The time for passive identity management is over

Dewald Nolte|14 September 2017
The time for passive identity management is over

A decade of large-scale data theft has us all feeling like a target is on our back. With the number of online services increasing rapidly across the globe, we’re sharing and using our personal details more than ever before. The side effect of the rapid growth in sharing personal information is that we know that our personal details are out there in the wild, probably being shared among hackers, and sold by crime syndicates.

Breaches are becoming more frequent and more serious – which proves that the way we are currently protecting personal data in the financial industry is not working. The only way to put an end to these breaches and resulting spikes in crime is to start doing things differently.

A wise man once said that doing the same thing over and over again and expecting different results is the very definition of insanity. Let’s take this wisdom to heart and change the way we’re doing things in the financial services, identity and payments spheres.

What must change is that identity protection must become an active part of a consumer’s financial life. This seems like a big ask, but it isn’t, and the alternative is unthinkable.

CONSUMERS WANT POWER

Up to this point, we have all grudgingly accepted that the most a service provider can do is to notify consumers that their personally identifiable information has possibly been stolen, that they are at risk of fraud and ought to be vigilant, or that a fraudulent transaction has already taken place.

It turns out, this passive approach to identity management is no identity management at all.

The financial services maxim has traditionally been to avoid touching the customer when it comes to security, but we at Entersekt have always believed that customers do want to be touched. They want to feel in control of their identity and other digital assets. They want to be empowered with the choice to say, “Yes or No,” to an action made in their name before that action takes place.

The idea is catching on. As an industry professional recently explained to American Bankermagazine, “today’s identity checks [and] updates happen in the background. We need to reverse that. Every time some provider wants to add to your identity data [or] change it, you need to be notified and can agree or not agree with the change.”

We fully agree – and more importantly, your customers agree. Even in the US market, where consumer convenience typically trumps explicit security measures, industry thinking is moving in this direction. Recent research by RSA found that 93% of American digital users want to be involved in choosing how their personal information and accounts are protected online.

At Entersekt, we have seen the impact of their involvement in deployments in Europe, Africa, and, yes, the United States: when customers feel empowered by simple, no-fuss active authentication measures, they feel safer, transact more, and opt into a greater number of digital services. That adds up to higher revenue – despite nay-sayers predicting the opposite.

GOING BEYOND DAMAGE CONTROL

Entersekt’s technology creates a trusted channel between institutions and their customers. Instead of receiving notifications after the fact that accounts have been fraudulently opened in their name and that their money has already been stolen, they hold the power to reject a fraudster’s attempt at a transfer or withdrawal before it happens via their mobile phone.

Active identity management through user mandates is no longer optional. Globally, regulators are prescribing it, GDPR in Europe representing the latest move to require explicit user approval of access to their data. Its benefits are clear. The time is now to change popular approaches to information security and user authentication.

Our recommendation is simple and absolute: empower your customers by putting them in control.

Let Entersekt help your institution move beyond passive identity management. Contact us to learn how you can empower your customers without encumbering them.

 

About the author

Dewald Nolte

Dewald Nolte

SVP partnerships & alliances

Dewald co-founded Entersekt in 2008. He’s responsible for expanding our global network of strategic alliances and technology partners. Having been involved in several projects further afield than Entersekt, including the A-Darter missile program for Denel Dynamics, his technical ability is as impressive as his solid business acumen.

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.