As with many software products today, it feels like everyone has the same message about how their product is the best for what you need. Under the broad umbrella of “trust” related software, whether it relates to physical or digital security, privileged access, identity verification and authentication, and various steps taken to grow revenue (establish trust faster) or reduce fraud, many messages blur in terms of how companies are different.
There are three “A’s” that we think help separate the wheat from the chaff when it comes to these products, and as simple and obvious as they might seem – you might be surprised how few companies can deliver true AAA solutions. The three A’s are:
Accurate may seem like a given, but particularly when it comes to Identity Verification (which we defined in thisblog) – that the person is who they say they are, 60% is considered an acceptable accuracy rate with some known to be as low as 20%. Even passport officers have been measured to have a 15% error rate. With accuracy rates that poor, that means trust is being established where it should not be, and that means customers are being enrolled when they should not, and that opens the door to fraud and other problems. Simply verifying that a photo ID is genuine, not tampered with, and valid is something most products can’t do. Then when it’s matched with a selfie of the person who is being verified, it needs to be checked for liveness (so it’s not a picture of a picture) and that it was taken in the same location as the photo of the ID, and filter out glare, there are many ways to make an inaccurate decision. Naturally, organizations want and need to be at or near 100% accuracy, and that’s becoming increasingly possible with new technologies that include artificial intelligence.
Human errors are inevitable when people are looking at photo IDs to verify an identity. People get tired, someone may have a beard they didn’t have when their ID photo was taken – all very understandable that the accuracy rate is as poor as it is even with passport officers, when Identity Verification is manual. What’s surprising is that some companies that sell trust related software have humans look at the photos that are submitted by their apps – they are just as manual as anyone. And not only are both of these types of manual Identity Verification very inaccurate, they are very slow and can take minutes or days to produce a decision, and in the fast-paced highly transactional world we live in, that is not a fit for what organizations need. The other side of automation is new customer enrollment, and trust works both ways there, where according to Experian, 27% of customers abandon enrollment because of a “lack of visible security” – meaning they didn’t trust the merchant. On the other side, the merchant needs to trust the customer enough to enroll them – so some sites can take several minutes verifying e-mails and collecting address and other information. But having an automated way to verify identity in seconds, adds the visible security for that 27% of abandoning customers, and collapses the time for registration – in some cases dramatically, and when you lower abandonment rates, that spikes revenue. When you talk about spiking revenue, you quickly move from the head of security to the head of sales & marketing, because that’s the kind of impact automation can bring. Customers expect fast transactions today – that is the speed of commerce, so taking minutes, or days to establish trust is not a fit for the speed of commerce in many places.
Accuracy and Automated may seem obvious, the third A in Triple A Trust, is Adaptable. Just as trust and risk models evolve over time in any given organization to stay ahead of the bad actors, they can vary dramatically by company and by industry, even by use case. In thisreport from PaymentsJournal, the ever-changing tactics of these fraudsters is the #1 biggest challenge for 71% of them. The last section talked about the “speed of commerce” – this gets to the speed of fraud. Constantly updating training materials and keeping a manual workforce abreast of all of the latest tactics becomes an unrealistic goal. What they need is something not manual, that’s very fast that can produce an accurate decision in just seconds. What they don’t need is a one-size-fits-all solution, because every business has some unique needs, so one-size-fits-all won’t be a fit for most. Different companies with different use cases and trust and risk models need to be able to change the level of rigor of their trust model to the specific needs of the use case. It needs to be adaptable, so it’s not a one-size-fits-all solution. A bank, with specific regulations around trust still may still need several different trust models for different types of customer interactions – where the college student is depositing $200 to open a savings account – that is probably a different set of questions and tests from someone who has been a customer for 25 years withdrawing $10,000. In another case of rental cars, some cities have a much higher crime rate than others, so the same company might want tighter security in their Chicago location than the one in Palm Springs. Some trust relationships have to do with the age of the person – are they old enough to rent a car or buy alcohol – there are many different types of requirements. Having over 100 algorithms, and an easy to use dashboard, AuthenticID allows organizations, from banks to rental car agencies, configure and adapt their Identity Verification and Authentication models to whatever their trust requirements dictate.
So now that you know what Triple A Trust means – be sure to ask the people you are talking with, how they measure up.