Webinar Recording
Prediction #3 - Identity Proofing & Fraud Reduction Everywhere
The pandemic has dramatically accelerated the shift to online transactions in most industries, with the financial industry as an example for a heavily regulated sector being in the forefront of a movement to establish a global standard that leverages the assurance level of online identity vetting (the onboarding process of a digital identity) with traditional face-to-face methods. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher together with ForgeRock's Eve Maler will discuss the relevance of identity proofing for your enterprise and why it will be one of the key topics 2022.
Website www.forgerock.com, email eve.maler@forgerock.com, LinkedIn https://www.linkedin.com/in/evemaler/
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
The topic I'd like to discuss with you is that we, we expect that identity proving and fraud reduction technologies will become way more BOUs than they are today. So we know these technologies are out for decades, but mainly used in the finance industry for financial fraud. On the other hand, we, we, we see that what, what we observe is the more and more organizations think about how can we improve the identity of partners coming in and, and with work from home. We sometimes that even are able to, to really prove the identity of a human we are onboarding. So what is your take on that?
Well, it, it is absolutely exploding and, you know, online fraud is increasing. So I think there's a lot of retail impact potentially to these, you know, at least adjacent technologies to straight ahead, identity verification, but FinTech is exploding and lend tech is exploding and, you know, thanks to open banking and kind of the open API movement. And, you know, these folks are experiencing fraud at unprecedented rates as well. And so even if you're not subject to this kind of know your customer requirement, it can be, it can look really attractive to do heavier vetting. And there's just so many different ways of doing it. Now, you know, it's all about taking in signals in order to make a business decision, which oftentimes is authorization, but in the world of consumer, I am of all stripes, it, it could be, you know, kind of top line of the business considerations that you're making a decision about as well. So, you know, even defi I shouldn't even say even defi defi is gonna need fraud reduction too. And so again, these technologies and these techniques, which have just over the last couple of years, they've really innovated. And I think that they're gonna be more and more useful to a broader audience
Yeah. With defi being decentralized finance.
Yes. Yes, absolutely. And, and, and interestingly, you know, it's, it's been the case for a long time that every kind of geographic region and jurisdiction is gonna have different constraints on how you do identity verification per se, and constraints on what kind of data is actually available to you because of privacy, considerations and other. And so you really do need kind of a, a multi-headed approach to doing it anyway, if you're, if you're a, you know, if you're a large enterprise who's global or multinational.
Yeah. And, and, and, and I, I would, that's, I think our prediction, we see this, this tendency to expand beyond even the customer consumer use cases. So I think there's a logic to do it for customers and consumers, even when there's no KYC related regulations. Yeah. But when I look at that at the forefront of, of every type of attack there's identity, there's at the end identity fraud. So there, my perspective, there's a, there's a really logic both from a process improvement and from a sort of a fraud reduction security perspective yes. Beyond sort of the traditionally use cases for identity improving and fraud reduction.
Yeah. I mean, I think there, there may be dragons there as well, if, if it's used kind of outside of the original purpose, just because of, you know, there's some privacy implications, you're becoming the custodian of very important fact, but I think you're really right about leveraging these technologies and techniques for partners. And particularly in, in ecosystems where your, your partners are really, they're smaller players than you. I used to call this B to lowercase B you know, it's, you know, car manufacturers working with dealers, or, you know, financial services working with the agents who actually sell all the product. You know, it looks a lot, it looks a lot like consumer and more and more as you were just saying, you know, in, in this world where everything's remote and people are logging in at 3:00 AM, legitimately, it's kind of messing up some of the signals. And so, you know, fraud reduction everywhere is it's becoming a more complex and subtle challenge. Yeah.
Yeah. And isn't it, it's also, I would dare to take an imperative in the digital age. So when we look at digital business, then this is about very rapidly changing partnerships. It's sometimes about sort of fast changing, but also more complex, deeper supply chains, even while I think everyone got reluctant a little bit about regarding two complex supply chains in the past year or so when they were so much disrupt, but at the end of the day, it it's still about, so also we have these requirements for instance, about supply chain, risk management, cyber security, supply chain, risk management. So all of, of these aspects from my perspective mean we need to get better. And this is why, why we believe that, that we will see an uptake because the technology's there technology is proven for years. And the benefit is very obvious because,
Well, you know, it's funny. Yeah. The, the tech, the base technologies have been around for quite some time. I think there's been a lot of innovation around remote proving, right. And, and, you know, ensuring that the, the supply chain of that particular credential is sound. And so that actually has opened up sort of new avenues for, for ensuring what it is that you're talking about. We work with what, one of the largest shipping logistics companies in the world, and, you know, they have to talk to the entire chain of folks who care about whatever it is that's being shipped. Right. So it's kind of an, a through Z series of communications. And now that, you know, there's been all these delays that people are seeing, it just lengthens the need for communicating, and it lengthens the, the opportunity. It grows the opportunity for fraud in there as well. And, and so it's just an imperative now to ensure that the, a through Z communications along with the actual physical moving of goods is sound,
Can I, there's one thing as a, as a consumer, put my consumer hat on, and I use online banking all the time on my phone, and it occurs to me sometimes. And there's a lot of trust in that. And basically I, I get online by adding a simply a, a five digit pin. And it, I, I think what happens if my phone is stolen, it wouldn't be beyond the realms of the person who stole it to work out the pin. And basically then they're into my, my bank account. And I think we, what we were talking about earlier about convenience yes. And the financial industry is certainly cracked the convenience side of online banking. But what do you think about that as a, as a, as a, as a red flag? Or is that just a, my naivety this
Not at all. I mean, I think it's very realistic and I think tying together an initial ascertain of, you know, connection to a real world identity to the entire life cycle management of that credential. I mean, it's, it's what, there's actually been some innovation in, in the standards that we use in this area, you know, in the us, there's the NIST 863 special publication, which is so it's really improved around its conveyance of assurance of not just authentication, but Federation, which is nice. And the identity as a whole, it used to be that this was all front loaded, and now it's possible to do it kind of heuristically even socially and triangulating on somebody's real identity over time. And so that's where it gets really interesting. I mean, things like an SMS, one time password, it is not much respected in the world of multifactor authentication these days for good reason.
But the nice thing is you can tie somebody what they're doing to the device. They have, you're, you're taking in a lot of signals that are silent with respect to the user, and that can be a better user experience, in fact, so, you know, I totally you're with Martin talking about, you know, security versus experience. Well, you don't have that option anymore. It's kind of gotta be both. In fact, you know, I think, you know, we were in this world where I, I joke about, you know, my new VIN of identity has four sets in it and it's in its protection and its personalization and its payment and its people. And so I think some of those silent signals that you could derive are, are actually quite valuable for ensuring a great experience while, you know, personalizing and giving service in a, in a protected way.
So, so, so we have everything we need, we just need to use it at the end. Yes. I think that's the cool thing here. The technologies here, the problem is here. We just need to bring it together. And this is what gives me hope that we will see a huge uptake of that. And, and I think at the call to action clearly is to organizations to think about how do you apply these technologies to broader use cases?
Yeah. Yeah. I mean, my advice there would be, be responsive in your approach. Meaning look at the circumstance, look at the channels, look at, you know, the experience somebody expects and be fine grained in your approach, which is not only friendly to zero trust kind of, you know, approaches, least privilege approaches, but also from the experience perspective so that you're not asking more than it is appropriate for the circumstance.
Well, it, it is absolutely exploding and, you know, online fraud is increasing. So I think there's a lot of retail impact potentially to these, you know, at least adjacent technologies to straight ahead, identity verification, but FinTech is exploding and lend tech is exploding and, you know, thanks to open banking and kind of the open API movement. And, you know, these folks are experiencing fraud at unprecedented rates as well. And so even if you're not subject to this kind of know your customer requirement, it can be, it can look really attractive to do heavier vetting. And there's just so many different ways of doing it. Now, you know, it's all about taking in signals in order to make a business decision, which oftentimes is authorization, but in the world of consumer, I am of all stripes, it, it could be, you know, kind of top line of the business considerations that you're making a decision about as well. So, you know, even defi I shouldn't even say even defi defi is gonna need fraud reduction too. And so again, these technologies and these techniques, which have just over the last couple of years, they've really innovated. And I think that they're gonna be more and more useful to a broader audience
Yeah. With defi being decentralized finance.
Yes. Yes, absolutely. And, and, and interestingly, you know, it's, it's been the case for a long time that every kind of geographic region and jurisdiction is gonna have different constraints on how you do identity verification per se, and constraints on what kind of data is actually available to you because of privacy, considerations and other. And so you really do need kind of a, a multi-headed approach to doing it anyway, if you're, if you're a, you know, if you're a large enterprise who's global or multinational.
Yeah. And, and, and, and I, I would, that's, I think our prediction, we see this, this tendency to expand beyond even the customer consumer use cases. So I think there's a logic to do it for customers and consumers, even when there's no KYC related regulations. Yeah. But when I look at that at the forefront of, of every type of attack there's identity, there's at the end identity fraud. So there, my perspective, there's a, there's a really logic both from a process improvement and from a sort of a fraud reduction security perspective yes. Beyond sort of the traditionally use cases for identity improving and fraud reduction.
Yeah. I mean, I think there, there may be dragons there as well, if, if it's used kind of outside of the original purpose, just because of, you know, there's some privacy implications, you're becoming the custodian of very important fact, but I think you're really right about leveraging these technologies and techniques for partners. And particularly in, in ecosystems where your, your partners are really, they're smaller players than you. I used to call this B to lowercase B you know, it's, you know, car manufacturers working with dealers, or, you know, financial services working with the agents who actually sell all the product. You know, it looks a lot, it looks a lot like consumer and more and more as you were just saying, you know, in, in this world where everything's remote and people are logging in at 3:00 AM, legitimately, it's kind of messing up some of the signals. And so, you know, fraud reduction everywhere is it's becoming a more complex and subtle challenge. Yeah.
Yeah. And isn't it, it's also, I would dare to take an imperative in the digital age. So when we look at digital business, then this is about very rapidly changing partnerships. It's sometimes about sort of fast changing, but also more complex, deeper supply chains, even while I think everyone got reluctant a little bit about regarding two complex supply chains in the past year or so when they were so much disrupt, but at the end of the day, it it's still about, so also we have these requirements for instance, about supply chain, risk management, cyber security, supply chain, risk management. So all of, of these aspects from my perspective mean we need to get better. And this is why, why we believe that, that we will see an uptake because the technology's there technology is proven for years. And the benefit is very obvious because,
Well, you know, it's funny. Yeah. The, the tech, the base technologies have been around for quite some time. I think there's been a lot of innovation around remote proving, right. And, and, you know, ensuring that the, the supply chain of that particular credential is sound. And so that actually has opened up sort of new avenues for, for ensuring what it is that you're talking about. We work with what, one of the largest shipping logistics companies in the world, and, you know, they have to talk to the entire chain of folks who care about whatever it is that's being shipped. Right. So it's kind of an, a through Z series of communications. And now that, you know, there's been all these delays that people are seeing, it just lengthens the need for communicating, and it lengthens the, the opportunity. It grows the opportunity for fraud in there as well. And, and so it's just an imperative now to ensure that the, a through Z communications along with the actual physical moving of goods is sound,
Can I, there's one thing as a, as a consumer, put my consumer hat on, and I use online banking all the time on my phone, and it occurs to me sometimes. And there's a lot of trust in that. And basically I, I get online by adding a simply a, a five digit pin. And it, I, I think what happens if my phone is stolen, it wouldn't be beyond the realms of the person who stole it to work out the pin. And basically then they're into my, my bank account. And I think we, what we were talking about earlier about convenience yes. And the financial industry is certainly cracked the convenience side of online banking. But what do you think about that as a, as a, as a, as a red flag? Or is that just a, my naivety this
Not at all. I mean, I think it's very realistic and I think tying together an initial ascertain of, you know, connection to a real world identity to the entire life cycle management of that credential. I mean, it's, it's what, there's actually been some innovation in, in the standards that we use in this area, you know, in the us, there's the NIST 863 special publication, which is so it's really improved around its conveyance of assurance of not just authentication, but Federation, which is nice. And the identity as a whole, it used to be that this was all front loaded, and now it's possible to do it kind of heuristically even socially and triangulating on somebody's real identity over time. And so that's where it gets really interesting. I mean, things like an SMS, one time password, it is not much respected in the world of multifactor authentication these days for good reason.
But the nice thing is you can tie somebody what they're doing to the device. They have, you're, you're taking in a lot of signals that are silent with respect to the user, and that can be a better user experience, in fact, so, you know, I totally you're with Martin talking about, you know, security versus experience. Well, you don't have that option anymore. It's kind of gotta be both. In fact, you know, I think, you know, we were in this world where I, I joke about, you know, my new VIN of identity has four sets in it and it's in its protection and its personalization and its payment and its people. And so I think some of those silent signals that you could derive are, are actually quite valuable for ensuring a great experience while, you know, personalizing and giving service in a, in a protected way.
So, so, so we have everything we need, we just need to use it at the end. Yes. I think that's the cool thing here. The technologies here, the problem is here. We just need to bring it together. And this is what gives me hope that we will see a huge uptake of that. And, and I think at the call to action clearly is to organizations to think about how do you apply these technologies to broader use cases?
Yeah. Yeah. I mean, my advice there would be, be responsive in your approach. Meaning look at the circumstance, look at the channels, look at, you know, the experience somebody expects and be fine grained in your approach, which is not only friendly to zero trust kind of, you know, approaches, least privilege approaches, but also from the experience perspective so that you're not asking more than it is appropriate for the circumstance.
Stay Connected
Related Videos
How can we help you