Customer recognition is in a mess, but I’m hopeful that that organisations will begin to use the mobile phone in a consistent way to fix the problem.
At the BAI Payments Connect 2014 session on Authentication, Matthew Harper from SunTrust Bank said, very accurately, that “we don’t need to authenticate our customers, we need to recognise them”. I like this formulation, one that we have used with our clients for a couple of years, and indeed I said last year that recognition would be one of the hot technologies for 2014.
We’ve been using the world “recognition” to mean the combination of good enough identification and good enough authentication to make commerce possible. The mobile phone has an obvious and important role to play here, to the point where downstream tokenisation will shift to recognition (in other words, it will be the customer’s identity that is used to make a payment).[From The “hot five” retail transaction technologies for our clients in 2014]
As you can see from this, I strongly agreed with Aaron Bartrim from Early Warning Services who explained in the session just why the mobile phone is the way forward here. Aaron’s crucial point was that the mobile token Provides strong security that is balance between convenience and usability. Therefore it was no surprise to read that they have strengthened their relationship with Payfone and are using their platform to provide services to their members that are centred on that token.
Payfone, a provider of mobile security solutions, is launching its new Identity Certainty platform for mobile authentication that leverages the security of mobile networks to deliver unique tokenized IDs to mobile users.[From Payfone & Early Warning Partner on Mobile Authentication | Bank Systems & Technology]
By the way, I cannot help but use this news to deliver two vignettes on the state of authentication today. Here are a couple of examples: a bank and mobile example and a non-bank and non-mobile example.
First, the bank example. My bank’s mobile banking app has a “live chat” function. When I was using the app (which is excellent, by the way, and I use it all time) the other day, I couldn’t figure out how to do something. So I hit the live chat button. This is in my bank app running on my phone, remember, an app I had to log in to. So, inside the app that I have authenticated myself to, on my phone, I hit the live chat button and I get…
The chap wanted to know my personal details! I naturally assumed that it could not be Barclays on the other end of the chat line, because they would know that it was their app that I had logged in to and the app would naturally have told them who I was, so the only conclusion I could draw was that the system had been subverted and that I was communicating with an Eastern European fraudster. So I gave up.
Second, a non-bank example (that I have used before). On my way to BAI Authentication session in Las Veags (oh the irony) I stopped at the coffee shop with a colleague and we ordered a couple of lattes. I attempted to pay with my Visa card, and was asked for photo ID. This seems to be generally the case in Las Vegas – it happened at the diner, at Starbucks and most other places – so I fished out my old expired building pass for our New York office from my bag and handed it over. The guy accepted it as valid photo ID and ran the card, and presented me with a slip to sign which, naturally, I signed in the name of a prominent South American soccer player. Silly, really. I should of course have shown him my picture ID with my real name on it.
Authentication is a mess, and phones can fix it.
Agree, it’s now impossible for my bank to contact me, phone conversations are fun:
bank: We’re your bank
me: are you?
bank: yes, can you answer these security questions?
me: no, prove your my bank first
bank: err, we can’t
I have had almost exactly the same conversation with my bank. It makes you wonder when they realise that this is not going to work – I bet they blame the call centre and not their own processes.