you need to look at it from the standpoint of what level of identity do you need to [complete] a transaction.”
He noted that there are transactions that are done at the store level in real dimensions and real time, where validation is relatively easy and the merchant knows the activity that has been taking place in each location. But moving on to credit card accounts and bank accounts, there are higher levels of validation needed. It’s become clear, he said, “that identity is a core part of conducting commerce on the internet no matter what you do.”
Identity is crucial, he said, not just for transactions themselves but for giving people access to accounts that may hold sensitive data, such as health care accounts. Dancu also provided examples of “step step-up authentication,” where larger transactions, at a threshold of, say, $10,000 need additional verification.
But, the duo agreed, often identity online starts with origination. That, as Webster noted, is where “there is a more in-depth vetting” of the attributes that make up an individual’s identity via the web. But, she added, how does one catch the hypothetical hacker who breaks into a health care account and makes off with digital records that are as valuable as Social Security numbers and passwords?
“You have to assume everyone’s data has already been breached,” said Dancu. The breach attempts themselves, he said, are going to be innovative and sophisticated and will be constant. Criminals are collaborating and sharing best practices — and so should industry players across verticals.
He noted that IDology helps customers improve security process and deter fraud through a powerful networked consortium that provides fraud intelligence data across industries and clients.
IDology uniquely breaks identity information into different attributes, with an eye on improving the quality of that identity information and looking at the activity the person, device and location are weaving around transactions. This leads to multiple layers of checks, the executive said, with what he termed an absence of friction as users go about their normal routines.
Perhaps no discussion of digital identity would be complete without touching on biometrics and whether it might be viewed as a “silver bullet” in the quest for security. Dancu stated that there is a place for biometrics though it typically causes friction, with interaction that needs additional steps, such as recording voices or taking pictures. The real goal is to ascertain and analyze as much data as possible in the least intrusive way, whether from biometrics, activities, geo locations or mobile device carrier data.
“Dynamic, multiple layers is the approach to take since we don’t want to put all of our eggs in one methodology basket for criminals to exploit,” Dancu said.
Another trend is that of synthetic identities. This typically takes an identity of a person who is under age 18 who is not active in the market and has a real name, address and other data, from a disparate mix of people, to create a synthesized persona. This wave of fraud costs billions of dollars in various marketplaces. To identify synthetic identities, so to speak, the company runs multiple tests of the differing data points tied to the identity.
Looking at cyberfraud in general, “I would say in many ways it has gotten better,” surmised Dancu, who added that IDology has been in the space for 12 years. He went on to say that even in looking at issues in the recent past, “there’s been a dramatic improvement” in tools that have been coming out into the marketplace to combat criminals in cyberspace.