The pandemic has spurred consumers to go online for all manner of daily activities — and the fraudsters are following them. The passwords, user names and Social Security numbers that once helped us prove we are who we say we are now are vulnerable or have already been compromised. And new regulations are taking root or are on the horizon to help protect consumers, their data and how that data might be used. At the same time, banks and other firms must find new ways to verify and authenticate users and gird against theft and account takeovers.
But Joe Bloemendaal, digital strategist with Mitek Systems, told PYMNTS in a recent interview that companies can prepare for regulatory changes in ways that build trust and even lead to new revenue streams.
His comments come at a time when California is arguably taking the lead in consumer data privacy protections. The state is doing that in part by imposing penalties on companies found to be lax in implementing strong security measures to protect personally identifiable information.
Bloemendaal said that at a high level, California’s initiatives might offer a blueprint for countries that are currently shaping and updating their own privacy approaches, such as Singapore, Canada and Australia.
“Data security is such an important topic,” he said. “It’s paramount. If we’re not careful, we run the risk of turning privacy into a commodity — something that is sold.”
Before the pandemic, said Bloemendaal, traditional banks had a bit of choice in how they wanted to tackle digital identity and data protection, and the branch network of course offered a layer of security by nature of face-to-face interactions.
With the onset of the pandemic, though, branches shuttered and financial institutions (FIs) found themselves forced to embrace digital channels while remaining compliant. That translated, and still translates, into new ways of thinking about information security, and breaking down silos between departments and various risk management efforts.
Looking At Trust
As countries, states, companies and even consumers interact and learn from one another amid data privacy’s evolution, said Bloemendaal, trust remains a fundamental challenge for all stakeholders. Trust is absolutely critical and can be a fundamental challenge, especially when it comes to payments. But in digital interactions, he said, trust is elusive, because “you don’t know what the bad guys are doing on the other side” of those transactions.
But building trust can create business opportunities for forward-thinking firms, including banks, said Bloemendaal.
That’s especially true for companies like Mitek, he said, where promoting new data security and ID services in the market can help regulated companies like banks and payment service providers reach their end users with innovation much more quickly.
The confluence of the great digital shift, closed offices and the need for robust ID efforts can be seen in a microcosm of sorts, where Mitek is conducting selfie and document verification to help Gov.UK verify and onboard individuals as they apply for government services, ranging from car registration to aid.
The company, he told PYMNTS, has been able to verify several hundred applicants every minute. He contended that other governments may look to the UK and realize that “they just can’t leave this up to the market and wait for something to emerge. They’re going to have to create the pipeline, the infrastructure and the governance models that will allow for remote access to critical services.”
The Gov.UK experience may be especially instructive for the U.S., where the Department of Homeland Security is set to debut Real ID next year — and efforts with the private sector may be fruitful.
Interoperability will be key, he said, for the remote management and self-management of data. But government efforts will likely lead to standardization, offering up models and the various levels of assurance and authentication that will be necessary.
“And then technology companies will come up with solutions to meet those standards and the expectations of the market,” he said.
It will be imperative for private companies to manage, as they manage the gap between the physical and “digital” twins, the balancing act between friction and security, especially where commerce is concerned. Fraud, of course, is on the rise, so that will push the drive toward innovation and establishing digital identities.
Part of the balancing act can be streamlined through the use of advanced technologies such as biometrics at the point of onboarding in order to satisfy verification and authentication requirements. High tech, he said, “can make life easier for the consumer, because they can then use that selfie instead of usernames and passwords,” which might be floating around on the Dark Web.
Looking ahead, he said, “There’s a real opportunity for banks to think about identity — where it is now and what it will look like in the future. There may be an opportunity for banks to look after all our identity and not just look after our funds, because they have the trust and the infrastructure that is necessary to do that.”