#DeathToPasswords: The future of consumer recognition
#DeathToPasswords: The future of consumer recognition
Introducing:
David Britton Experian
©Experian 3 4/19/2017 Experian Public Vision 2017
The challenge
Simultaneously, criminals have more access
to traditional identity data than ever before,
making it difficult for businesses to accurately
identify the legitimate identity-holder
Businesses are struggling to accurately recognize
consumers, whether for an improved consumer
experience or for accurate risk mitigation
©Experian 4 4/19/2017 Experian Public Vision 2017
Online accounts and passwords
Average user had to reset
passwords for 37 accounts!
In 2013: We said
By 2020 the average number
of accounts will be 207!
In 2015:
©Experian 5 4/19/2017 Experian Public Vision 2017
By the numbers
6
©Experian 6 4/19/2017 Experian Public Vision 2017
By the numbers
8
©Experian 7 4/19/2017 Experian Public Vision 2017
By the numbers
261
©Experian 8 4/19/2017 Experian Public Vision 2017
By the numbers
12,576
©Experian 9 4/19/2017 Experian Public Vision 2017
By the numbers
143
©Experian 10 4/19/2017 Experian Public Vision 2017
Grand piano
88 keys
©Experian 11 4/19/2017 Experian Public Vision 2017
60
©Experian 12 4/19/2017 Experian Public Vision 2017
143
©Experian 13 4/19/2017 Experian Public Vision 2017
By the numbers
0
©Experian 14 4/19/2017 Experian Public Vision 2017
• It’s not like we don’t engage…
• Or have a bunch of accounts…
• And we’re human, we forget…
• Growing the number of accounts we use by 14% YoY
• On average, we must remember 207 login and password combos!
You don’t know who I am? Why not?
Who can possibly do that?
195 million U.S. adults engage with businesses using a digital device
©Experian 15 4/19/2017 Experian Public Vision 2017
• No, I’m not using a different computer – the cookie you dropped was simply deleted
• Yes, my device is portable, so I may be coming from a different network
• Username, password, Questions, Captcha, ReCaptcha?...
Businesses don’t recognize me
We have moved the burden of authentication to the consumer
©Experian 16 4/19/2017 Experian Public Vision 2017
Really, who wants to go through this?
Your new password must adhere to ALL of the following criteria:
• It must not contain any spaces
• It must contain at least two numeric character
• It must contain at least two lowercase and at least two uppercase letters
• It must contain at least two of the following punctuation marks/symbols…(e.g. !@#$^*()-_=<>,/{}[]:;~)
• Avoid words found in the dictionary
• (e.g. getMEIN2!getMEIN2!, ***s4YOU***s4YOU)
Remember:
Passwords are case-sensitive: “Password”, “PASSWORD”, and “password” are three different passwords
Simply choose a password no human could ever possibly remember…
©Experian 17 4/19/2017 Experian Public Vision 2017
Security issues with passwords
47% of people use passwords
that are older than five years
More than 90% of user-generated
passwords will be vulnerable to hacking
“Forcing customers to change their password
every 90 days is actually LESS SECURE”
People can’t remember it, and begin to adopt
SLOPPY PASSWORD MANAGEMENT practices
“123456”
“123abc”
“111111”
“admin”
“Jesus”
“master”
Most common passwords
©Experian 18 4/19/2017 Experian Public Vision 2017
And one-time passcodes (OTPs) …
• Require two pieces of technology to access one channel
• Can be intercepted via the web-based texting service
• Just login to the mobile carrier – which may have less secure login practices than banks
• Essentially, we make consumers use a weaker protocol to secure a stronger
©Experian 19 4/19/2017 Experian Public Vision 2017
Stop the insanity, please
Oh, and it’s only going to get worse…
©Experian 20 4/19/2017 Experian Public Vision 2017
2007
• First time we heard of the iPhone
• Thermostat, car, television, refrigerator
Time hop – then and now
All separate items
and NOT connected
©Experian 21 4/19/2017 Experian Public Vision 2017
Time hop – then and now Massive shift in the concept of “connectivity”, “account” and “access”
2017
Tablets, connected home, thermostat, refrigerator, car, personal assistant, fitness trackers
Separate items, but ALWAYS CONNECTED
Not only to you … but to the internet AND to each other
©Experian 22 4/19/2017 Experian Public Vision 2017
The always-connected consumer and “digital exhaust”
©Experian 23 4/19/2017 Experian Public Vision 2017
We are hyper-connected as consumers
195 million
Number of U.S adults who
use a smartphone, digital
tablet or computer
20–40 billion Number of IoT-connected
devices projected by 2020 –
up from 4.9 billion in 2015
85% of all U.S. adults Use multiple devices
at the same time
©Experian 24 4/19/2017 Experian Public Vision 2017
Browser-based activities App-based activities Next Gen:
Other-platform activities
?
Desktop browser
Mobile browser
Mobile app
Whatever method…
New stuff
Connecting via:
Zygbee
WiFi
WiGig
Bluetooth
…
The extension of the digital footprint…
©Experian 25 4/19/2017 Experian Public Vision 2017
Emerging need to recognize PEOPLE and their PROXIES
=
©Experian 26 4/19/2017 Experian Public Vision 2017
…broadcasting who and where we are, what we are doing
©Experian 27 4/19/2017 Experian Public Vision 2017
It comes down to a simple problem of RECOGNITION
©Experian 28 4/19/2017 Experian Public Vision 2017
Companies want to recognize customers
©Experian 29 4/19/2017 Experian Public Vision 2017
Data breaches – 4.2 billion personal identification information records available for sale
Challenges to this model
Number of
stolen records
(4.2 billion)
Total U.S. population
(~315M)
©Experian 30 4/19/2017 Experian Public Vision 2017
Data breaches – 4.2 billion personal identification information records available for sale
• Publicly available data (Zillow, Trulia, social media, LinkedIn, Spokeo, etc.)
Challenges to this model
©Experian 31 4/19/2017 Experian Public Vision 2017
Data breaches – 4.2 billion personal identification information records available for sale
• Publicly available data (Zillow, Trulia, social media, LinkedIn, Spokeo, etc.)
• Multiple new identity providers – mixed capabilities, variable quality and coverage
Challenges to this model
©Experian 32 4/19/2017 Experian Public Vision 2017
Data breaches – 4.2 billion personal identification information records available for sale
• Publicly available data (Zillow, Trulia, social media, LinkedIn, Spokeo, etc.)
• Multiple new identity providers – mixed capabilities, variable quality and coverage
Knowledge-based authentication (KBA) has been used as a “one-sized hammer” for too long
Challenges to this model
©Experian 33 4/19/2017 Experian Public Vision 2017
Data breaches – 4.2 billion personal identification information records available for sale
• Publicly available data (Zillow, Trulia, social media, LinkedIn, Spokeo, etc.)
• Multiple new identity providers – mixed capabilities, variable quality and coverage
Knowledge-based authentication (KBA) has been used as a “one-sized hammer” for too long
• KBA questions are blocking legitimate consumers (high failure rates)
Challenges to this model
30%+
©Experian 34 4/19/2017 Experian Public Vision 2017
Data breaches – 4.2 billion personal identification information records available for sale
• Publicly available data (Zillow, Trulia, social media, LinkedIn, Spokeo, etc.)
• Multiple new identity providers – mixed capabilities, variable quality and coverage
Knowledge-based authentication (KBA) has been used as a “one-sized hammer” for too long
• KBA questions are blocking legitimate consumers (high failure rates)
• KBA questions are not effectively stopping fraudsters (high pass rates)
Challenges to this model
60%+
©Experian 35 4/19/2017 Experian Public Vision 2017
Data breaches – 4.2 billion personal identification information records available for sale
• Publicly available data (Zillow, Trulia, social media, LinkedIn, Spokeo, etc.)
• Multiple new identity providers – mixed capabilities, variable quality and coverage
Knowledge-based authentication (KBA) has been used as a “one-sized hammer” for too long
• KBA questions are blocking legitimate consumers (high failure rates)
• KBA questions are not effectively stopping fraudsters (high pass rates)
• Fraudsters are … data aggregators
Challenges to this model
SSN
Phone
Address
Name
Payment
information
✓
©Experian 36 4/19/2017 Experian Public Vision 2017
The digital ID approach is siloed, fragmented
Login/authentication Activity/transactions Browsing customer Enrolling/registration
©Experian 37 4/19/2017 Experian Public Vision 2017
The digital ID approach is siloed, fragmented
Login/authentication Activity/transactions Browsing customer Enrolling/registration
©Experian 38 4/19/2017 Experian Public Vision 2017
The digital ID approach is siloed, fragmented
Login/authentication Activity/transactions Browsing customer Enrolling/registration
©Experian 39 4/19/2017 Experian Public Vision 2017
Move the consumer to the center of the engagement
Consumer Computer
Tablet
Mobile
Phone Connected
Television
Connect
Device
Connected
Automobile
• Who is this?
• Do they belong in this account?
• What features do they prefer to use?
Login
• Who is this?
• Are they using stolen payment info?
• Show them their favorite products
Transactions
• Who is this?
• Do I know enough to give them a “customized” experience?
Anonymous
encounter
• Is this who they claim to be?
• Can I expedite their enrollment?
• Are there better offers for them?
Onboard
registration
©Experian 40 4/19/2017 Experian Public Vision 2017
Rethinking identity – the paradigm shift from a static to a dynamic approach
©Experian 41 4/19/2017 Experian Public Vision 2017
Creating the ultimate consumer ID profile…
Bureau Name
Address
DOB
SSN
Purchase data Name
Address
History
Payments
Network IP address
ISP
WiFi
Mobile
Bank data Logins
Transaction
New-accounts
Social media Accounts
Activity
Connections
Longevity
Authenticity
Behavior Navigation
Touch-pressure
Patterns
Biometrics Voice
Fingerprint
Iris
Gait
Email Age
Active
Geo-location Physical-location
Correlation
Digital data Locale
Configuration
Behavior
Digital IDs
Traditional ID solutions use basic
Bureau-based personal
identification information
approach – “Essential, but not
sufficient”
The market is asking for richer
context-based data assets,
like digital
There are also new emerging
alternative data sources,
which we can leverage…
©Experian 42 4/19/2017 Experian Public Vision 2017
…To truly recognize your customer
Individual solutions create
partial view of consumer…
…Aggregate data via
Experian Global ID Hub…
…Creating the ultimate
consumer identity profile
©Experian 43 4/19/2017 Experian Public Vision 2017
Experian global consumer recognition
Experian global consumer recognition
©Experian 44 4/19/2017 Experian Public Vision 2017
We may recognize a consumer that is new to your business
Experian global consumer recognition
Long-standing
relationship
First time seen
by merchant
©Experian 45 4/19/2017 Experian Public Vision 2017
We may recognize a consumer that is new to your business
Experian global consumer recognition
Long-standing
relationship
First time seen
by merchant
but previously
seen across
Experian clients
©Experian 46 4/19/2017 Experian Public Vision 2017
The paradigm shift
Consumer digital identity
service
Digital identity financial
transactions
Consumer control of
their digital identity
Data enhancement
Consumer identity token
Digital identity health
transactions
Consumer digital identity
alerts
Digital ad targeting and
reporting
Passwordless authentication
Global identity source of
truth
©Experian 47 4/19/2017 Experian Public Vision 2017
How would this paradigm shift affect your business?
Solution
Results
Increase fraud detection, capture rate and revenues
Reduce lost sales, abandonment, false positives, customer friction, operational costs
Improve fraud analytics to enhance accuracy
Increase up-sell, cross-sell and improve leads
Build brand loyalty, through proper alerting and engagement
Reduce advertising costs through accurate engagement
Single
customer view
Blending
Digital, PII
and Behavior
Consumer
intelligence
©Experian 48 4/19/2017 Experian Public Vision 2017
• During your browsing experience, being guided to things that actually interest you
• When you sign up for an account – never fill out an application form
• When you access a business – never need to log in again
• Receiving the highest customer services / expediency when traveling
• Be alerted when strange behavior happens against your identity
• Have better control over how your identity data is used
What true consumer recognition could look like
©Experian 49 4/19/2017 Experian Public Vision 2017
Experian contact:
David Britton [email protected]
Questions and answers
©Experian 50 4/19/2017 Experian Public Vision 2017
Share your thoughts about Vision 2017!
Please take the time now to give us your feedback about this session.
You can complete the survey at the kiosk outside.
How would you rate both the Speaker and Content?