Authentication – A Core Battle for Monetizing Mobile

Those of you with more than 15 yrs in the industry will remember dedicated T1 lines that moved data in secure pipes from one location to another. We now have VPNs, transaction signing and encryption that allows for use of generic pipes between COMPANIES. Authentication at a USER LEVEL will now permit yet a finer grained LEVEL of Secure Services and Data ACROSS companies. Today we have Cloud services from Apple, Amazon, Google but how do you navigate amongst them? How can a Start Up develop services that SPAN them? Authentication and is Key…. And MNOs may be best placed to deliver this service.

16 October

I was delighted to see yesterday’s announcement on Verizon’s updated authentication efforts (UIIS), the American Banker Article pointed to a consumer focus,

“We want to be the world’s largest identity provider,” says Tracy Hulver, chief identity strategist at Verizon Enterprise Solutions.

I’ve always held this is a tremendous opportunity for MNOs given their distribution, ability to physically site and verify both consumer and phone, as well as their network management capability (ex. know where the device is). In fact one of my oldest blogs (4 years ago) laid out the high level opportunity.

What are some of its problems on web today? Junk mail, Spam, Phishing, Pharming, Trust, Fraud, Passwords everywhere, card numbers everywhere, consumer data/cookies, beacons, …  much of this is caused by ubiquitous anonymity. Consumers should have the right to be anonymous, after all I don’t give a physical store my ID when I walk in to shop.  But what if I wanted to be known?

Remember the early visions of “web services” A technical panacea where I could combine distributed processes from multiple providers acting on distributed data. Much of this never came to fruition because there was little trust, no service levels, and no way to distribute revenue.  Web service architecture took off fantastically within an organization… but corporate success required  resolving the issues above (as well as securing the pipes).

Those of you with more than 15 yrs in the industry will remember dedicated T1 lines that moved data in secure pipes from one location to another. We now have VPNs, transaction signing and encryption that allows for use of generic pipes between COMPANIES. Authentication at a USER LEVEL will now permit yet a finer grained LEVEL of Secure Services and Data ACROSS companies. Today we have Cloud services from Apple, Amazon, Google but how do you navigate amongst them? How can a Start Up develop services that SPAN them?  Authentication and is Key…. And MNOs may be best placed to deliver this service.

What problems could authentication (via mobile) “solve”?

#1 Payments – Of course this is the top of my list. My favorite quote from Ross Anderson “if you solve for authentication.. everything else is just accounting”. Think of how much bank infrastructure is dedicated to authentication of the consumer and risk/fraud management. This infrastructure was built over last 30 years because there was VERY poor ability to authenticate a consumer (ex. signature and possession of card) AND inconsistent CONNECTIVITY at each commercial “node” touching the transaction. Today we have complete connectivity, but the MODEL has not evolved from its archaic past. I could write a book on this topic alone. A key REQUIREMENT for authentication to IMPACT payments is that ALL ACTORS (Bank, Retailer, Regulators) must RECOGNIZE and TRUST the services of the AUTHENTICATION PROVIDER. I would love to see the Fed lead here in creating a certification process…

In a perfect world, the following happens

  1. Legislation to create requirement (by Banks) to: recognize independent authentication services which comply w/ Fed, clear authorized payments in under 24 hrs, absolve banks of compliance responsibilities for authenticated payments (if they don’t own authentication).
  2. Fed creates Payment Authentication certification, requires banks to keep Auth at transaction level and absolves banks from compliance issues for authenticated transactions (assuming authenticated party was NOT on an AML list).
  3. Banks adapt systems to comply, or Fed enables transactions directly in a new real time service (with integrated authentication per transaction).  This is what happens when international banks provide remote consumers wire transfer capabilities (as in James Bond)
  4. … 10 yrs later…

#2 Fraud. Medicare, Obamacare, Welfare, Pension, …  A phone with integrated biometrics could make a very significant dent in $80B of false claims (FBI estimate).

#3 Better Auth leads to DUMBER PIPES. Look at what happened to our economy the last time we had a generic network where anyone could build.  Better authentication will allow us to REWIRE COMMERCE… with the Banks as a primary loser (note I spelled it correctly today).

#4 New Services. A corollary to #3. Integrating cloud and data across providers and across platforms.  The realization of an early web services vision… Consumers could have control over provisioning and “orchestration” of their data. For example allowing health care data to be shared with doctor (for second opinion), or allowing merchant transaction data to be shared with Google or Proctor and Gamble for a fee.  The receiver must be able to trust both the consumer’s permission and the source (3rd party validation). … Possibilities are endless (and exciting).

#5 Digital Signatures. Applying and COMPLETING a loan application, college application, commitment to purchase, contracts, licenses. Enabling the US to catch up with Singapore on eGovernment, and making our lives easier. Improving the ability to open new accounts also increases competition as intuitions must compete for our business daily.

Other thoughts appreciates.