In this episode Frank is joined by Nguyen Nguyen, VP of Professional Services for APAC and Claudio Briceno, VP of Professional Services for the Americas. They explore sovereign identity and discuss who should own and inform it.

Transcript

Frank:   Hey everybody, welcome to another edition of Digital Identity 360. I am super honored and privileged to have Claudio Briceno, who is our VP of Consulting Services for the Americas, as well as Nguyen Nguyen, our VP of Consulting Services for APAC. Both are valued colleagues. In fact, Nguyen and I go back probably 15 years or something in the industry, done a lot of work together. And Claudio has been doing amazing work for us here in the Americas.

Frank:   Gentlemen, thanks very much.

Claudio:   Thank you.

Nguyen:   Thank you very much. Thanks for having us.

Frank:   Yeah, it’s a pleasure. It’s not often, folks, that we get a chance to have kind of a global view of the consulting services, or really be able to talk through some of the issues that we’re seeing as an organization. So, maybe talk a little bit, starting with you, Nguyen, about the things you’re seeing in APAC, maybe some of the trends that might be different from the Americas, and certainly trends that are maybe evolving and new threat vectors in your area.

Nguyen:   Sure. APAC is interesting. You have some of the most mature economies in the world in APAC, but you have, certainly, a lot of emerging economies. So some of the initiatives by some of those organizations that are in Asia-Pacific include a lot of financial inclusion initiatives. You also have a lot of eCommerce that is coming onboard and trying to reach the mass in Asia-Pacific. Now, in terms of threat vectors, obviously, as these initiatives are getting off the ground and security measures are not necessarily in place yet for some of those organizations, there’s a lot of exploitation of vulnerabilities in those regions. Malware is still a huge one for Asia-Pacific, especially targeting financial sites and financial services. So if you take a look at how the market is moving in Asia-Pacific, you’re taking a look at a lot of eCommerce players that are coming on board, the likes of some eBay comparables in the region. But also, if you take a look at financial services, you have a lot of online lenders that are popping up, and then, obviously, micro financial institutions that are essentially trying to do everything through mobile, so think of the digital banks without brick and mortars.

Frank:   It’s interesting, Nguyen, because I think more … probably also in Latin America, but more so in APAC the vast majority of the touchpoints we have with the digital world are through mobile devices. And so I think whereas in the western part of our geographies we’re still pretty heavily PC, Mac, web interface-based. In your part of the world we’re seeing a lot of the mobile traffic, and that speaks to the requirement to have an authenticated digital identity that can travel between devices and concepts. So in your world, much more mobile than probably we’re seeing here.

Frank:   Claudio, what about your world?

Claudio:   Well here what we’re seeing is a continuous effort in terms of identity spoofing, and millions and millions of bot attacks that we are preventing every single quarter. And when it comes to the positive side we see our customers embracing our work consortium model and taking it to the next level. And in a global economy, with our frontiers, if you will, and with the capability that mobility gave us in terms of transacting using our mobile phone, our mobile transactions are growing about 50% in terms of what we’re seeing compared to the total number of transactions that we process every day. So having said that, we are kind of realizing the need of a better way to identity. And our customers are embracing that concept in terms of asking themselves, “What other scores can I get?”

Frank:   For sure. It’s interesting, I had a meeting this morning with some top folks in the airline industry and they provide a lot of data assets to airlines. And it’s one of the top imperatives still is cross-border shopping’s impacting them. You know, I want to fly to Brazil, I try to book a flight with a Brazilian airline with a card that’s from here. They don’t recognize it, they don’t recognize me, and so they cut me off. And yet, a legitimate customer walks away. You’ve lost market share, you’ve lost customer good will, et cetera, so I think this whole concept of identity and how we use it across the use cases is very interesting. Before I dive into a curve ball called sovereign identity, I want to just hit on something else you said, Nguyen, in terms of financial inclusion. Banks are looking for more customers. Fintech companies want more customers. And the reality of this is that legacy authentication systems are completely almost useless as it relates to people that really haven’t been in the system for a very long time. We call them the underbanked or the people that just aren’t banked at all. And I think it’s really telling how, as we build these identities, they can in fact be used to solve the problem of more inclusion, right? The banks can take bigger risks, the fintech companies take bigger risks because they can rely on our view of a person across the multiple industries that we serve as a company.

Frank:   But speak to the consortium model, because we talk a lot about consortium internally and we understand what it means. Maybe tell the folks exactly, what is this thing?

Claudio:   Yeah, so by definition we’re a consortium, right? Everybody contributes with data that can be used to assess the risks of a transaction by anybody that uses our services. But at some point in time maybe there could be a better way to understand your rejection rate or your attachment to risk or not risk. And so if two parties within our extended global consortium agree on the protocols, agree on the procedures and what the lists of black, white watch might mean, then they will have a better confidence of our making a decision based on that information coming from a group of trusted sources. So, that applies to every single industry today, including banking of course, eCommerce et cetera. And customers that can agree on that view of the world, they can leverage our global consortium, but in addition to that if Frank says that that’s a bad transaction or a bad actor, I’ll trust Frank because we’re in the same industry and I will call tech center where there are procedures to put somebody in a black or white list or target them, whether with good or bad behavior. I’ll agree and we can trust our assessments.

Nguyen:   To add to that, though … Sorry, Frank. To add to that, the consortium is extremely important to our customers and how they leverage our platform for risk mitigation, but I think one of the key points is not simply just relying on peers to say that this is either good or bad, but the ability to dynamically do this in real time, because we can rely on not only history but context as well, so that we can evaluate whether the users are indeed who they say they are, and whether they should be trusted or not.

Frank:   Sure. I mean, the real-time model is the key to this whole thing. The other thing that’s interesting and it’s gonna lead to my softball … my curve ball question I should say, the consortium is built on this concept of shared risk penchants. You know, banks act like banks. eComm companies act like eComm companies, and therefore when Bank A, Bank of Claudio says, “This is a bad actor. Don’t trust him,” Bank of Frank says, “Hey, we have a similar view of the world, we have a similar risk profile and tolerance. We’re gonna rely on that assessment and say “yeah, we agree this individual is probably not a good individual.” So it creates, I think, an added layer of confidence as it relates to the people we’re dealing with because we’re sharing information not just about the individual’s transactional profiles but also about our determinant outcome of that transaction saying, “Look, it didn’t work, we didn’t like it, and so we’re gonna trust it.” So, sovereign identity … I think in the digital identity world there’s a lot of buzz now about sovereign identity, the concept really being that at some point in the identity cycle the individual has to be able to have some input or say into their identity. Much like I own my likeness, if you take a picture of me for commercial purposes, unless it’s in public I need to be rewarded. Consumers are now clamoring and saying, “Hey, we should have some say in how our identity is formed and informed.”

Frank:   And so there’s an interesting dynamism here and some tensions. The tension is, who owns this thing? Some would argue government should own it, some would argue the individual should own it and some would argue somebody in the middle should own it. So that’s one tension. And the other tension is, how do you inform it? So I want to just pose the question, kind of as a curve ball. Answer those three questions. Who should own it?

Claudio:   That’s an easy one, the government should not own it.

Frank:   The government should not own it, there you go.

Nguyen:   And, if the users own it then they have the ability to potentially manipulate their risk rating, if you want to call it that. So I think an independent third party or third party custodian of these identities is where the sweet spot lies, one, because obviously they’re independent. But the other part of it is that if governments own it, and it’s not just one, it’s multiple governments, then which government sovereign identity matters, and-

Frank:   And how do you weight it?

Nguyen:   How do you weight it?

Frank:   Is the US identity worth more than the Chilean identity? I mean, your reaction was visceral. It can’t be the government, but the reason is that there’s really no understanding of which one do I trust more or less, right? So I think that’s true. On the other hand, as you said Nguyen, and it’s very interesting, if the individual owns it then they’re gonna by necessity do everything humanly possible to make it better.

Nguyen:   Right, exactly.

Frank:   Right? And so you can’t have the individual owning the identity because the individual will say, “Hey, I should have a 850 FICO score,” right? That’s going to happen every time . So, it has to be somebody who is an independent steward of data, but I think here’s what’s key to this, not just independent steward of data but somebody who isn’t using the identity to market services to it, to have a hidden agenda. It literally has to be someone who says, “Look, I have this asset called your identity. And I’m informing it based on,” as you said earlier Nguyen, “real-time behavior in a certain network.” And hopefully the network is broad enough to cover the totality of your online activity. I can share it with governments because it’s based on real eComm stuff so governments can trust it without having to worry about whose transnational identity is the one that we should work on. And equally importantly, there’s no agenda. It’s simply designed to eliminate friction and authenticate people to whatever transactions they’re working towards.

Frank:   It’s a lot of stuff going on there.

Nguyen:   Yeah, absolutely. And if you take a look at today’s world and the number of services that we have and number of applications that are on our phones that require us to sign up and log in and remember the credentials, it leaves a lot of different points of failures. And if you move towards the sovereign identity space it gives you the ability to manage one and mitigate the risk of having that many different siloed identities at all of these different service providers.

Frank:   Yeah. Claudio, closing thoughts?

Claudio:   Well, to my point again, we have this digital capacity today up and running. We have a global consortium. Any consortium built on top of our consortium will take advantage of the foundation of our digital global network. On top of the assessment of trusted sources, our assessment of behavior is still a part of our solution, so it’s a next step into providing customers more and more value.

Frank:   It’s interesting because I want to end on that value point. What’s super exciting about this stuff we do, gentlemen, is that at the end of the day this great technology, this real-time massive hundreds of millions of transactions per day network manifests itself in being transformational in this sense. People that don’t have access to capital get access to capital. People who can’t buy services now get access to services. People who are underrepresented in the global economy now have an ability to say, “Hey, I have a mechanism with which to participate.” And that’s life changing. Right?

Claudio:   Indeed, indeed. The fact that they are a part somehow of this developed global network could mean many things for them in terms of inclusion – when they are facing challenges with different parts of their own lives.

Frank:   There you have it, folks, two of our subject matter experts, Nguyen Nguyen our VP of Consulting Services in APAC, and Claudio Briceno our VP of Consulting Services in the Americas, both steeped in this heady stuff of sovereign identities and digital identities, and we’re delighted to have them as part of the team. Check them out.

The post What is Sovereign Identity? appeared first on LexisNexis Risk Solutions | ThreatMetrix.