The Need For Dynamic PII In The (Delayed) Dawning Of The Age Of SCA

SCA may be facing a longer implementation period, but change is coming, of course. Ekata’s CEO Rob Eleveld tells Karen Webster that verification needs to combine aspects of the digital and physical worlds, and dynamic PII helps stay one step ahead of the fraudsters.

In the days before eCommerce, before data breaches grabbed everything from Social Security numbers to passwords, before fraudsters began to craft synthetic identities, strong customer authentication was rather simple. You handed your driver’s license to the cashier, who matched your signatures and looked at the picture — and made sure, in real time, that you were who you said you were.

SCA, as it’s commonly known, is no simple task now, and it’s certainly far from a concrete, standardized process for card-not-present transactions.

Now there’s a delayed rollout of PSD2’s mandate that eCommerce firms embrace a two-step verification process for online purchases that are more than 30 euros.

Although delayed, the migration will take place. And against that backdrop, in a PYMNTS interview with Karen Webster, Ekata CEO Rob Eleveld delved into the intricacies of just what it takes to have a robust verification system in place — and the challenges that lie ahead for merchants and payment services providers when SCA finally dawns.

 

As the world knows by now, SCA requires customers to complete the two-step verification by offering up one of the following: something they have; something they know; or something they are (via biometric identifier, for example).

The mechanics aside, said Eleveld, there is the need to bring digital and physical world attributes together to make a better authentication experience for merchants — and one that obviously gives consumers a better experience, too, which in turn boosts conversions.

“We live in a digital world,” said Eleveld. “It’s easy to lose track of the fact that what we’re really trying to do is just figure out if there’s a real physical person behind this transaction or not.”

Identifying Identity

To craft a successful authentication strategy, Eleveld said, it’s important for merchants and payment service providers to realize that identity is composed of, and reflects, several different attributes, far flung across centralized and decentralized locations.

Of Ekata, he said, “We are a part of a decentralized ecosystem that is trying to provide digital information to authenticate someone.”

In the decentralized model, he said, merchants and payment service providers use data that they piece together themselves, or perhaps they sign on with a provider to gather consumers’ data, running them through a machine-learning model that helps separate good transactions from bad.

Data itself can be centralized or decentralized, said Eleveld.

In reference to centralized conduits, some of the attributes that spring most readily to mind used to identify individuals include those gathered, stored and used by government agencies.

Eleveld said that across Europe and the United States, centralized authorities gather and disseminate personally identifiable information (PII) such as Social Security numbers and other variants of national identifiers. These data points, he said, fall under the designation of static PII.

“The problem with centralized data is that it gets compromised a lot,” he told Webster, “and because it doesn’t change (because it’s static), once it’s compromised, it doesn’t work nearly as well for authentication. The data is out there — and someone else can use it for authentication or fraud.”

Compromised data includes passwords, too, of course. Eleveld told Webster the password may represent the weakest link among SCA’s mandates, as passwords are often forgotten by consumers or are already out there for fraudsters to seize.

Dynamic PII

In the increasingly mobile, increasingly tech-driven world, he continued, “individuals are linked to different types of PII, and if we keep ourselves from using static PII, we are bound to start using what is called dynamic PII.”

This type of data, Eleveld said, consists of email addresses, IP addresses and physical addresses — many of which are fluid and may change frequently. In one example, he said, 20 percent of the U.S. population moves every year, and knowledge of new addresses can be used to stay one step ahead of fraudsters.

These puzzle pieces of data can be linked to form a composite picture of an individual. By way of example, he said that Ekata has a database, global in scope, with 5 billion attributes in it that are all linked to people.

Other providers, he said, focus on device IDs, monitoring whether an individual has used a browser to conduct a transaction or log in to their bank account in the past.

As Eleveld put it, “If I have all this information linked to me, and I am on a device that has been used before — those are things that help build a picture [for merchants] that ‘this is probably that individual.’”

Behavioral data is also useful, he said, and can embrace the most infinitesimal of details — such as the way an individual taps away at a keyboard or screen. A historical look back on transactions can discover red flags or anomalies — for example, it’s unlikely that a consumer will transact across dozens of merchants in a day or two.

With cryptographically hashed (a method in which data is converted into unique strings of text) anonymized transactions across Ekata’s own “identity network,” said Eleveld, a clear picture of consumer behavior emerges.

“We begin to see patterns between how often this phone number has been used or the shipping address, or how often an email address has been paired with this phone number or an IP address,” he said.

The Need For Machine Learning

Those patterns can be teased out only through the use of machine learning-driven models, said Eleveld.

“There are multiple pieces of this decentralized data,” he told Webster. “Most merchants and most payment service providers are getting this data from multiple sources in a decentralized way, and, in some cases, they’re getting it from their own customers.”

But as fraudsters have leveraged computing power and have grabbed data, he said, the precision required to recognize all the patterns and tie them together into actionable insight requires automation and artificial intelligence (AI).

Why It’s Not Enough

Even with all this data, static and dynamic, with machine learning, with identity engines seeking to verify legitimate consumers and transactions, Webster posed the question: Is what we have in play already good enough — do we really need the SCA requirements that the regulators are proposing?

Eleveld said the jury’s still out. The mental picture that many merchants may have held for customer authentication may be with services, such as Verified by Visa, where pop-up windows ask consumers for more details. Beyond the pop-up prompt, he said, there has not — up until now — been a lot of focus on SCA, as it had not been required by regulators till PSD2 debuted.

“Now, there are a lot of different folks, including us, who are trying to figure out how to help merchants and payment service providers and the ecosystem meet the requirements of the regulation while not inserting friction into the process,” he said. “It’s a moving target right now. No one really understands or has a good view for how this is going to play out.”

Even with the delays in place, some fundamental issues about SCA still linger, said Eleveld. He pointed to the fact that, as of yet, there is no precedence as to whether having device IDs in place might be “good enough” to meet the “what you have” requirement of the authentication laws.

In the absence of codified standards of what is “good enough,” he said Ekata has been working with corporate clients to develop and refine baseline models that work with batches of transactions, as well as look at chargebacks and false positives to see if the data being used is, in fact, “good enough” for SCA and might stand the test of regulators’ audits.

There’s at least some roadmap for regulators in place, he said, pointing to the fact that credit scoring models have been in place for decades and serve as a successful example of model governance.

But for right now, looking ahead, he said: “There is no ‘case law’ that helps codify what meets the standards. The challenge is that the regulators are going to have to get out in front and make some commitments about what they are going to decide is ‘good enough’ and what is not.”

Flying Cars Can Wait: CES Shows Future Is Robots That Cool Your Soup, Pick Up Socks

AI Me gadget from CES 2025

What do the movies “Blade Runner,” “2001: A Space Odyssey,” “Back to the Future Part II” and Spike Jonze’s “Her” all have in common?

These science fiction movies, each depicting various versions of a future full of fantastic technologies, all take place in the year 2025 or earlier.

Though some of the high-tech gadgets and futuristic innovations seen in these films, such as hoverboards and flying cars, haven’t quite materialized in everyday life, they have sparked imagination and set the stage for the very real innovations. As the dozens of groundbreaking products and wacky gadgets that debuted at the 2025 Consumer Electronics Show (CES) this week reveal, the future is certainly now.

CES, after all, rarely disappoints when it comes to providing a first-look at some truly strange gadgets that might just represent the ultimate showcase of tomorrow’s technology.

From artificial intelligence (AI) being embedded into everything and smarter than ever home devices, to autonomous robotic companions and wearable tech that both bends and blends reality, many of the inventions that once seemed out of reach in Hollywood films are now being unveiled on the convention floor.

See also: The Five Not-So-Obvious Things That Will Change the Digital Economy in 2025

Could Smart Home Robots Revolutionize Daily Life?

It’s becoming clear that today’s technological advancements are increasingly bridging the gap between what was once imagined and what’s now becoming real.

For example, smart home robots are no longer a futuristic fantasy — they are being positioned as potentially indispensable components of modern households.

CES 2025 saw the debut of the Roborock Saros Z70, a robot vacuum with a telescopic, five-axis arm. Rosey the Robot from “The Jetsons” has nothing on this little gadget, which its maker describes as “a mechanical arm that sees and thinks,” and is able to pick up and put away items like socks, shoes, tissues and more.

For more serious household tasks, the SwitchBot Multitasking Household Robot K20+ Pro was also unveiled at CES 2025. “Whether it’s delivering objects, vacuuming, monitoring pets, purifying the air, providing home security, or even mobilizing smart tablets, the K20+ Pro juggles household management with ease … from delivering food and drinks to carrying small packages,” said a company release.

Read more: Training Robots Using Video Games Could Democratize Warehouse Automation

The K20+ Pro’s core is designed for customization and flexibility, serving as a modular foundation that allows users to create, adapt, and personalize the robot for a wide variety of innovative applications, and can connect with third-party smart devices like Alexa, Google Assistant and Siri, ensuring integration into any smart home ecosystem.

Elsewhere, TCL premiered its “AI Me” (Amy) concept companion robot, complete with animated eyes, autonomous movement and an AI-powered camera on its head; while Dreame showcased its X50 Ultra robot vacuum that has legs to avoid obstacles.

As smart home technology continues to evolve, the integration of robots designed to assist in daily activities could significantly alter how we interact with our homes, manage tasks and even shape the future of work.

TomBot, for example, debuted an emotional robotic lap dog, Jennie, an AI robot therapy dog designed to keep seniors company. On the more playful side of things, Tokyo robotics startup Yukai Engineering introduced the Nékojita FuFu, a portable cat-shaped robot that can blow air to cool hot food or drinks.

It wasn’t solely robotics for use at home being showcased at CES. John Deere used the Las Vegas event to reveal its own autonomous agricultural products. The fully autonomous machines were on display from Jan. 7 to 10, and were a bit bigger in size, if equivalently less cute, than the TomBot puppies.

Read more: Google Reportedly Bringing Gemini AI to TV Sets

The Future Is Calling and Consumers Can Answer Anywhere

Behind the strangely futuristic convenience of a robot picking up your laundry and taking out the trash while it vacuums and interfaces with the rest of your household appliances lies a much larger story: the rise of the smart economy.

As CES 2025 showed, augmented reality (AR) glasses are the eye candy of the smart economy. A host of futuristic specs were unveiled, capable of a range of tasks that turn the wearer into a high-tech superhero.

Halliday showcased “the world’s first proactive AI glasses with invisible display,” while freshly debuted Loomos.AI glasses offer a ChatGPT-4o integrated AI assistant.

But other appendages remain up for grabs, and innovative products from smart rings to apps like WowMouse, which allows smartwatch wearers to control devices using just their gestures and fingers, are vying for market share in ways that aim to make daily life more convenient, efficient and secure.