Authentication – A Core Battle for Monetizing Mobile

16 October

I was delighted to see yesterday’s announcement on Verizon’s updated authentication efforts (UIIS), the American Banker Article pointed to a consumer focus,

“We want to be the world’s largest identity provider,” says Tracy Hulver, chief identity strategist at Verizon Enterprise Solutions.

I’ve always held this is a tremendous opportunity for MNOs given their distribution, ability to physically site and verify both consumer and phone, as well as their network management capability (ex. know where the device is). In fact one of my oldest blogs (4 years ago) laid out the high level opportunity.

What are some of its problems on web today? Junk mail, Spam, Phishing, Pharming, Trust, Fraud, Passwords everywhere, card numbers everywhere, consumer data/cookies, beacons, …  much of this is caused by ubiquitous anonymity. Consumers should have the right to be anonymous, after all I don’t give a physical store my ID when I walk in to shop.  But what if I wanted to be known?

Remember the early visions of “web services” A technical panacea where I could combine distributed processes from multiple providers acting on distributed data. Much of this never came to fruition because there was little trust, no service levels, and no way to distribute revenue.  Web service architecture took off fantastically within an organization… but corporate success required  resolving the issues above (as well as securing the pipes).

Those of you with more than 15 yrs in the industry will remember dedicated T1 lines that moved data in secure pipes from one location to another. We now have VPNs, transaction signing and encryption that allows for use of generic pipes between COMPANIES. Authentication at a USER LEVEL will now permit yet a finer grained LEVEL of Secure Services and Data ACROSS companies. Today we have Cloud services from Apple, Amazon, Google but how do you navigate amongst them? How can a Start Up develop services that SPAN them?  Authentication and is Key…. And MNOs may be best placed to deliver this service.

What problems could authentication (via mobile) “solve”?

#1 Payments – Of course this is the top of my list. My favorite quote from Ross Anderson “if you solve for authentication.. everything else is just accounting”. Think of how much bank infrastructure is dedicated to authentication of the consumer and risk/fraud management. This infrastructure was built over last 30 years because there was VERY poor ability to authenticate a consumer (ex. signature and possession of card) AND inconsistent CONNECTIVITY at each commercial “node” touching the transaction. Today we have complete connectivity, but the MODEL has not evolved from its archaic past. I could write a book on this topic alone. A key REQUIREMENT for authentication to IMPACT payments is that ALL ACTORS (Bank, Retailer, Regulators) must RECOGNIZE and TRUST the services of the AUTHENTICATION PROVIDER. I would love to see the Fed lead here in creating a certification process…

In a perfect world, the following happens

  1. Legislation to create requirement (by Banks) to: recognize independent authentication services which comply w/ Fed, clear authorized payments in under 24 hrs, absolve banks of compliance responsibilities for authenticated payments (if they don’t own authentication).
  2. Fed creates Payment Authentication certification, requires banks to keep Auth at transaction level and absolves banks from compliance issues for authenticated transactions (assuming authenticated party was NOT on an AML list).
  3. Banks adapt systems to comply, or Fed enables transactions directly in a new real time service (with integrated authentication per transaction).  This is what happens when international banks provide remote consumers wire transfer capabilities (as in James Bond)
  4. … 10 yrs later…

#2 Fraud. Medicare, Obamacare, Welfare, Pension, …  A phone with integrated biometrics could make a very significant dent in $80B of false claims (FBI estimate).

#3 Better Auth leads to DUMBER PIPES. Look at what happened to our economy the last time we had a generic network where anyone could build.  Better authentication will allow us to REWIRE COMMERCE… with the Banks as a primary loser (note I spelled it correctly today).

#4 New Services. A corollary to #3. Integrating cloud and data across providers and across platforms.  The realization of an early web services vision… Consumers could have control over provisioning and “orchestration” of their data. For example allowing health care data to be shared with doctor (for second opinion), or allowing merchant transaction data to be shared with Google or Proctor and Gamble for a fee.  The receiver must be able to trust both the consumer’s permission and the source (3rd party validation). … Possibilities are endless (and exciting).

#5 Digital Signatures. Applying and COMPLETING a loan application, college application, commitment to purchase, contracts, licenses. Enabling the US to catch up with Singapore on eGovernment, and making our lives easier. Improving the ability to open new accounts also increases competition as intuitions must compete for our business daily.

Other thoughts appreciates.

Advertisements

20 thoughts on “Authentication – A Core Battle for Monetizing Mobile

  1. Verizon and “the world’s largest” – well, there are 5,900,000,000 mobile users out there who are NOT Verizon’s customers… Ditto.

    Also, on a technical level, a smartphone app cannot talk to SIM-based “secure element” direct…

    That’s before we even touch a business model which a mobile operator can offer to the world…

  2. Just to clarify No.2 above, Verizon’s UIS relies on a smartphone scanning QR code to close the loop. That doesn’t involve SE! My guess is – they are relying on mobile “fingerprinting”. 41st Parameter and iovation offer the same capability and are operator-agnostic. What value/innovation does Verizon add there?!..

    • Current product looks like a starting point.. I’m excited to see their “desire” to be an authentication provider.. hope they can now create a product that will make them successful toward that end. They must start somewhere… would be nice if they took Apple’s fingerprint scanner and REGISTERED the consumer at the store when they registered their print.. a form of certification using apple’s integrated tech..

  3. Having worked with Verizon for years and knowing the walled garden philosophy that is part of their DNA…..they have been here before…it all sounds great until their own counsel says things like “we have to know who has the phone at the moment” and the big one…”we don’t want to be anywhere near the liability when some harmed party says we relied on your identification” THE END

      • here is the real dilemma…Verizon really thinks they own the customer and they are just allowing “others” access to them…..they are still looking for a way to be the gate keepers…collect a toll (% of the deal) without picking up the liability…dont count them out…

      • thats like asking what is the value of controlling shelf space at Walmart…all of the market controlling carriers (the top 2 in every market where they have more than 70% market share combined) think they control shelf space…so the value is that they have the shelves and you need the shelves to reach your audience…

      • My question was different: if there are MNO-agnostic secure solutions for 2FA, why bother with mobile operators… E.g. if Apple opens access to their embedded SE, that function could be made available irrespective of which MNO the phone is running with.

        The only valuable piece of MNOs’ infrastructure, from 2FA point of view, is SIM (i.e. secure element). Once an alternative and more convenient SE is available from non-operators (e.g. MicroSD), the value of SIM-based SE drops like a rock.

      • I agree and I would only add one comment – those with power, use their power to keep their power…..forget rational

      • Great phrase indeed! That strategy works in asset intensive industries… but if customer switching costs are low, barriers to entry start to become barriers to exit. Walled Garden gets its name assuming you charge for entry.. perhaps we need to coin a new phrase associated with a garden jail cell where companies make every attempt to lock you inside.

  4. Hi Tom

    I was actively involved in this area over 10 years ago, around a concept I called “etrust” – see my website: http://www.collinconsulting.co.uk/resources/white-papers/109-e-trust.html

    As a consultant to the banking and card payments industry I was primarily interested in etrust as a new class of profitable services which banks could offer. I actually did no less than three consulting projects for Barclays, APACs then MasterCard on the proposition but like many bright ideas it never really caught on, although you should check out Identrust, and also I think the Swedish banks operate a successful scheme called BankID.

    The basic principles you describe however are still as valid today as they have ever been. We have all the necessary technology, it just requires an industry with the necessary will to put it into practice and we could do away for ever with the antediluvian practice of sending each other bits of paper in the post and signing them!

    Nice blog – I always enjoy it!

    Nick

    • Thanks for your note, and feedback. Unfortunately authentication is a very challenging business to run. Most successful companies “sell” the service by integrating/enhancing existing products. The REAL opportunity is in REMAKING products based upon sound authentication. Remaking products seldom starts with companies already in a leadership position… (ex bitcoin).

  5. I think one good example is Estonia (see: http://www.sk.ee/en/about/) and also Lithuania.
    There is central body that offers authentication and digital signature services via official ID card (kinda plastic passport) and mobile-ID which is basically ID card on SIM.

    This kind of authentication/digital signing is accepted in all governmental institutions and in their e-services, banks, mobile operators etc. Yesterday I was even voting for local government by using my mobile-ID.

    I would say the answer is hidden in legislative side or maybe if a leading companies get together to deliver it. The latter happened in Sweden with BankID. Without cooperation between biggest banks it would have slowly died.

  6. Pingback: Headline News from PaymentsNews.com - October 16, 2013 | Ideal Payment Solutions.comIdeal Payment Solutions.com

  7. Pingback: Perfect Authentication… A Nightmare? | FinVentures

  8. The world of marketing is no more what it was till a few
    years back. Considering Facebook has over half a billion users,
    that has pretty big implications. This also makes your fan page more visible to your
    target audience.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s