No data is safe in the wake of the Equifax breach – at least not the static kind such as SSNs and drivers’ licenses. Equifax is shoring up some lines of defense by linking with Entersekt in a mobile digital ID effort. Entersekt CEO Schalk Nolte tells PYMNTS’ Karen Webster why the device itself can foster trust between users, Equifax and other companies.
Is it too little or too late? Or just in time?
We all know that in the wake of the Equifax breach, no data is safe. And in a world where bits and pieces of your identity are floating around – and can be cobbled together to make new identities – there’s really no way to know who has what, or whether your good name is being used for no good.
That statement is compounded by the breaches that came before Equifax’s headline-grabber and the breaches yet to come.
A new partnership seeks to help consumers be proactive when it comes to protecting their identities, rather than reactive.
Reactive as in: being surprised by bad news down the line and scrambling for safety when someone, for example, opens credit cards in an unsuspecting victim’s name.
Entersekt, which is focused on push-based authentication and mobile app security, last week announced a technology partnership with Equifax. Under the terms of that partnership, Equifax has licensed Entersekt’s Transakt product to boost its online and mobile services.
Transakt employs digital certificate-based technology that identifies each mobile device registered to the Transakt app. When access to a digital identity or account is required, a request for authentication is sent to the phone or another mobile device – such as a tablet – in real time. Users approve or deny access by tapping a command to accept or reject it.
In an interview with PYMNTS’ Karen Webster, Entersekt CEO Schalk Nolte said the partnership is based on a guiding principle that “security brings more trust between the users and an enterprise.”
It might go without saying that trust is a commodity Equifax and any other number of data-focused firms could sorely use. As Webster noted, the Dark Web is awash with offerings for sale – everything from Social Security numbers to birthdates to drivers’ licenses.
And, as Nolte agreed, the Equifax breach, where 145 million consumers were compromised –preceded by massive hacks, such as the one that ensnared three billion Yahoo accounts – points to one simple fact.
“This is a dangerous time,” he told Webster, “and data is probably out there.”
And if we must assume the bits and pieces and bits and bytes that point to us being us can be misappropriated, then proactivity goes a long way. Perhaps alarmingly, that proactivity is not in evidence – at least when it comes to monitoring or freezing credit reports.
Welcome, then, to an automated way – wrought in real time – of recognizing when attempts are being made to gain access to one’s identity.
Though it’s early days yet in the Equifax/Entersekt partnership, Nolte said Transakt can be a tool leveraged by consumers as they seek to control their identities, safeguarding them from bad actors.
That measure of control is crucial in an age where traditional security methods, where firms use risk engines across a range of activities, may no longer be a strong enough defense.
Consider the fact that, as he said, those risk engines use traditional data inputs that are no longer secret. Your mom’s maiden name is out there, he said.
So, if static identifiers can no longer be the sole conduit to proving identity, Nolte said basing security on “human behavior empowers the customer … and they have safety in transacting.”
The push notification and subsequent confirmation or denial from the consumer, said the executive, is a way for the consumer to confirm information and trust the channel through which that information is deployed.
As Webster and Nolte discussed, the process can be likened to “healthy friction.” We may all desire invisible payments, as Webster noted, yet transactions should not be so invisible – meaning friction-free – that criminals can skate off with identities and credit card credentials.
The initial rollout between Equifax and Entersekt focuses on mobile, said Nolte, because the mobile phone or tablet is a “versatile and personal device” that can serve the same function as a laptop or speaker and, as he stated, “you rely on it for other forms of communication. We can leverage that [to make sure] that you are you.”
Digital ID verification, with an eye on enhancing security through mobile means, Nolte told Webster, means consumers are notified and made aware when someone may be trying to compromise their data before something happens, which he termed “a step in the right direction.”