Consumer identity systems is a puzzle that has long intrigued Capital One’s managing vice president of consumer identity, Andrew Nash. The era when these data-gathering businesses emerged is known as Web 2.0, and saw the rise of user-generated content and social media, into which users continue to pour sensitive data with no assurance of privacy.
Nash was among a small group of researchers investigating solutions to fix identity at the time Web 2.0 emerged. The movement he was a part of, known as Identity 2.0, “was about how do you put consumers in control of their own information,” Nash said last year. “Despite an increasing reliance on digital identities, consumer trust in those identities continued to erode. We strive to make a real difference to make the internet a safer place for everyone engaged in it, but to do this without abusing customer privacy and storing personal data,” Nash said.
The struggle continues. Consumers sign into various services, often still using their email address and password rather than biometrics, and deposit pieces of data into the hands of corporations without a clear understanding of and control over how the data is being used and who it is being shared with. Nash, whose previous roles include stints managing identity at Google and PayPal, is still looking for ways to return control of identity to consumers.
The problem of identity extends to devices as well. As more of our transactions flow through our mobile devices, for example, those devices themselves need to establish identities online, and are crucial pieces in establishing the identity of their users. Mobile devices have been described as “bundles of sensors” that can communicate a vast array of data just by the angle at which they are held. This was not the case with the fountain pens used to sign transactions a hundred years ago, but in those scenarios, the customer was in the room, while on the internet, the customer could be anywhere.
Nash came to Money20/20 in Las Vegas in October for a fireside chat on identity with Dave Birch of Consult Hyperion. It became clear early on in their conversation that the word “identity” masks a great deal of complexity. Nash described one aspect of the problem, arguing that when people talk about “identity management” they often mean “user management.” This is the issue of authentication and access privileges, which is just one piece of the greater puzzle.
Nash’s vision has less to do with granting access to one website front-end or another and more with returning to the promise of the early web and allowing customers to confidently and securely take part in commerce and communication wherever they choose across the web. They could grant access to only the parts of their identity needed to authenticate them for the service in question. OpenID, an open and decentralized authentication protocol, was built with this in mind, to give consumers direct control of their access information, but is instead serving as gatekeeper to services used every day on many of the internet’s busiest sites.
“The way it works now involves consumers spending an inordinate amount of time typing in their information and interacting with a company’s front end,” Nash said back in March. “On the back end, there is a virtual hallway of private rooms where deals are done and third parties share consumer data without consistent, informed consent.”
The blockchain and cryptocurrency space, with their emphasis on decentralization, have been great experimenters in the identity space, as Nash and Birch agreed in their discussion at Money20/20. The use of cryptography in establishing identity has certainly had a profound impact on the identity management space. While there has been a great deal of new blockchain-backed technology in the space, Nash observed that “Technology has never really been the challenge.” The problem has been setting standards. Alluding to the days of Identity 2.0, Nash said, “We’re on Wave 3 or 4 of identity.” Blockchain may end up being part of the solution.
It is not an exaggeration to say that everything in financial services, and in our interactions with products and services around the internet, depends on our ability to securely manage our identity. The challenge of mobile payments has always been establishing the identity of the purchaser. But the use of legacy authentication methods testify to the ancient problem of establishing identity, perhaps most notably in the use of signatures to authorize transactions when the merchant or taxi driver has nothing with which to compare the illegible scrawl on the pin pad. As Nash put it at Money20/20, “Identity is going to cause a fundamental change in the way we think about everything, including payments.”
As Birch pointed out, “Capital One was the first bank to see identity as an opportunity.” And Capital One did lead the way in areas such as mobile authentication, with a login feature (tracing a sequence of dots) that was unique among large banks. But Birch then asked why bank logins have not extended to other areas requiring identity management. “Why do I see log in with Amazon but not log in with Capital One?” he asked. Nash replied, “We’re making progress in that area.”
Banks are focusing on what Nash called ”high-assurance” identity problems. Birch’s example of buying concert or airline tickets is, relatively speaking, a low-assurance – or we might say, lower stake – problem. A better use case in which to use bank ID, Nash said, would be, “How do I ensure my taxes get done correctly?”
Nash also noted that the establishment of identity will depend on a coalition of trusted partners from several networks outside of financial services. “We’re going to get a bunch of traction in this space” due to these partnerships, he said.
The problem of identity is as old as the internet – and indeed far older. But the digital space brings new challenges. Advances are being made on several fronts, and identity is finally getting the attention it deserves in financial services. “The next focus area is identity,” Nash said.
This blogpost is part of a partnership between Capital One and CCG Catalyst. You can also listen to an exclusive podcast conversation with Andrew Nash, which is available here.