How Modern Data Strategies Underpin the Digital Identity and Authentication Practices Critical to Digital Transformation
The coming year — 2021 — will move digital customer experiences one giant leap forward, where there’s no need to appear in person to get things done. Virtually every enterprise is accelerating digital transformation, either creating new, digital-native projects or augmenting critical systems with new digital capabilities.
Nearly all digital transformation is data intensive. Rapid access to the right data provides everything from accurate information and recommendations to the critical identity checks needed to ensure that people are who they say they are in a contactless transaction.
In this article, I’d like to zero in on how modern data infrastructures can fuel the critical authentication and identity practices required for a contactless world.
Experience Is King and Customers Crave Convenience
The amount of effort a customer puts into a digital transaction directly correlates to the satisfaction of that experience. The simpler and faster, the better. It’s not going to be enough to just digitize business if experiences do not perform at the speed of expectations.
What’s one of the greatest frustrations (for customers) and fears (for business) in a digital world? Authentication. In the race to get online, or complete transactions in an impatient world, proving identity has always been a speed bump, both for the transaction and psychologically for consumers. Digital business won’t leap forward if we don’t make authentication simple, accurate and frictionless. Yet at the same time, security and privacy remain paramount. There have always been tradeoffs between security and convenience; however, with modern data architectures those tradeoffs are disappearing.
Current Mainstream Authentication Is On Its Way Out
There remain plenty of security issues with digital commerce, as user errors, two-factor authentication and passwords just haven’t proven enough to stop bad actors. According to Gartner, these approaches are also on their way out. Three years ago the firm declared that by 2022, over half of large global enterprises (and many more smaller ones) will move to password-less methods for most use cases.
The time is right. Advances in big data let us use tens, even hundreds of data points instantly for many things, including confirming identity (more on that later). But also, we’ve crossed the line where digital documents, identities, and transactions, once outliers, are now mainstream and preferred by businesses and consumers. They’ve surpassed traditional analog and physical methods. Even paper documents came with high assumptions that those documents were legitimate when presented in person.
Modern Fraud Prevention Provides a Template for Success
It’s time that we leverage new data architectures more aggressively. Some of the most forward-looking financial services companies (like PayPal, Experian and others) already leverage vast amounts of data to quickly pinpoint identity. Without it, the great digital leap could easily stall against the headwinds of customer convenience.
A fraud prevention application has to review a user profile, test the request against patterns determined by data scientists, and make a “yes” or “no” decision as to whether the activity is legitimate. The enormous and ever-changing dataset of requester information only adds complexity to the equation. But sophisticated database technology not only makes it possible to immediately identify anomalies and false positives, it’s light years ahead of previous analog methods of combating fraud. Applying the ability to check recent updates to dozens of data sources in milliseconds must be used to validate the authentication process on a broad scale.
Let’s look at PayPal. It has more than 300 million users worldwide, with a data infrastructure supporting 60 billion queries a day and payment volumes in excess of $700 billion annually. Data scale challenges include hundreds of petabytes and a requirement to grow from 3.5 to 7 million transactions a second.
By leveraging next-generation data architectures, it has not only implemented authentication beyond standard passwords, but more importantly, implemented a next generation fraud detection system. It merged “big data” with “fast data,” such as customer enrollment, payment, invoicing preferences, profile data, etc., as well as real-time information on the details of the customer’s recent activities like geographic location, intermediate network gateways, device identity, etc. This comprehensive approach created a real-time fraud decisioning platform that is effective — and with minimal end-user friction. It’s this type of integrated model that helps map the way for future authentication strategies.
Another useful example is Experian. The company’s CrossCore identity and fraud risk platform consolidates and orchestrates numerous fraud risk signals into a single, holistic assessment to improve operational processes, stay ahead of fraudsters and protect customers. During the past year, Experian helped clients screen more than 15 billion fraud events — more than 3,300 per second. Experian uses a modern NoSQL database to support low-latency, high-throughput cloud data storage for device intelligence and fraud management. The service enables Experian to help businesses improve response times and deliver a safe, convenient and frictionless customer experience.
The Shifting Privacy Obstacles
The most vocal objections will come from those concerned with data privacy. Digitizing everything means that all of an individual’s identity sources will be stored and maintained by strangers. People may have a sense that they are no longer in control of their identity. To a degree, we’re already a long way down that road. But individuals still feel–rightly or wrongly–as if they have some control now. In an all-digital world, there will be valid concerns about private information being misused and vulnerable to cyber-thieves.
Fortunately, privacy legislation is in full force with GDPR (in Europe), CCPA and the newly passed CPRA in California, and many other examples within specific markets (HIPAA) and regions. This requires more control both to stay within the accepted, legislated boundaries and the expectations of companies and customers. Here are three facts worth remembering:
- Customer data must be protected so trust can be established between customer and vendor;
- Any customer requests for data management as required by compliance requirements must be complied with and recorded for future auditing;
- The penalty for not complying could result in business losses through brand damage, customer churn and steep fines from regulatory agencies.
The future of the business is based on leveraging data. Improper data usage may land the business in deep trouble on multiple fronts. Those that are meticulous stewards of customer data are much more likely to thrive.
These concerns will need to be addressed thoughtfully. Making digital verification mandatory is one way to increase compliance. But a better way to earn the trust and support of customers is to offer a fast, pleasant and frictionless experience.
We’re quickly moving toward a day when this will be a nearly “contactless world.” To get there, companies know they have to master digital authentication and all the data challenges that come with it. Do it quickly, and you’ll reap the benefits.
About the author: Srini Srinivasan is the founder and chief product officer at Aerospike, a developer of next-generation, real-time NoSQL data solutions. Srini has two decades of experience designing, developing and operating high-scale infrastructures. He also has more than 30 patents in database, web, mobile, and distributed systems technologies. He co-founded Aerospike to solve the scaling problems he experienced with internet and mobile systems while he was senior director of engineering at Yahoo.