Industry Blog

Why ID Verification Needs a Reset

When was the last time you forgot a username or password – probably quite recently, right?

It is estimated that over half of us at some time or other have been unable to complete a transaction because of an incorrect username or password. While sophisticated passwords are recommended, 70% of us can’t remember complex or long passwords, and research conducted in the United Kingdom found that 44% of shoppers have abandoned at least one online shopping transaction because they were frustrated with the complexity of identity verification.

Current authentication protocols commonly used by retail outlets and online transaction schemes are driving some customers away.

How has it worked up to now?

The process of authenticating “who we are” has traditionally been implemented using two paradigms: “something to know”, such as a password, and “something to have”, such as device which generates a unique code with a short period of validity. Recently this two-fold approach has been augmented by the additional idea of “something about you” where devices can for example literally take our fingerprint as part of their user verification process. So these ideas are out there already, they are not new, but they have not been implemented in an easy to use manner and they have not taken advantage of mobile communications.

Instead, to date many websites simply opt to use social logins which integrate with Google and Facebook to make sign-ins faster. For the most part, Google and Facebook are clearly trying to ‘own’ the ID authenticator role. Yes, there are huge numbers of users of social networking, but what about those who are wary of granting permission to Facebook or Google to access a service and are concerned about privacy? And what about those that can’t remember the password to a social networking site? Are businesses going to leave potential customers out in the cold? Surely, it is time to make the ID verification process a lot simpler.

Why mobile-enabled ID?

Why should mobile operators be granted this role as opposed to the Over The Top players? Well there are a number of advantages of using a mobile-enabled ID authentication service:

  • Ease of use: The SIM on the mobile device and your mobile number can authenticate the subscriber. Consumers do not need to remember multiple passwords, usernames and security questions. Pretty much everyone has their phone with them, always.
  • Faster verification: Authentication is a few clicks and swipes and could make the login and check-out process fast.
  • Trust: People already invest significant personal trust and capital in their mobile number. With a mobile number for authentication, subscribers can decide what information to share.
  • Safer ID: Operators can also use biometric verification to add an extra level of security such as Touch ID.
  • Enterprise partnerships: This new service would enable mobile operators to build closer partnerships with enterprises and secure new revenue streams.

Time for a reset

4 out of 5 shoppers already use their smartphones to buy products online. That’s not a surprise to most of us. However, what is significant is that mobile operators are well positioned to take the lead on ID authentication and provide both consumers and enterprises value and ease of use. It also opens up the potential for network operators to secure a new revenue stream.

Why haven’t most mobile operators been able to roll out such a service already? Despite having access to infrastructure such as the HLR (Home Location Register), which does contain information on subscriber identity, mobile operators have struggled to access this information efficiently, and make it accessible with ease to verified applications. That is partly because network providers have various databases spread over different locations and use different technologies. Integrating all these data repositories into one has not been an option for most operators - up until now.

Here at Openwave Mobility we recently launched the industry’s first carrier-grade subscriber data federation solution, Smart Data Federator. With a flexible interface between data silos, mobile operators now have a unified, consolidated view of all subscriber data that can be accessed by authorized applications. SDF utilizes proven technology installed in the largest deployment of a User Data Repository in the world. Our solution makes it easier for operators to launch a new subscriber ID authentication service based on layer 7 identity management protocols.

In summary, research has found that exasperated shoppers abandoned trollies worth nearly $2 billion (£1.2bn) because of complex authentication protocols. That’s money businesses can ill-afford to lose. Thanks to new technology available today, mobile operators can make the ID verification process simpler for the consumer and help enterprises recuperate revenues that would have otherwise been spent elsewhere.

It is time for an ID reset.