Experian exec on recognition gap, enterprise IAM progress and the biometrics layer
Physical biometrics are the most secure form of identity verification, 81 percent of consumers around the world say according to Experian’s recent Global Identity and Fraud Report. The importance of security to consumers seems not to be clear to many organizations, however, and a disconnect between how well businesses feel they are able to recognize their customers, and how recognized those customers feel is one of the survey’s main takeaway’s, Experian Head of Global Identity and Fraud Product Innovation Mike Gross told Biometric Update in an interview.
Despite 95 percent of businesses saying they are confidant in their ability to identify customers and recognize them on returning, 55 percent of consumers say they do not feel recognized when conducting business online.
Part of the disconnect may be in the way that each side defines recognition, Gross points out. Businesses often seem to be content with being able to authenticate the customer on return.
“That’s great but if it’s not a really secure mechanism of recognition, and I’m not protecting my customers from their accounts being compromised, am I really doing an effective job of recognizing them?” Gross asks rhetorically. “Do I recognize the consumer or do I recognize a log-in credential? What we found is that there’s so much username and password use still, there’s a misnomer around how many businesses actually recognize their consumers.”
One client came to Experian with seven different versions of the same identity in its system of record, Gross reveals. Doing a better job of recognizing consumers enables business to offer experiences that are personalized and seamless, while providing stronger security.
The way to achieve this, Gross suggests, is by layering technologies, possibly including physical or behavioral biometrics in the appropriate way. The survey shows that organizations are all taking or planning to take a layered approach, and Gross says they are increasingly doing so in a smarter way. That smart approach to adding layers is improving user experiences with many organizations, but Gross also warns that some organizations appear to have their priorities confused.
Many businesses are “so hyper-focussed on delivering that great consumer experience that they’re often sacrificing security,” despite more than three quarters of consumers saying security is most important, with convenience a secondary priority. Working towards a frictionless experience is part of companies’ differentiation strategy, but customers have baseline expectations around account and data security.
The way forward is not necessarily to deprioritize customer experiences, but to provide those experiences with the same kind of data and tools that can also enable greater personalization and security.
Some organizations seem to have the misconception that consumers are not willing to share personal information or biometric data, but Gross notes that the survey shows over 70 percent consumers would do so if they perceive a benefit, whether in greater security, convenience or both.
“What we found is that the more transparency organizations provide to consumers, the more willing those consumers are to provide more data to those businesses,” Gross says.
That observation fits with the findings of a recent survey from Trulioo, in which more than half of consumers said they are willing to share their biometric data for seamless digital ID verification when opening a new account.
With a pandemic-driven explosion in remote onboarding, identity verification and authentication to enable employees to work from home occurring just as the report was released, remote logical access security has now become front-of-mind for organizations out of necessity. Gross observes that the challenge is often compounded by capacity crunches, forcing organizations to set policies excluding some applications from running on the VPN.
“The whole phishing landscape or attack space has been completely changed.”
Fraud losses were already increasing for 57 percent of organizations, and a big push was already on for the use of biometrics with other identity and access management capabilities, but Gross has not observed a rush to invest in new technologies like biometrics as work-from-home has become the norm. However, he notes, the adjustment “absolutely has implications for the future. I think planning for the next crisis or pandemic, organizations need to take a very hard look at how they can enable more seamless experience because I can assure you most organizations, and large organizations in particular, went through some major pain to be able to adjust to a 100 percent remote workforce from where they were a couple of months ago.”
“I predict that we’ll see a lot more of these organizations starting to layer in a biometric right after that strong ID proofing, so that they can enable that more secure, personalized, engaging experience for their customers downstream,” Gross says.
For companies putting biometrics in place, Gross cautions that they must be implemented correctly, like any technology. Some businesses have made they mistake of procuring biometric solutions that are implemented as options for users to enroll on log-in after the onboarding process is complete.
“Now your biometric is at the mercy of a username and a password,” he warns.
A lot of organizations will be looking for the right layers, and the right way to implement them, as they undertake digital enablement initiatives, adjusting to a new way of working that may remain common when the lockdowns are over. Any companies tempted to operate with a remote workforce have now had a taste of what they are capable of without the expense of office space for everyone.
“They’re going to increasingly do it, and they’re going to look for technologies that allow them to deliver a better experience for those remote workers,” Gross forecasts. “That’s where things like biometrics and IAM providers are well placed to satisfy those needs, but I think it was just too early in that lifecycle, most organizations hadn’t done a lot of exploration around those technologies yet.”
With the benefit of hindsight, and a little more time to adjust, companies may find a way to make customers and employees feel recognized. They will be better prepared for the next time their offices are shut down, and they may even turn the tide on digital fraud.
Read more from this interview series
Biometrics are enabling trust for access control and fraud prevention during the pandemic and resulting social change, and the industry impact could be major and lasting.