We all know the sheer amount of administrivia we need to go through when we move home. You need to give your new address to every organisation that you deal with, not to mention friends and family. One of VoxGen’s partner’s, Mydex, have conducted research that suggests that an individual accumulates, on average, 200 relationships with organisations. Naturally many of these organisations will want or need to put your address change request through some security processes to make identity theft harder – although necessary, this also means that it is not any easier for the person moving home.
I was just at the Voxeo Summit in Berlin and an audience member asked the panel for their opinions on when it will be possible for consumers to securely update their address across most of the companies they deal with. As you can imagine, this gave rise to an interesting discussion. All the panelists agreed that it is going to be very difficult to deliver a secure solution that is trusted by consumers. But they differed widely on when and how they see adoption occurring. One estimate was it will take “somewhere between 50 years and infinity”. While another panelist thought that whether we like it or not, Facebook and Google are already paving the way to do this and many social network users may be willing to adopt it within a much shorter timeframe.
Two key issues were discussed: security and trust. Data breeches at organisations and identity theft are already rather common and the problem is growing – but the impact is usually limited to one organisation and relatively small numbers of users. And the investment in solutions to keep it contained is already large and increasing rapidly. But what happens if you centralise some aspects of access to data – the risk and therefore the security requirements increase dramatically. At the same time, it becomes harder to gain the trust of both consumers and organisations: Why is my data safe with the central instance? What will they do with it in the future?
But there is hope – and even better than hope there are organisations, like Mydex, who are trying to tackle the problem head on. Mydex have a particularly interesting approach to trust. It has two key elements. First, they have established their charter as a community interest company, a type of social enterprise, in such a way that a significant proportion of the money generated from the value-added on their platform must be reinvested in the ecosystem. And even more significantly, they cannot be bought by any company that does not replicate their asset locked structure. Second, only the user can grant organisations access to their data and has complete control over their own data. The organisations that use Mydex must therefore also agree to these conditions.
But what about security? Mydex are tackling the security issue also. I know this first hand because we are working with them on adding multifactor authentication across communication channels. Authentication methods include biometrics, device information, location and the usual password type challenges. Interestingly one of the biggest barriers to wider adoption of the technology to achieve more secure authentication has been the fact that the data (e.g. the biometric voiceprint or fingerprint) could not be reused across organisations. This makes it is necessary for each organisation to invest separately in multifactor authentication which is expensive and, at the same time, onerous for users (you have to create new security data for each organisation you deal with). So if Mydex can successfully give consumers control of data while benefiting organisations, then this could also open the door to providing more secure access management in general.
This sort of turns the problem on its head: instead of centralised access being the security issue, it could be what is needed to pave the way for more secure and easier identity verification.