Every day customers are forced to hand over masses of personal data to organisations they hardly know, while banks and other providers introduce increasingly restrictive payment measures which are difficult for users to adopt and costly for businesses to implement.
Many methods of securing transactions are not only tedious and invasive for the end user, but also result in lost revenue for companies due to a high drop-off rate. Two-factor authentication is too difficult, password policies are too complicated, and often many people give up before payment is completed.
So how can organisations hold on to customers while doing it in such a way that is secure and builds trust?
This is where the identity revolution comes in.
According to Craig Vallis, chief executive of British privacy pioneers Solfyre, the idea behind the identity revolution is that individuals are being made more aware of their information – what information they’re handing across, willingly or unwillingly – and how to take control of this information.
“It’s around consent”, said Vallis. “What we’re finding is that people are obfuscating their information, so when they’re forced to hand over information they purposely put in false data.
“If the collection is done in a consenting manner and I trust you, I’m actually going to give you the truth: For example, I’m happy to tell you that I’m 43 years old, but I’m not necessarily happy to give you my date of birth. Generally companies just need that age demographic, so they need to ask themselves – do we need the date of birth?”
“Also, having that data also then becomes a liability – because companies hold dates of birth they’re a target. You just need to look at what happened to TalkTalk last year to see what could happen.”
Solfyre’s solution to addressing the issues around password security and consumer privacy is ‘SID’: A mobile app which encrypts a user’s passwords. When the user wants to log in to a website on their desktop it generates a one-time QR code for two-factor authentication.
The company claims this is a quick and easy way to securely log in without having to constantly remember multiple passwords, and none of the user’s information is stored with Solfyre or on their cloud. The solution has so far proved popular with tech fans, with Solfyre recently winning in three categories at the Tech Trailblazers Awards.
Solfyre is also moving towards biometrics for authentication purposes, but Vallis cautioned organisations against putting all their eggs in one basket: “In time we’re going to find that fingerprints and fingerprint technology will be compromised. The problem with a fingerprint is that they cannot be reissued, so when somebody is able to accurately replicate my right thumb print there will come a stage where we’re no longer going to trust them.
According to Vallis, the next steps in security will be around multifactor: “We need to have the risks spread across many biometrics – including things like voice recognition that HSBC recently announced.
“Constantly updating biometric and other information such as your geographic footprint – where you go to work, where you live – that’s how your signature becomes secure. The more factors that we utilise for this, the more difficult it is for somebody to spoof.”
So where do FDs come in to this identity revolution?
As many FDs have ultimate responsibility for their company’s technology policies, they can be the ones responsible for driving the shift towards the identity revolution.
“The one thing I’d like to reiterate to FDs around the identity revolution is that they’re going to be the catalysts in how their businesses view identity and personal data – both as an asset and a liability”, said Vallis.
“At the moment what doesn’t build trust destroys trust. It’s important for users to continue trusting the organisation, and if they realise that those at the top of the company are serious about identity and personal data, and serious about implementing security and cyber security, then they will trust them more.”
In terms of solutions, Vallis was obviously keen to emphasise the benefits to using systems such as Solfyre’s. “The main benefits are securing the transaction for the company and securing the experience for the user – as well as building trust between the two.
“For financial directors and controllers, they’re going to have a rigorous system in place for all their transactions, whether that’s in the physical world or the internet.
“Our system offers that same rigour unwritten by GPS location, biometrics (whether that’s a touch ID, facial or voice recognition), or other factors. It takes the ‘know your customer’ to the nth degree and can really add value to your business.”