More businesses than ever are using biometrics to make sure that people accessing services and making transactions are who they say they are.
But as Jumio Chief of Digital Identity Philipp Pointner told PYMNTS in an interview, efforts to establish verification standards are currently bifurcated. On one hand, documents issued by the government are opening the doors to digital verification. Indeed, research done in collaboration between PYMNTS and Jumio has noted that 73% of respondents support using a government digital ID solution to access public online services. And then there are the private sector’s own identity initiatives, which are not connected to government services.
As Pointner posited, we’re long overdue for a convergence of those two worlds — a form of ID with government-grade security that holders can also use to access private-sector services. Taking a page from developing practices seen in Europe, the core goal rests with the transparent collection, exchange and use of data.
“There should be a purpose defining what you are allowed to do with the data — and then, outside of that purpose, you’re not allowed to use the data,” he said.
Read more: How Identity Has Become The ‘Linchpin’ Of The Digital Economy
Here in the U.S., we’re seeing some adherence to those principles through the California Consumer Privacy Act and other initiatives.
Building the ‘Trust Reputations’
Companies are increasingly aware that they need to build up their “trust reputations,” and PYMNTS has found that nearly half of companies surveyed intend to invest in digital authentication solutions.
“Once you reach that conclusion, you automatically need to secure your customers’ accounts,” Pointner said. “You need to understand who people are when they interact with you on the mobile phone, on the traditional web browser, over the phone, via email. So, you need actually to identify people on all of these different channels that they use to interact with your brand.”
As Pointner told PYMNTS, the great digital shift seen throughout the pandemic has been one in which consumers have gained more insight into how data are collected and shared — and have also sharpened their knowledge of how the enterprises with which they do business are interconnected.
There are still some gaps here and there. The conversation between PYMNTS and Pointner came against a backdrop in which most consumers believe that their social media activity is either “not very” or “not at all” secure.
He noted that the social media world operates with a nuanced understanding of security means. Most people posting on social media know that what they post on social media will find its way into the public eye, but more people are becoming more aware that behind the scenes, various firms are able to analyze the messages and data sent between friends and can target advertising and content to consumers.
“Sometimes, parties get access to information and use it in ways that you don’t expect,” said Pointner, who added that “there are the expectations that something should be private, and then there is the reality of what happens.”
There’s also been an increase in the activity of malicious actors seeking to impersonate your friends or relatives — and maybe even trying to take over your profile.
The first step in combatting the threat, no matter the vertical, he said, lies with awareness.
Growing Corporate Concern
Roughly half of all large firms said they believe that having digital processes for customer identity verification is more important than ever. But Pointner said that, by and large, they’ve traditionally tried to take brick-and-mortar processes and adapt them to internet use.
“That just does not work because you wind up with the endless forms that the consumer needs to fill out — and pages of tasks that the consumer just won’t complete,” he said.
As Pointner said, companies bringing more operations online must ask themselves a key question: Are they doing it correctly? Many firms have been grappling with a deluge of customer support calls and manual workflows when they should be seeking to automate onboarding and authentication, as well as processes tied to identity.
That’s where mobile-first challenger banks have what Pointner termed “a significant advantage” because they can design products and services with the user journey as a key consideration from the very beginning.
“Online, everything is about convenience,” he said. “Everything is about the brand perception. Everything is about usability.”
Key to those considerations, for challenger banks and traditional players alike: a seamless and streamlined identity process.
A Platform Approach to Security
Pointner said that platforms and tools from companies like Jumio can help clients build optimal onboarding and ID proofing processes. Consumers are four times more likely to show their ID if there is a clear explanation of why it is needed.
“Just giving the user guidance and information at the right moment in time improves conversion rates dramatically,” Pointner said.
There’s already increasing familiarity on the part of consumers with ID processes underpinned by biometrics. PYMNTS and Jumio joint research has found that more than a third of all consumers surveyed said they’re already using biometric data while traveling.
Almost 90% said they’re satisfied with this experience. Pointner noted that the very practice of matching faces to official documents has been firmly entrenched in the travel industry for decades. After all, Transportation Security Administration (TSA) agents have long been doing that matchup of passports to faces. With scanners and cameras, more recently, the process simply has become more automated.
See Also: Securing Personal Identity With Digital ID Connected to User Biometrics
With automation, he said, there’s a broader range of options for verification. It could be the face or it could be the finger. But he cautioned that it’s important to use providers and third parties to make sure that biometric IDs are being done correctly.
“You cannot rely on the capabilities of the phone because the phone hardware, by definition, is vulnerable,” Pointner said. “If you want to do it right, if you really want to create a level of assurance that can match government grade [documents] or full [know your customer] and regulated environments, you need a third-party application to do the biometrics.”
Looking ahead, he said, an app might conceivably be secured by a consumer’s government, holding traditional personally identifiable information, as well as data about licenses and memberships, card-level details and other information all offered up by consumer consent.
“That data can be shared with the click of a button and maybe the scan of your face to make sure that it is actually you that is using that identity,” Pointner said. “Imagine all the places online and in the real world you can go as you use that identity — from one vendor to another, from one service to another, from one country to another.”
As he told PYMNTS: “These are the promises of digital identity.”