In this episode Frank is joined by Nguyen Nguyen, VP of Professional Services for APAC and Claudio Briceno, VP of Professional Services for the Americas. They explore sovereign identity and discuss who should own and inform it.

Transcript

Frank:   Hey everybody, welcome to another edition of Digital Identity 360. I am super honored and privileged to have Claudio Briceno, who is our VP of Consulting Services for the Americas, as well as Nguyen Nguyen, our VP of Consulting Services for APAC. Both are valued colleagues. In fact, Nguyen and I go back probably 15 years or something in the industry, done a lot of work together. And Claudio has been doing amazing work for us here in the Americas.

Frank:   Gentlemen, thanks very much.

Claudio:   Thank you.

Nguyen:   Thank you very much. Thanks for having us.

Frank:   Yeah, it’s a pleasure. It’s not often, folks, that we get a chance to have kind of a global view of the consulting services, or really be able to talk through some of the issues that we’re seeing as an organization. So, maybe talk a little bit, starting with you, Nguyen, about the things you’re seeing in APAC, maybe some of the trends that might be different from the Americas, and certainly trends that are maybe evolving and new threat vectors in your area.

Nguyen:   Sure. APAC is interesting. You have some of the most mature economies in the world in APAC, but you have, certainly, a lot of emerging economies. So some of the initiatives by some of those organizations that are in Asia-Pacific include a lot of financial inclusion initiatives. You also have a lot of eCommerce that is coming onboard and trying to reach the mass in Asia-Pacific. Now, in terms of threat vectors, obviously, as these initiatives are getting off the ground and security measures are not necessarily in place yet for some of those organizations, there’s a lot of exploitation of vulnerabilities in those regions. Malware is still a huge one for Asia-Pacific, especially targeting financial sites and financial services. So if you take a look at how the market is moving in Asia-Pacific, you’re taking a look at a lot of eCommerce players that are coming on board, the likes of some eBay comparables in the region. But also, if you take a look at financial services, you have a lot of online lenders that are popping up, and then, obviously, micro financial institutions that are essentially trying to do everything through mobile, so think of the digital banks without brick and mortars.

Frank:   It’s interesting, Nguyen, because I think more … probably also in Latin America, but more so in APAC the vast majority of the touchpoints we have with the digital world are through mobile devices. And so I think whereas in the western part of our geographies we’re still pretty heavily PC, Mac, web interface-based. In your part of the world we’re seeing a lot of the mobile traffic, and that speaks to the requirement to have an authenticated digital identity that can travel between devices and concepts. So in your world, much more mobile than probably we’re seeing here.

Frank:   Claudio, what about your world?

Claudio:   Well here what we’re seeing is a continuous effort in terms of identity spoofing, and millions and millions of bot attacks that we are preventing every single quarter. And when it comes to the positive side we see our customers embracing our work consortium model and taking it to the next level. And in a global economy, with our frontiers, if you will, and with the capability that mobility gave us in terms of transacting using our mobile phone, our mobile transactions are growing about 50% in terms of what we’re seeing compared to the total number of transactions that we process every day. So having said that, we are kind of realizing the need of a better way to identity. And our customers are embracing that concept in terms of asking themselves, “What other scores can I get?”

Frank:   For sure. It’s interesting, I had a meeting this morning with some top folks in the airline industry and they provide a lot of data assets to airlines. And it’s one of the top imperatives still is cross-border shopping’s impacting them. You know, I want to fly to Brazil, I try to book a flight with a Brazilian airline with a card that’s from here. They don’t recognize it, they don’t recognize me, and so they cut me off. And yet, a legitimate customer walks away. You’ve lost market share, you’ve lost customer good will, et cetera, so I think this whole concept of identity and how we use it across the use cases is very interesting. Before I dive into a curve ball called sovereign identity, I want to just hit on something else you said, Nguyen, in terms of financial inclusion. Banks are looking for more customers. Fintech companies want more customers. And the reality of this is that legacy authentication systems are completely almost useless as it relates to people that really haven’t been in the system for a very long time. We call them the underbanked or the people that just aren’t banked at all. And I think it’s really telling how, as we build these identities, they can in fact be used to solve the problem of more inclusion, right? The banks can take bigger risks, the fintech companies take bigger risks because they can rely on our view of a person across the multiple industries that we serve as a company.

Frank:   But speak to the consortium model, because we talk a lot about consortium internally and we understand what it means. Maybe tell the folks exactly, what is this thing?

Claudio:   Yeah, so by definition we’re a consortium, right? Everybody contributes with data that can be used to assess the risks of a transaction by anybody that uses our services. But at some point in time maybe there could be a better way to understand your rejection rate or your attachment to risk or not risk. And so if two parties within our extended global consortium agree on the protocols, agree on the procedures and what the lists of black, white watch might mean, then they will have a better confidence of our making a decision based on that information coming from a group of trusted sources. So, that applies to every single industry today, including banking of course, eCommerce et cetera. And customers that can agree on that view of the world, they can leverage our global consortium, but in addition to that if Frank says that that’s a bad transaction or a bad actor, I’ll trust Frank because we’re in the same industry and I will call tech center where there are procedures to put somebody in a black or white list or target them, whether with good or bad behavior. I’ll agree and we can trust our assessments.

Nguyen:   To add to that, though … Sorry, Frank. To add to that, the consortium is extremely important to our customers and how they leverage our platform for risk mitigation, but I think one of the key points is not simply just relying on peers to say that this is either good or bad, but the ability to dynamically do this in real time, because we can rely on not only history but context as well, so that we can evaluate whether the users are indeed who they say they are, and whether they should be trusted or not.

Frank:   Sure. I mean, the real-time model is the key to this whole thing. The other thing that’s interesting and it’s gonna lead to my softball … my curve ball question I should say, the consortium is built on this concept of shared risk penchants. You know, banks act like banks. eComm companies act like eComm companies, and therefore when Bank A, Bank of Claudio says, “This is a bad actor. Don’t trust him,” Bank of Frank says, “Hey, we have a similar view of the world, we have a similar risk profile and tolerance. We’re gonna rely on that assessment and say “yeah, we agree this individual is probably not a good individual.” So it creates, I think, an added layer of confidence as it relates to the people we’re dealing with because we’re sharing information not just about the individual’s transactional profiles but also about our determinant outcome of that transaction saying, “Look, it didn’t work, we didn’t like it, and so we’re gonna trust it.” So, sovereign identity … I think in the digital identity world there’s a lot of buzz now about sovereign identity, the concept really being that at some point in the identity cycle the individual has to be able to have some input or say into their identity. Much like I own my likeness, if you take a picture of me for commercial purposes, unless it’s in public I need to be rewarded. Consumers are now clamoring and saying, “Hey, we should have some say in how our identity is formed and informed.”

Frank:   And so there’s an interesting dynamism here and some tensions. The tension is, who owns this thing? Some would argue government should own it, some would argue the individual should own it and some would argue somebody in the middle should own it. So that’s one tension. And the other tension is, how do you inform it? So I want to just pose the question, kind of as a curve ball. Answer those three questions. Who should own it?

Claudio:   That’s an easy one, the government should not own it.

Frank:   The government should not own it, there you go.

Nguyen:   And, if the users own it then they have the ability to potentially manipulate their risk rating, if you want to call it that. So I think an independent third party or third party custodian of these identities is where the sweet spot lies, one, because obviously they’re independent. But the other part of it is that if governments own it, and it’s not just one,