17 Aug Market Challenges, Fragmented Identity, and the Need for Orchestration Technology
What do Google, Amazon, Uber, Microsoft, Apple, and the rest of the market leaders have in common? They are effective identity-first businesses in some ways. Google has mastered identity, as seen by the ease with which you can sign up, log in, and restore your account via self-service.
Have you ever contacted Google or Microsoft help desk? – No! The reason for this is because these leaders have always found a way to confidently know their customers. To provide this simple, elegant experience, a lot of complexity around digital identity and knowing clients with confidence at different points of the user journey must be solved.
The digital identification process usually starts with identifying whether it is a human or a machine(BOT) trying to sign-up or log in. If it is a human, is it the right human accessing from a trusted device? Once you know WHO with confidence, you can deliver a great personalized experience for onboarding, login, and remarkable customer service
Bot detection requires different technology stack capabilities compared to human verification. The identity proofing process is very context-driven and varies depending on the application, regulatory and compliance requirements, and business risk. Identity proofing of humans includes traditional name, address, email, and phone number identity checks, as opposed to identity attributes verification such as ID document verification, age verification, credit score, financial data such as asset or income verification, KYC, and AML checks. It’s a very long list but these are the attributes that require very different capabilities. And, when you add biometrics, user or device behavior, and transaction risk to the mix, it requires a much more complex requirement. This integration involves multiple service providers, as it is technically not feasible for a single vendor to offer an optimal solution, as the technology capabilities are fundamentally different.
As a result, only the very large organizations can spend millions and billions of dollars to accomplish this. However, most businesses lack the resources to do so, resulting in lower onboarding success rates and higher churn rates, among other things. These difficulties are exacerbated for global brands. As companies consider global expansion and transition from traditional to digital businesses, international market coverage becomes more challenging. Furthermore, local identity data, residency requirements, laws and regulations, ID proofing, and managing fraud on a global scale are all significant challenges that are only becoming more complex. To address these issues, businesses must consider a unified approach and a better way of managing ID proofing, KYC/AML, authentication, risk & compliance, and security. The approach needs to support the ability to add new capabilities, as with AI/ML there is tremendous innovation that companies can harness to improve onboarding and login experience and significantly mitigate the risk of new account opening and account takeover fraud.
This is where Orchestration technology comes into play to solve complex identity-security challenges in respect of authentication, identity proofing, KYC AML, and fraud detection. Modern Identity orchestration platform provides a forward-leaning identity-first security strategy, accelerates time to market, creates a seamless and secure digital experience, and gives agility to respond to demands of business, and shift frauding tactics with visibility and freedom to select the right service provider for the business.
Looking at what Gartner has to say about Orchestration is an excellent place to start. “By 2023, 75% of organizations will be using a single vendor with strong identity orchestration capabilities and connections to many other third parties for identity proofing and affirmation, which is an increase from fewer than 15% today”, according to Gartner in its Market Guide for Identity Proofing and Affirmation.
As a result, the market for such technology is on the rise, with the potential to become more mainstream in the coming years. But it’s important to consider some of the market challenges that an orchestration platform should be able to address:
A legacy system with integrated point vendors could be a challenge for a company with growth strategies that want to expand its global footprints. In today’s world, customers can be using any product/service through any device, channel, and location. For a rapid global expansion, it would be challenging to manage user journeys localized for their geographies. Traditional systems and integration would become complex, expensive, time-consuming and many times can’t provide a solution for such issues. Furthermore, without an orchestration layer, it would be impossible to conduct A/B testing, workflow/journey analytics, and champion-challenger tests to provide clients a credible solution that can solve their business challenges.
The regulatory landscape is always changing. In perhaps no industry is that more evident than in financial services. Every new year brings a new set of regulations, challenges, and changes. This leads to work required to make changes within authentication, ID proofing, and fraud detection strategies.
Data will be returned in a variety of formats, headers, and structures, with varied response times from vendors. In some circumstances, the data returned may only provide partial understanding, making it less useful; nevertheless, when paired with other data items, it may provide additional relevance, allowing a possible “reject” to become a “accept.”
Managing and supporting multiple vendors is a challenge for companies and as new vendors come into the market, the work required to research, assess, engage, connect, deploy, and roll out new API integrations is time-consuming and expensive. Often, many companies face issues with vendor lock-in, and challenges in switching to another vendor result in poor customer experience and increased churn rate.
Changing compliance/fraud data
KYC/KYB, Fraud, and AML data change slightly with regulations and client’s compliance needs. But having a comprehensive data access layer “out-of-the-box” is crucial for any clients, often these data are distributed and unstructured. New data vendors are constantly emerging in the market, for the end client being able to select, assess, engage, integrate, and test new vendors becomes time-consuming and expensive.
Today’s digital consumers rely on a wide variety of applications to access products/services. Users are forced to memorize and track a dizzying array of frequently changing passwords. Overwhelmed by password sprawl, many users take risky shortcuts like using the same password for all applications, using weak passwords, repeating passwords, or posting passwords on sticky notes. Bad actors can take advantage of lax password management practices to mount cyber attacks and steal confidential data. In fact, compromised account credentials are a leading cause of data breaches. Simple authentication methods that require only username and password combinations are inherently vulnerable. Attackers can guess or steal credentials and gain access to sensitive information and IT systems using a variety of techniques.
This brings us to the importance for companies to leverage modern-day passwordless authentication which goes beyond the use of password and username credentials. Biometrics, security keys, and FIDO are all considered “passwordless” or “modern” authentication methods.
Safe and Secure Account Recovery
Account recovery comes into play when you cannot remember a password, are replacing a previously trusted device, and/or must bind another MFA method(s) as the token or phone was lost or stolen. Also, password reset is considered to be the weakest link for spear phishing, and social engineering to take over user accounts. To tackle this challenge, companies need to implement self-service account recovery leveraging multiple authentication methods such as automated ID proofing and verification to secure user accounts.
Based on the factors above, a number of scenarios could result in changes in the user journey and identity experience and as such minimizing the downstream tech impact on the client is key. With a no-code orchestration layer, these challenges can be easily overcome.
The agility provided by the orchestration platform allows companies to proactively safeguard and verify their users and tackle market challenges. Companies need to realize the need for such orchestration tech to create simple and seamless identity journeys deployed through a flexible, agile, and elegant no-code interface for orchestration and workflow management. This would help companies in providing a smooth customer experience, eliminate vendor lock-ins, reduce churn rate while performing A/B testing for the user journey.