The fundamental unit of trust in any transaction lies in identity — namely, ensuring that the person who shows up to transact is who they say they are. It’s also the most highly regulated part of any financial transaction.
“The identify verification that happens before accounts are opened are where governments and regulatory bodies very much tell you to do things in a certain way,” Boku CEO Jon Prideaux told Karen Webster in a recent conversation.
It’s a process that doesn’t leave much room for interpretation — either you are compliant or you’re not — and one in which companies tend to bring in a partner who can make the process of achieving and maintaining compliance less painful.
Yet it’s also a process that’s built around checking an individual’s credentials against various static data sources to confirm that person is who they claim to be and are not on any kind of watch list.
And it’s a process that, in a dynamic digital world, does not lend itself well to static data sources.
Prideaux told Webster that identity is a “big canvas,” and establishing the identity of parties is much more than a “one-and-done” check against a list. Making sure the person is authorized to use those credentials is critical to establishing trust — and it’s the sweet spot in which Boku operates.
Boku, through Boku Identity, authenticates consumers using a device that is an intrinsic enabler of the trust: the mobile phone. As Prideaux noted, a device that more than 75 percent of the planet’s adult population has in their possession can do a lot of authentication’s heavy lifting — both quickly and quietly, from the consumer’s perspective.
“We are not focused exclusively on compliance,” Prideaux told Webster, “though we may be a component of a compliance process. Instead, we are primarily focused on helping to fix commercial problems that get in the way of doing business — using a cleaner, mobile-first method of authentication.”
Beyond compliance, Boku Identity helps businesses reduce costs associated with increasingly common instances of mobile identity fraud, in addition to helping grow their revenues and improve conversion via a streamlined, frictionless user experience.
Dynamic Vs. Static Authentication
Mobile in general, and the smartphone specifically, offers a treasure trove of real-time and historical data about consumers. The carriers that provide those phones have access to those consumers’ data — and they also have decades of developed skills in matching phones and phone numbers with their operators. And for very good reason, Prideaux noted — if they can’t properly track customers, they can’t bill them.
It’s a process that Boku knows well, having started its corporate life as a carrier billing product provider, which gave them access to that data stream and also created an opportunity to build a network of over 170 of the world’s largest mobile operators across 50 different countries. Those two things combined, Prideaux noted, have given the firm a clear and unique vantage point from which to view customers and their mobile devices.
Moreover, he added, enabling more than $3.6 billion via over 650 million authenticated mobile transactions last year has provided Boku with enough data to offer authentication services for any type of transaction from a mobile phone.
According to Prideaux, what started as a one-tap payment in Boku’s carrier billing business has allowed the company to build useful tools for anyone trying to verify phone numbers and consumers’ details in a secure, friction-free way.
“The carrier with the connection to a secure SIM in a consumer’s phone also knows a lot about that consumer, which is also quite useful for the many authentication use cases that businesses are trying to solve for,” noted Prideaux.
One example is the payments services provider or merchant that receives a questionable transaction. Letting a bad transaction through is obviously undesirable — but so is locking out a good one. Prideaux said that an authentication tool needs to provide a discreet way to quickly determine, in the background, if the transaction can pass through, or if there is enough real risk to warrant introducing additional friction to further authenticate the user in case there has been a mobile account takeover via SIM Swap or social engineering.
In another scenario, with a content provider that offers a certain number of free articles per month, users could try to outsmart the system by creating dummy email accounts for free trials. The solution must help the provider stop people from engaging in trial promotion abuse, a common tactic in heavily pre-paid markets.
In both cases, authentication can happen nearly instantly in the background of a transaction, quickly and cleanly, so the consumer never even notices.
“There’s a lot of power in that as an authentication method,” Prideaux said, “but also a lot of responsibility.”
Protecting Privacy
The world of identity protection first evolved in the desktop computer environment, Prideaux said, where something like an IP address or an email account were reasonably good predictors of identity. The mobile age, however, has different demands, and there is a lot more data up for grabs and flying around.
That data is valuable, and not only to legitimate players — which is why there is a proliferation of ID checks and validations. They are, quite simply, necessary to the world of digital transactions in the mobile age. But, as Prideaux noted, the same security and privacy pressures that are pushing his firm’s evolution could also affect Boku itself — which means they have to protect the data while at the same time leveraging it for protection.
“We have had to architect our platform carefully so we aren’t releasing information, but rather verifying it,” he said. “We’ve built our identity verification capabilities using privacy-by-design principles, which allow us to be able to basically supply ‘yes or no’ answers to questions — without necessarily transmitting the data back to the end user.”
Those kinds of data checks are critical now — and will only become more important going forward, as the mobile world is growing in an internet of things (IoT) world where cars, speakers and even toothbrushes are becoming devices capable of commerce.
Boku isn’t a connected device player today — as of yet they haven’t dipped their toes into the connected commerce race — but, Prideaux noted, it is a possibility for the future, because their partners could very well lead them there.
“We are doing the business here and now of helping financial institutions, as on-demand services and all kinds of money transmitters and payments companies do more with validation services anywhere a network is seeing a SIM,” he said. “Our most immediate demand is mobile phones, but we can see the potential with connected devices is clearly there.”