Authentify – Bank ID Service

Apologize in advance for typos.. did not proof yet

Press Release

Today’s WSJ Article on Zelle.

Congrats to Early Warning and their participating banks in the Launch of the Authentify wallet! A service 6 yrs in the making and driven by my good friend and former EWS president Eric Woodward.

A trusted identity is the key to safe, online transactions,” said Al Ko, CEO at Early Warning. “Authentify® gives companies and consumers the ability to leverage bank-trusted data to help provide even greater levels of identity assurance. Businesses are able to enhance their customers’ experience, while helping reduce friction, abandonment rates and operational costs.”

What is a trusted identity? When you fill in your account information on any form, even if you use Apple or Chrome to autofill it, it is self attested data. If you ask your bank to provide their information on you to another party it is verified data (trusted) as the bank is legally responsible for verifying the ownership of financial accounts. 

Today most merchants take consumer entered “self attested” data and then use an identity verification (IDV) service (think Experian) to risk score the personal or financial information entered to that on file. A bank originated ID cancels the need for IDV, and speeds up the process. 

The idea for this service is 10 yrs old and originated with the US Telecos and Payfone (now renamed Prove).  Telecos leveraged their unique ability to tie handset to person to verified identity. Today Prove is the largest provider of IDV and ID Provision. For example if you started an application for a synchrony credit card on mobile, Prove fills out the entire form using the “best” data across its network. With Authentify ID Banks can do the same thing

It took Prove 12 years to create partnerships across industry.. and distribution channels to make this work. Prove’s investors have included all major Telecos, BCBS, Transunion, Mass Mutual and others. Today Prove offers services directly and also enables partners. Early Warning was also an investor, but market focus pulled them apart. Funny thing here is the Prove actually purchased Authentify and sold the name to EWS.  

Identity is at the core of both banking and mobile orchestration. For more background, I wrote a very long blog on the topic in 2014 – Authentication in Value Nets

Economic Value 

Who benefits from a trusted identity (you are who you say you are)?  My list in order of TAM:

    1. Media. Who saw an advertisement and who purchased (the focus of my last company Commerce Signals)
    2. Couple ID with some new payment scheme and reduce risk.
    3. Financial Services
    4. Merchants/eCommerce
    5. Government
    6. Healthcare/Insurance
    7. Travel/Entertainment
    8. Subscription Service Providers
    9. Age Verification for Adult Activities (3 Ps of Payments Porn, Pills and Poker)
    10. Other

With respect to Advertising, a $100B market, identity is core to everything and I am 100% certain that banks won’t play here. Within financial services, account opening is the top service opportunity. But given that existing banks are not exactly keen to help their competitors open accounts using their customer data, the focus will likely be on non-bank use cases or perhaps a bank use case in a new payment scheme (ex Zelle in eCom per WSJ above). In the same vein, UCs probably won’t include telecom given carriers 12 yr working on this.

Within eCommerce, merchants own the risk for fraud (in the US, ROW has 3DS liability shift). During my time as head of sales for 41st Parameter large merchants like Apple and Amazon leveraged their decades of consumer data to create amazing risk platforms which drove fraud down to 3bps, PayPal has also done the same. It is the mid tier and smaller eCommerce merchants that still suffer (just as mid-tier and smaller banks do). 

One top merchant said this yesterday. “[we are a leader in debit acceptance in eCom], when consumers want to pay with their deposit account they use a debit card, FISV turns that into a PIN less PIN debit and I pay under $0.20 for the transaction. Why on earth would I take another payment instrument?”. Merchants know they are in a powerful position to define the success of any new payment scheme.  I don’t think any new payment instrument can win on price (ex RTP scheme).. neither can they win on fraud where merchants have loyal custom base.. the only way a new payment scheme can win is conversion (ie UX) or increased assess to credit (ie see Blog on Affirm). 

Top Opportunities for Trusted Identity Service

    1. eCom Fraud – Mid-Tier merchants with high fraud rates (ex Airlines, Hotels, Auto Rental, AirBnB, Auto supply, …etc) – $2B in US. The top opportunity is for processors to integrate, next is for eCom specialists (Stripe, Shopify, Adyen, …)
    2. Non-FS account opening (government, healthcare, insurance, …etc) – $200M 
    3. Age verification (gaming, car rental, cannibas, alcohol) ($500M)
    4. New Consumer Direct Use Cases – Document Signing – $100M (2 yr view)
    5. Add identity to something else.. commercial contracts, online dating, used car sales, 

Beyond Identity?

If you can provide an eCommerce retailer with trusted ID, you don’t need to provide any payment information, just an “ID Token” that can go against a basket of payment credentials. One of my most often used quotes from Ross Anderson at the KC Fed “within payments, if you can solve for identity the rest is just accounting”.  This strategy theme has been at the center of bank mobile payment strategy for 12 years (see Don’t Wrap Me -2012 and Battle of the Cloud Part 5 – 2014).  

For real value to be unlocked in eCommerce, trusted identity must be integrated into the payment. This can’t be done within the issuing side of the V/MA network, it can be done on the acquiring side. This is an obvious reason why JPMC is behind the service, as processor of 70% of eCom transactions they can help every merchant and partner (think Sq and PayPal) leverage a trusted identity and open an account.

For issuers, without an acquiring business, they must find a way to embed within a payment vehicle (ex TCH RTP or Zelle) in order to capture transactional value of a trusted ID. There is much more to say here.. But I can’t expand further. The WSJ Article is 60% accurate. Banks are indeed trying to find pilots. The issue isn’t functionality, large card issuers know they have a golden goose in V/MA, the EWS members with large card portfolios don’t want to cannibalize (see blog).

I’m 100% behind the Authentify concept the problem is “go to market”: where to build traction in a world where there are no payment problems and the cost of debit is $0.20. For example, Travel would be my top category, particularly given the proliferation of co-brands among airlines and hotels. These are also big ticket purchases.. where banks could best launch a BNPL or “installment” like play. 

It is important to note that PayPal’s core advantage sits in risk management on both funding and acquiring. This service has the potential to completely remake both sides. So think about the partners it can enable. 

The Challenges

There are 7 key challenges facing the launch of this service. 

    1. Brand. Why not Zelle? Consumers and merchants know what that is. The answer is two card issuing banks doesn’t want to cannibalize. 
    2. eCom is a lumpy market, with the top 5 retailers accounting for over 70% of purchases. The top retailers have already managed fraud down to low levels, and debit costs online are $0.20/tran, thus there is little to gain from service. In addition to eCom merchant concentration, there is a bank ubiquity issue. While these 7 banks account for roughly 50% of retail accounts and perhaps 60% of credit cards, consumers will likely need to choose to participate. Thus my estimates for eCom opportunity are 10% of merchants not in the top 5 (3-5% of eCom sales) where one of the bank participant customers may choose to use the service (10% of the 50% – 5%). The intersection is where these 5% of consumers shop with one the 3% of merchants participating (see blog on frequency and intersections).  
    3. Direct Sales. Selling to non-bank, non-financial and non-teleco segments will be hard, and in a crowded field. No non bank consortium has successfully executed on direct non-bank sales. Thus the focus will be on partnerships (think Shopify).
    4. Transactional. Becoming part of the payment stream. Only possible for issuers with significant acquiring businesses. If you are not part of the payment transaction.. you must integrate and contract for the service piecemeal. 
    5. Competition. The Teleco, Healthcare and Advertising segments are by far the largest segments with existing IDV providers . In addition to Prove, Transunion is becoming a powerhouse with 2022 acquisitions of Neustar, Verisk Financial Services (which includes Commerce Signals). 
    6. Pricing and Ubiquity. While the bank product is very solid, other [superior] products on the market look at identity consistency between multiple parties and tie it directly to handset information (think IMEI not SIM). This physical token is a stronger form of authentication which can be tied to identity. For uptake OUTSIDE OF TRANSACTION there will be changes necessary to consumer on-boarding/account opening. The value of the service must exceed the existing IDV services already in use. Given that only a portion of the 50% customers will be able to use the service, existing IDV services will continue. 
    7. Identity drift. Bank identity is validated at the time of account origination, but that may have been done 10 years ago. As consumers go paperless as one example, data drift, data goes stale, physical addresses change, phone numbers change or an outdated landline may be on file with no mobile phone number on file, etc. This is the advantage of Prove and other cross industry identity providers. (see Data Games)

Wrap up

This is a great service. However my view is that it is starting with the wrong name and value proposition. I would have launched it as “Pay with Zelle” to price risk management value within the transaction. Today this service solves a portion of a problem for some retailers who happen to serve some customers. Furthermore the value being delivered is outside of transactional pricing (for issuers).  

I could write a book on the irony here. As discussed in Perfect Authentication: A Nightmare for Banks. The core business of banking is risk management. A perfect identity removes risk, thus banks design risk management into payment systems. The US banks have been far more successful here than in other markets (ie SEPA is awful for banks). For example in 2008, the EU and ROW implemented 3DS shifted eCom liability in 2007. In 2020, V/MA/Amex created the new 3DS in the W3C and EMVCo – Secure Remote Commerce (see blog).  SRC is a global standard which is driving browser makers to integrate into their core functions (see Boston Fed Paper). Guess what.. US Banks are refusing to jump on board SRC. As managers of risk, Banks don’t want to networks to increase their role in managing risk… In some respects Authentify is a response to SRC. Where SRC is a global standard with EMVCo and W3C.

To be clear, I support the theme of the Bank’s response to SRC. A core flaw in the design is networks role in resolving consumer identity, something that has always been held back from V/MA as 4 party networks.  SRC greatly reduces transaction risk without the need for bank data. This is not a bank value proposition. Banks have largely lost their data advantage in consumer identity. Consumer trust has shifted toward Apple and Google.  This service is perhaps their last shot to retain it.. In some form. 

What would I change? 

    1. Rebrand: Zelle is leading service use it
    2. Get large merchants to participate or own a category like travel. 
    3. Remake SRC operationally to leverage bank ID
    4. Embed service with other acquirers to drive transactional value
    5. Enable partnerships and proof of concepts to address direct sales issues in key verticals: Health Care, Government, Retail, Insurance, …etc.
    6. Create a team that drives success at amazing speed.. Not waiting for permission to act   

© Starpoint LLP, 2022. No part of this site, blog.starpointllp.com, may be reproduced in whole or in part in any manner without the permission of the copyright owner.

8 thoughts on “Authentify – Bank ID Service”

  1. Excellent analysis Tom, as I would have expected.

    You are right about the big merchants managing payment risk down, but risk is growing in many areas (including Zelle P2P transfers) so there is surely plenty of opportunity Forfar value-added services (eg, escrow services, for example) that link the payment service and the identity service. But also, as I recall from some business modelling in this area a few years ago, there are whole sectors such as social media and internet dating where the ability to provide proof that an internet identity is connected to a real person is in of itself valuable.

    Also, as I’m obsessed with the privacy-enhancing versions of things, you might add

    7. Add verifiable credentials to the proposition so that you can prove that you are over 21 (or whatever) without disclosing other personally identifiable information .

  2. Why banks don’t utilize Zelle more is baffling to me. It could be expanded so much more and provide banks and integrators reason to use it.

    1) Fees: Banks could just add fees to it. If you are a business accepting Zelle payment you pay a fee, but its cheaper than the total fees a debit card transaction would cost. There is the merchant reason to use and the bank reason to be part of it.

    2) Credit: now when the user pays they could pick to pay directly from their checking account OR add this to their “virtual credit card.” This is no new fees but gives the user more options on how to pay. If they don’t pay their balance in full at end of month now the bank earns interest.

    3) BNPL: Zelle could have this as a third option, all internal, just pay for a large purchase right away and Zelle will automatically deduct four payments from your checking account. Or bank earns interest. Good for everyone, more income for merchant, more options for customer, and potentially more income for the bank.

    4) Integrations: Zelle can be extended with APIs, app developers write services and applications that work with Zelle. The same way you authenticate with Google, user signs in to Zelle and gives an app permissions to do certain things.

    5) eCommerce: imagine instead of entering your card info online you scan a QR code with your phone. Or have a “PayWithZelle” button that goes to Zelle website. Train customers to see their phone as a means to pay, not a plastic card.

  3. Awesome post as usual Tom. A few thoughts / follow ups

    -Who is responsible if bank-trusted data is incorrect and used by a business? Surely the bank has legal responsibility but would this hold up in court?

    -You mention large merchants have risk platforms that drive fraud down to 3bps. How close is Stripe to doing this for all of its merchants?

    -What could be the “ID Token” you mention? Will it be the same for online/offline? Could a payment card be such a token?

    -Why do you say that integrating trusted identity value into the payment stream cannot be done on the issuing side? You think banks won’t let V/MC play a role in accessing their customer details for authentication/OTP?

    -Can you elaborate more on PayPal’s core advantage and the types of partners it might enable?

    1. Can’t answer all of them. Maybe others will
      1. That is the issue. Another reason why it only makes sense within the transaction
      2. Possibly.. There is both a consumer model and a merchant model the plays in fraud.
      3. see previous blog
      4. why not issuing? they don’t ACCEPT the token from a merchant
      5. It has direct consumer relationship and direct merchant relationship. It has control over contracts and services.

Leave a Reply

Your email address will not be published.