Get Ready For ‘Micro-Identities’; The Biggest Little Thing In ID Protection

In the age of eCommerce, the rise of the digital front doors, the super-apps that connect us to any number of financial and everyday activities … Carey O’Connor Kolaja, CEO of AU10TIX, told Karen Webster that it’s time to get ready for the rise of the micro-identity.

PYMNTS research has shown that in some way, the vast majority of us — 92 percent — are connected in some digital way to the economy at large. Consider the fact that last year 86 percent of people paid a bill online, and two-thirds of us engaged with a healthcare provider online.

Said O’Connor Kolaja: “I don’t see any of us going back to our original [pre-digital] ways of living. There’s been a pivotal shift and it’s one that is going to withstand the test of time.”

Micro-Identities 

Along the way, to make the connected economy ever more seamless, to thwart the fraudsters who make it their business to collect data to cobble together synthetic identities, we will see — in just a few years — the rise of micro-identities.

It may be the case that in the connected economy 72 percent of people who use platforms are only asked for their email. Providers are leery of asking for much more than that because they don’t want to interfere with the commerce continuum, said O’Connor Kolaja. But the owner of a vacation rental, the ride-hailing firm and certainly the eCommerce merchant will want more than an email address.

That means slicing up the data so that the personal identity does not connect to the professional identity, unless it’s necessary.

In the next five to seven years, we’re going to see some drastic shifts in how digital identities are created and maintained, she said, as governments issue digital credentials and identity wallets emerge. With big players like Microsoft getting into that space, the pace toward melding the physical and digital realms of ID will only quicken.

As the micro-identities take shape, then, a consumer might conceivably have a social identity, a financial identity, a behavioral identity and never shall they meet.

“Because each of those identities act differently,” said O’Connor Kolaja, and “depending on what you are trying to achieve,” merchants and enterprises need only glean the data that is necessary to get consumers where they want to go and need only to verify each of those micro-identities at the point of interaction, only when necessary.

Early Innings

We’re some ways away — but not all that far away — from such disparate presences spread across far-flung nodes.

Identity is crucial in a digital world, but collecting the data that forms the basis for that identity, verifying those credentials and validating users — making sure that the identity is tied to its rightful owner — is still in relatively early innings.

As O’Connor Kolaja told Webster, many firms are collecting data that they simply do not need to get things done. They’re collecting a lot more data than they need. That’s especially true when it comes to payments.

As other PYMNTS/AU10TIX joint research has shown, as many as 55 percent of consumers are concerned about how their data are being used by the brands with which they interact.

And in integrating those payments, it’s important to ensure those transactions are done in a way so that enterprises get only the information they need to make sure consumers are verified and the payment goes through. Along the way, the digital payments ecosystem is reinforced by the consumers’ trust — that their data is being used for the bare minimum of what’s necessary.

The questions surrounding digital identity — what it is, how it should be used, who should help establish those identities — are front and center for all enterprises, said O’Connor Kolaja.

Digital identities, she said, are not just for facilitating transactions that drive economic value — digital IDs are also for facilitating interactions between businesses and their employees, between medical providers and their patients and even between students and their teachers. Identity verification, she said, is getting a lot of attention, to be sure, and investment dollars as well.

Consumers want to be more involved in helping decide what data can be collected and ultimately how it can be used — and they want to know, too, how it is stored and encrypted.

O’Connor Kolaja said the technology to establish verifiable credentials has long existed but the conundrum exists — namely how to credential someone without having to expose personally identifiable information (PII).

The Crypto Microcosm 

To get a sense of just how much the digital, connected economy is driving new considerations over digital identity, one needs to look to the cryptocurrency landscape as an example. PYMNTS has found that as many as 16 percent of American’s currently own or have owned cryptos. As they open up accounts and wallets with exchanges and platforms and a range of providers, verification is critical.

O’Connor Kolaja, who said her own family has had direct experience with crypto holdings, noted that onboarding activities can be measured in days — which can be frustrating. From January to July of this year alone there was a 35 percent rise in crypto-related fraud and fraud attempts. And anonymity is a key wish for the consumers transacting on those exchanges. Pointing to AU10TIX, she said, the company has helped exchanges verify users by requiring they take a picture of their driver’s license or government-issued ID with selfies for comparison.

“We’re also seeing prompts for things that may be categorized as high-risk transactions — leading to another verification,” she said. Streamlined, the methods of verification can improve disbursement flows, where a few clicks of a mouse can bring millions of dollars of an approved loan to a user’s account within hours.

Striving Toward Interoperability 

“To do that requires a new ecosystem around interoperability,” she said. “I liken it to what’s happened in the payments sector.”

Against that backdrop, she said, not all that long ago there were a few networks that stretched across the U.S. or were even global — and then came the rise of the faster payment networks that have (just recently) started to become interconnected so that money can be moved from anywhere and anyone in the world to just about anywhere and anyone else. The unique identifiers, along the way, became a bit more sophisticated, moving beyond the 16-digit PIN to the username and password … and then to the mobile phone number.

In the payments space, she said, the key is to move beyond emails and passwords to tokenized identities and biometrics.

No Clear (Issuing) Answer Yet  

As of yet, there’s no clear “issuing authority” for the credentials that connect the digital and physical realms, she said. And the push toward advanced and real-time ways of verifying individuals and other connected stakeholders requires joint input and participation of governments and Big Tech. O’Connor Kolaja recounted that companies such as Microsoft and Apple have been making strides in harnessing the blockchain and digital wallets to transport and store government-issued identities.

“They’re not going to access that information. They don’t know what that information is, but at the same time, could they then be the issuer of this credential in time? Of course,” she said (Amazon and PayPal already have payment credentials) — but the government will have a key role here too.

Even as the private and public sectors join forces to create, maintain and promote digital IDs, she said, there needs to be consolidation in a market where 1 in 10 people have had their identities stolen. The data needs to be consolidated in order to better understand how to catch the fraudsters.

And the advanced technologies can offer additional layers of protection: biometrics and behavioral analytics have moved to the point where providers can determine that a phone “belongs” to a consumer, that the way it’s being held and handled can provide additional assurance that someone is who he or she says they are. The need to authenticate arises only when abnormal behavior is detected — and thus a step up, and a bit of friction, is warranted.

In the push toward a completely frictionless experience, said O’Connor Kolaja, the trust factor really has to be there. And that level of trust is most evident these days with financial institutions (FIs).

“A more passive way of verification — where you could be verifying behind the scenes every few minutes without the consumer taking any action — is something that will drive a different way of interaction,” she said.

Data As Foundation — And Where We’re Headed 

Data exists as the foundation to those interactions, said O’Connor Kolaja. And data can sometimes be more valuable than the transactions themselves. Picture patient-level data, that can be portable and used as individuals make their way through the healthcare system. Healthcare information can be 50 times more valuable to fraudsters than other personal information, chiefly because it can be used to impersonate an individual or even create one. Used well, and protected, the same data can enable healthcare providers to deliver a “delightful” level of service, she said.

If 86 percent of consumers want to have their digital ecosystems in place, and only 50 percent of consumers are worried about privacy, it stands to reason that some of us are willing to trade some security for convenience.

Looking ahead, we’re likely to see more levels of regulation, where, for instance, in India, no social media accounts are created without verification. Social media, she said is a lure for fraudsters, especially where millennials gravitate toward those sites to get their news and a majority of synthetic ID material (70 percent) can be cobbled together off of someone’s Instagram feed.

“We’re at a point in time in society where our reliance on these big brands and these big ecosystems are only increasing,” said O’Connor Kolaja. “We’ve got to figure out what is the right balance of safety, security and freedom.” That means giving an individual control over their identity so they can make the choices of what to release and when — and revoke access when they no longer want to have a relationship with a secondary party or a third party.

The digital front door must be a well-guarded front door, she said, but it needs to be guarded by consumers, private sector and government players alike.

Solving for the complexities of digital IDs, she said, “becomes an equation of many and not just of one.”