#DeathToPasswords - Aventri€¦ · Emerging need to recognize PEOPLE and their PROXIES = 26 ©Experian 4/19/2017 Experian Public Vision 2017 …broadcasting who and where we are,

#DeathToPasswords: The future of consumer recognition

Introducing:

David Britton Experian

©Experian 3 4/19/2017 Experian Public Vision 2017

The challenge

Simultaneously, criminals have more access

to traditional identity data than ever before,

making it difficult for businesses to accurately

identify the legitimate identity-holder

Businesses are struggling to accurately recognize

consumers, whether for an improved consumer

experience or for accurate risk mitigation


Online accounts and passwords

Average user had to reset

passwords for 37 accounts!

In 2013: We said

By 2020 the average number

of accounts will be 207!

In 2015:


By the numbers

6


By the numbers

8


By the numbers

261


By the numbers

12,576


By the numbers

143


Grand piano

88 keys


60


143


By the numbers

0


• It’s not like we don’t engage…

• Or have a bunch of accounts…

• And we’re human, we forget…

• Growing the number of accounts we use by 14% YoY

• On average, we must remember 207 login and password combos!

You don’t know who I am? Why not?

Who can possibly do that?

195 million U.S. adults engage with businesses using a digital device


• No, I’m not using a different computer – the cookie you dropped was simply deleted

• Yes, my device is portable, so I may be coming from a different network

• Username, password, Questions, Captcha, ReCaptcha?...

Businesses don’t recognize me

We have moved the burden of authentication to the consumer


Really, who wants to go through this?

Your new password must adhere to ALL of the following criteria:

• It must not contain any spaces

• It must contain at least two numeric character

• It must contain at least two lowercase and at least two uppercase letters

• It must contain at least two of the following punctuation marks/symbols…(e.g. !@#$^*()-_=<>,/{}[]:;~)

• Avoid words found in the dictionary

• (e.g. getMEIN2!getMEIN2!, ***s4YOU***s4YOU)

Remember:

Passwords are case-sensitive: “Password”, “PASSWORD”, and “password” are three different passwords

Simply choose a password no human could ever possibly remember…


Security issues with passwords

47% of people use passwords

that are older than five years

More than 90% of user-generated

passwords will be vulnerable to hacking

“Forcing customers to change their password

every 90 days is actually LESS SECURE”

People can’t remember it, and begin to adopt

SLOPPY PASSWORD MANAGEMENT practices

“123456”

“123abc”

“111111”

“admin”

“Jesus”

“master”

Most common passwords


And one-time passcodes (OTPs) …

• Require two pieces of technology to access one channel

• Can be intercepted via the web-based texting service

• Just login to the mobile carrier – which may have less secure login practices than banks

• Essentially, we make consumers use a weaker protocol to secure a stronger


Stop the insanity, please

Oh, and it’s only going to get worse…


2007

• First time we heard of the iPhone

• Thermostat, car, television, refrigerator

Time hop – then and now

All separate items

and NOT connected


Time hop – then and now Massive shift in the concept of “connectivity”, “account” and “access”

2017

Tablets, connected home, thermostat, refrigerator, car, personal assistant, fitness trackers

Separate items, but ALWAYS CONNECTED

Not only to you … but to the internet AND to each other


The always-connected consumer and “digital exhaust”


We are hyper-connected as consumers

195 million

Number of U.S adults who

use a smartphone, digital

tablet or computer

20–40 billion Number of IoT-connected

devices projected by 2020 –

up from 4.9 billion in 2015

85% of all U.S. adults Use multiple devices

at the same time


Browser-based activities App-based activities Next Gen:

Other-platform activities

?

Desktop browser

Mobile browser

Mobile app

Whatever method…

New stuff

Connecting via:

Zygbee

WiFi

WiGig

Bluetooth

…

The extension of the digital footprint…


Emerging need to recognize PEOPLE and their PROXIES

=


…broadcasting who and where we are, what we are doing


It comes down to a simple problem of RECOGNITION


Companies want to recognize customers


Data breaches – 4.2 billion personal identification information records available for sale

Challenges to this model

Number of

stolen records

(4.2 billion)

Total U.S. population

(~315M)



• Publicly available data (Zillow, Trulia, social media, LinkedIn, Spokeo, etc.)





• Multiple new identity providers – mixed capabilities, variable quality and coverage






Knowledge-based authentication (KBA) has been used as a “one-sized hammer” for too long







• KBA questions are blocking legitimate consumers (high failure rates)


30%+







• KBA questions are not effectively stopping fraudsters (high pass rates)


60%+







• KBA questions are not effectively stopping fraudsters (high pass rates)

• Fraudsters are … data aggregators


SSN

Phone

Address

Name

Payment

information

Email

✓


The digital ID approach is siloed, fragmented

Login/authentication Activity/transactions Browsing customer Enrolling/registration








Move the consumer to the center of the engagement

Consumer Computer

Tablet

Mobile

Phone Connected

Television

Connect

Device

Connected

Automobile

• Who is this?

• Do they belong in this account?

• What features do they prefer to use?

Login

• Who is this?

• Are they using stolen payment info?

• Show them their favorite products

Transactions

• Who is this?

• Do I know enough to give them a “customized” experience?

Anonymous

encounter

• Is this who they claim to be?

• Can I expedite their enrollment?

• Are there better offers for them?

Onboard

registration


Rethinking identity – the paradigm shift from a static to a dynamic approach


Creating the ultimate consumer ID profile…

Bureau Name

Address

DOB

SSN

Purchase data Name

Address

History

Email

Payments

Network IP address

ISP

WiFi

Mobile

Bank data Logins

Transaction

New-accounts

Social media Accounts

Activity

Connections

Longevity

Authenticity

Behavior Navigation

Touch-pressure

Patterns

Biometrics Voice

Fingerprint

Iris

Gait

Email Age

Active

Geo-location Physical-location

Correlation

Digital data Locale

Configuration

Behavior

Digital IDs

Traditional ID solutions use basic

Bureau-based personal

identification information

approach – “Essential, but not

sufficient”

The market is asking for richer

context-based data assets,

like digital

There are also new emerging

alternative data sources,

which we can leverage…


…To truly recognize your customer

Individual solutions create

partial view of consumer…

…Aggregate data via

Experian Global ID Hub…

…Creating the ultimate

consumer identity profile


Experian global consumer recognition



We may recognize a consumer that is new to your business


Long-standing

relationship

First time seen

by merchant


We may recognize a consumer that is new to your business


Long-standing

relationship

First time seen

by merchant

but previously

seen across

Experian clients


The paradigm shift

Consumer digital identity

service

Digital identity financial

transactions

Consumer control of

their digital identity

Data enhancement

Consumer identity token

Digital identity health

transactions

Consumer digital identity

alerts

Digital ad targeting and

reporting

Passwordless authentication

Global identity source of

truth


How would this paradigm shift affect your business?

Solution

Results

Increase fraud detection, capture rate and revenues

Reduce lost sales, abandonment, false positives, customer friction, operational costs

Improve fraud analytics to enhance accuracy

Increase up-sell, cross-sell and improve leads

Build brand loyalty, through proper alerting and engagement

Reduce advertising costs through accurate engagement

Single

customer view

Blending

Digital, PII

and Behavior

Consumer

intelligence


• During your browsing experience, being guided to things that actually interest you

• When you sign up for an account – never fill out an application form

• When you access a business – never need to log in again

• Receiving the highest customer services / expediency when traveling

• Be alerted when strange behavior happens against your identity

• Have better control over how your identity data is used

What true consumer recognition could look like


Experian contact:

David Britton [email protected]

Questions and answers


Share your thoughts about Vision 2017!

Please take the time now to give us your feedback about this session.

You can complete the survey at the kiosk outside.

How would you rate both the Speaker and Content?

#DeathToPasswords - Aventri€¦ · Emerging need to recognize PEOPLE and their PROXIES = 26 ©Experian 4/19/2017 Experian Public Vision 2017 …broadcasting who and where we are,

Documents