A decade of large-scale data theft has us all feeling like a target is on our back. With the number of online services increasing rapidly across the globe, we’re sharing and using our personal details more than ever before. The side effect of the rapid growth in sharing personal information is that we know that our personal details are out there in the wild, probably being shared among hackers, and sold by crime syndicates.
A wise man once said that doing the same thing over and over again and expecting different results is the very definition of insanity. Let’s take this wisdom to heart and change the way we’re doing things in the financial services, identity and payments spheres.
What must change is that identity protection must become an active part of a consumer’s financial life. This seems like a big ask, but it isn’t, and the alternative is unthinkable.
CONSUMERS WANT POWER
Up to this point, we have all grudgingly accepted that the most a service provider can do is to notify consumers that their personally identifiable information has possibly been stolen, that they are at risk of fraud and ought to be vigilant, or that a fraudulent transaction has already taken place.
It turns out, this passive approach to identity management is no identity management at all.
The financial services maxim has traditionally been to avoid touching the customer when it comes to security, but we at Entersekt have always believed that customers do want to be touched. They want to feel in control of their identity and other digital assets. They want to be empowered with the choice to say, “Yes or No,” to an action made in their name before that action takes place.
The idea is catching on. As an industry professional recently explained to American Banker magazine, “today’s identity checks [and] updates happen in the background. We need to reverse that. Every time some provider wants to add to your identity data [or] change it, you need to be notified and can agree or not agree with the change.”
We fully agree – and more importantly, your customers agree. Even in the US market, where consumer convenience typically trumps explicit security measures, industry thinking is moving in this direction. Recent research by RSA found that 93% of American digital users want to be involved in choosing how their personal information and accounts are protected online.
At Entersekt, we have seen the impact of their involvement in deployments in Europe, Africa, and, yes, the United States: when customers feel empowered by simple, no-fuss active authentication measures, they feel safer, transact more, and opt into a greater number of digital services. That adds up to higher revenue – despite nay-sayers predicting the opposite.
GOING BEYOND DAMAGE CONTROL
Entersekt’s technology creates a trusted channel between institutions and their customers. Instead of receiving notifications after the fact that accounts have been fraudulently opened in their name and that their money has already been stolen, they hold the power to reject a fraudster’s attempt at a transfer or withdrawal before it happens via their mobile phone.
Active identity management through user mandates is no longer optional. Globally, regulators are prescribing it, GDPR in Europe representing the latest move to require explicit user approval of access to their data. Its benefits are clear. The time is now to change popular approaches to information security and user authentication.
Our recommendation is simple and absolute: empower your customers by putting them in control.
Let Entersekt help your institution move beyond passive identity management. Contact us to learn how you can empower your customers without encumbering them.