Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS

Transcription

1 Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS

2 Topics Consumer identity why it is important How big a problem is identity fraud? What is an identity? What is a digital identity? Consumer experience with digital identities current vs future A universal digital identity how would it work? A look into the future

3 Identity verification why it is important Enables commerce Establishes trust between parties who do not know each other Prevents fraud Prevents false declines 15% of declined credit card trans in 2015 were false positives; Nearly 40% of consumers who were falsely declined abandoned the card* Enables compliance with CIP, KYC, AML, FFIEC regulations * Source: False Positives and Card Re-issuance. Rippleshot, 2016 Referencing Javelin Study from2015

4 What is an Identity? Consumer Data / Attributes Establishes a system of trust between parties Name, address, DoB Associated w/ Government ID (SSN, ITIN, Passport, Drivers lic.) Issued or officially documented by a government: Federal, state, local Relied upon by trusting party (e.g., financial institution) Credit issuers, data aggregators may play a broker role Challenges Not very efficient Not very secure Not private! Flaws become more evident in a digital environment

5 How big a problem is identity fraud? New Account Fraud Fraudsters are adapting and moving their focus EMV enabled cards in the US transforming how and where fraud occurs Moving from POS card fraud to (NAF) The impact of fraud and the cost to your FI Cost to a financial institution is $2,712 per incident Checking and savings accounts remain the most commonly attacked Very high rate of consumers who experience NAF will ultimately switch FI s The cost of fraud to your customer Costs consumers $188 per incident NAF is the most expensive type of fraud and has the highest personal impact Consumers who experience NAF have diminished trust in their financial institution 0.74% % 2015 Source: Javelin Strategy, 2017 Identify Fraud Study 5

6 How big a problem is identity fraud? Rising Trends in Card Fraud Do you see a rising trend in CNP fraud? None Do you see a rising trend in account takeover fraud? None Minimal 18% Minimal 7% Moderate 46% Moderate 61% A lot 36% A lot 32% 0% 5% 10% 15% 20% 25% 30% 35% 40% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 55% Survey Choices: None, Minimal, Moderate or A Lot Source: FIS Fraud Survey 2016

7 How big a problem is identity fraud? Existing Account Takeover Fraud Digital accounts nearly twice as likely to be misused in 2016 Source: Javelin Strategy, 2017 Identify Fraud Study 7

8 How big a problem is identity fraud? Time Spent Resolving Issues Increased in 2016 ENCF, NAF and ATO fraud take more time to resolve because they are more difficult to confirm and the fraud amount is greater Existing Card Fraud Existing Non-Card Fraud New Acct Fraud Acct Take-over Fraud Source: Javelin Strategy, 2017 Identify Fraud Study 8

9 Digital ID Networks Streamline User Interactions Use Case AUTO-FILL PERSONAL DATA Secure way to provide personal/sensitive data (no keyboard entry) ADD NEW CUSTOMERS/ACCOUNTS Streamlined new customer/account onboarding FRICTIONLESS LOGIN ACCESS Provide improved consumer experience + better security HIGH RISK TRANSACTION Enhanced security for high-risk transactions Scenario Examples - Auto-populate address and payment info when purchasing as a visitor - Auto-populate personal info when establishing a new account - Auto-populate personal info on applications - Streamlined identity verification compliance checks (network already knows consumer and has performed checks previously) - Streamline first time authentication (network vouches for the consumer) - No more ID/Passwords to remember or enter - Reduced man-in-the-middle and key logger security vulnerabilities - Instant, secure communication & interaction with authenticated consumer - Instantly interact with authenticated consumer to verify suspicious activity before locking account or disallowing card transaction - Instantly verify with authenticated consumer any high risk activity that signals account takeover 9

10 Today s Consumer Digital ID Experience Follows Centralized Model Consumers must type in personal information to complete their first transaction or establish an account Each business entity has its own authentication protocol / requirement (inconsistent) Different consumer credential established with each business entity ID/Password fatigue has led to adoption of more consumer friendly techniques but still insecure and inconsistent across business entities Account lockouts and password resets are painful Account freezes due to false suspicious behavior alert leave consumers with a bad experience that typically affects relationship in a negative way Online Retailer B Online Financial Institution #2 Online Retailer A Online Financial Institution #1 10

11 What if the Consumer Could Provide their authenticated credential to a new business entity without needing key in or supply their personal information? Use a single, secure credential to authenticate the same way for every business entity? Receive alerts every time their credential was being used? Immediately notify every business entity they have a relationship with when their identity has been compromised? Instantly and securely confirm that they are legitimately on the other end of a suspicious transaction? Live in a world where password resets became a thing of the past? Online Retailer B Online Financial Institution #2 Online Retailer A Online Financial Institution #1 11

12 What is a Digital Identity? Mobile Devices Device Data IP Address, Geotrace, 100 s of unique identifiers Consumer Data PII data plus , phone, biometrics, etc. Secure Channel to Mobile Devices Enables secure out of band, step-up authentication, push messaging, biometrics, additional device profiling Governments Retailers Financial Institutions Device + Person Bind Rules Engine Analytics Secure Token Recognized by Why Now? Mobile devices at 70% pen rate growing! Biometric viewed more positively Fatigue with PII data breaches, passwords AI, Machine Learning are maturing Challenges How is digital ID created, issued, managed..?

13 Digital ID Network How would it work? User initiates login activity with business via the website or mobile app 1 User proceeds 5 2 Business uses Digital ID Network to get identity risk assessment and authenticate consumer Digital ID Network 4 User responds affirmatively to the Digital ID push notification 3 Authentication request pushed to user s device via secure, encrypted channel (not public SMS) 13

14 Predicting the Future Consumer Centric Digital ID Networks Networks Create More Holistic Insights Network vouches for the consumer Continuous learning across network participants enhances security for all Context-based, smart authentication Mobile Connects Consumer s Identity Ease of use Private, secure communication channel Puts consumer in control Loyalty Rewards? 14

15 A Successful Universal Digital ID Solution Will For Businesses Improve consumer experience in all interaction channels (call center, in-store, online) Improve security (thwart man-in-the-middle and key logger attacks) Treat new customers like a known entity instead of like an unknown stranger Provide instant alerts to when customer identity is under attack or at risk Minimize need to collect and retain PII data For Consumers Improve consumer experience context-based authentication Improve protection from identity theft Empower consumer to: Track use of their identity credential Specify alert rules when identity is used Instantly alert network participants when identity is being misused Include ancillary identity protection services