Vlog: Marrying ID and Authentication
In this vlog, our CSO, Mike Engle, and CMO, Michael Cichon, discuss marrying ID and authentication.
Michael Cichon:
Good morning, Michael Engle, Chief Strategy Officer at 1Kosmos. Welcome back to the vlog.
Michael Engle:
Thanks Michael. It’s great to be here.
Michael Cichon:
I asked you here this morning because we’re starting to hear quite a bit about the PSD2, the Payment Service Directive, Revision Two in Europe principally and a lot of the strong customer authentication requirements that regulation calls for. I’m curious what you’re seeing out there. You’re talking to a lot of customers. What are you seeing out there? Are they concerned about this? Are they talking about it?
Michael Engle:
Yeah. Everybody’s excited about this now that it’s mandated where you have to ask a user for strong forms of authentication before they do certain types of transactions. We used to dance around it and we still do here in the United States. Right? It’s still not mandatory here. But in areas where it is mandated, they’re really struggling with how to engage with the customer the right way. So we’re getting hit on this on all angles at this point.
Michael Cichon:
So yeah, engaging customers in the right way. I talked to a colleague yesterday who’s in the security space and I think the stat that he mentioned that kind of stuck into my mind was 17% on average dropout rate, a shopping cart dropout rate across Europe. That’s pretty extraordinary I thought.
Michael Engle:
Yeah. And it doesn’t surprise me. Here in the U.S. we very rarely get forced into an authentication event when you go to checkout but it did happen to me recently. I went and bought a new Dell laptop and when I got to the checkout process, my credit card issuer got injected into the process, popped up a window. They had to send me a text message and I went and completed that. But they’re using their password and then it came back to Dell and they do that for the smallest of transactions in Europe because of this mandate. It is incredibly painful. So what the new form of this regulation allows is the merchant to stay in control of that the entire time by implementing better authentication, but you still need to do it in a way where it doesn’t upset the customer or you’ll have that cart abandonment. So there’s a number of ways to do that by marrying a strong identity with that authentication exercise.
Michael Cichon:
I got that. So I know that we’re not the only ones seeing this. I think Gartner Group has covered this and they’ve got, I think, it’s a three pillar architecture or something. Are you familiar with that?
Michael Engle:
I am. Yeah. So yeah, the Gartner piece is called The Market Guide For Online Fraud Detection and they talk about there being three pillars. There’s how you identify somebody, how you authenticate them, and then when you use fraud signals to either ask them for more identification or more authentication. So this three pillars have often been siloed. You do this one time when you onboard. You’re authenticating all the time and your fraud signals have their own way of dealing with problems like just maybe abandon the transaction. So by putting these three activities together, you have a much better chance of delighting the customer and reducing fraud at the same time.
Michael Cichon:
Right. So it’s no secret that at 1Kosmos, we cover two of those pillars, the identity proofing and the authentication. And the identity proofing, I think when you look at banks they’ve got their legal requirements for knowing your customer. It just seems to me that a lot of the issues in authentication start in that identifying your customer. So it’s maybe not just a legal requirement for businesses, merchants and banks, but maybe a business requirement for these folks as well, to truly understand with a high level of certainty who their customers are at the very early stages of onboarding. And then make that onboarding as seamless and painless as possible.
Michael Engle:
Yeah. That’s where the real new opportunity comes, right? Because we all now have very strong forms of biometric capture and places to keep secrets inside of our trusted computers. We can really work with the customers in new ways. And we’re seeing lots of high-risk transactions do that where your banking app now has a strong authenticator out of the box, but you can do that now across lots of different verticals as well. So we’ll continue on that journey with them.
Michael Engle:
Really the beauty of it comes when you can tie together that strong identity proofing, onboard a user, gently ask them for more proof when it’s needed, and then provide a biometric when it’s time to check out. A biometric lets you basically touch your device or look into it, transaction goes through. And the old days of fetching insecure, second factor code from your email or text message are hopefully not going to be around too much longer.
Michael Cichon:
Great. So we’ve got a ton of content on our brand new website about identity proofing, about authentication. It’s that third pillar that I’m kind of curious about your take on and that third pillar are these fraud signals. From my background at ThreatMetrix, I saw this in real life, right? We had a machine learning approach to this. We looked at behavioral history. We had a large enough transaction base that we are able to determine with a high level of certainty whether we thought a log-in was fraudulent. And we did that passively, right? It was behind the scenes for practical purposes. A lot of people didn’t even know what’s happening in the background and it happens in nanoseconds. We’re talking about maybe 50, 60 milliseconds. How are we at 1Kosmos accommodating that third pillar, those signals, those risk signals coming from these types of engines?
Michael Engle:
Yeah. We’ve done some really neat work with a couple of companies that do fraud for a living. For example, RSA has their adaptive authentication product right now called Outseer. But they take all kinds of signals from a session, IP address and risk of the transaction, and they allow you to make a determination that I need to go ask this user for more proof of who they are. And they’ll reach out to us, we’ll go grab a thumbprint or a face scan within one or two seconds and the transaction goes through. So that’s an example where you’re marrying the identity in our product with a fraud engine.
Michael Engle:
And another would be BehavioSec, they can tell how you’re human and how you engage with a webpage or a mobile app. So only bother the user if it’s not the user that was there five times before. For example, something’s changed, the way they move their mouse or type on a keyboard. Again, somebody’s typing differently here, let’s just get a second knock on the door and verify that they are who they are. And that really rounds out Gartner’s story of those three pillars coming together and we’re excited to be doing that with customers today.
Michael Cichon:
That’s pretty amazing. It’s the digital noose, if you will, seems to be tightening around people trying to trick these online systems now. All right. Great. Any other perspective on this strong customer authentication environment? Any other lenses we should be looking at this challenge through?
Michael Engle:
No, just that when you do implement this stuff, you’re actually making your infrastructure easier. So it’s obviously the customer comes first, but trying to solve these customer challenges with fraud detection and so forth. You’re often layering in all these other tools and we’re seeing a consolidation of these tools into single platforms. And Gartner’s calling that out as well as other analysts. So we think we’ve got the right solution to make things easier yet more secure. So we’ll see how that flushes out over the next year.
Michael Cichon:
Yeah, that’s awesome. So kind of a simplification of that infrastructure, probably the nest standards play into this as well. The standards of kind of calling for the need or making sure these systems are interoperable. And then there’s as you simplify certainly the cost and complexity and overhead angle. So this is great. I appreciate the insight. Appreciate the time this morning, Mike. Thank you very much.
Michael Engle:
Thank you. Have a great day.