Don't let digital trust become a footnote to digital transformation

Digital transformation has been grabbing the headlines for quite some time now. But it’s equally important that digital trust isn’t relegated to the small print. Callsign’s Amir Nooriala reports.

With the march of progress relentlessly continuing, it comes as no real surprise that in the US, there are now plans to allow smart device apps to be used as proof of ID at airports and even to collect and store hotel keys.

As a marquee example of the popular (mis)understanding of what we call digital transformation, it’s a bold move and one that will resonate with consumers right across the board. However, it also has significant implications from the viewpoint of digital identity, and more importantly digital trust.

Broken foundations

The problem is that digital trust, the foundation for digital identity, is broken.

The online world has always been the breeding ground for fraud, the volume that it needs to hide in. Over the last year or so, the changes brought about by the pandemic have seen a massive acceleration in online adoption and with it, equally massive rises in the proliferation of online fraud.

It’s a very, very serious problem, even when viewed through the lens of banking fraud or too-good-to-be-true goods scams; these are certainly the examples that spring to most people’s minds, and the ones that get the most column inches in the press. But fraud goes far beyond that, worming its way into every imaginable niche.

Digital first, security last?

It’s worth taking a moment to look at definitions. Because in reality, the proposal to use apps in this fashion, and other similar concepts aren’t truly examples of digital transformation. Rather than digitising existing journeys, it’s a case of building entirely new digital journeys.

That’s not a bad thing at all. In an evolving, digital-first world, it’s natural that some journeys and experiences will be born and then borne online. The problems arise when UX takes precedence over security.

A digital hotel key with no physical manifestation is highly convenient, for customers and hotel staff alike. But if fraudsters can gain access to the app that holds that key (and most likely displays the room number), it introduces a whole swathe of potential risks, with theft being just the thin edge of the wedge. Equally, the idea of using a digital wallet for airport access brings convenience to a common pain point. But again, if bad actors could circumvent airport security, the consequences could be severe.

Which isn’t to say that businesses shouldn’t consider the role that UX plays in their product offerings. It’s undeniably important and often for the customer, it’s the key differentiating factor. But as is clear, it can’t be the only factor that’s considered.

A poor, friction-filled customer journey can definitely damage a company’s reputation. So can a high level of fraud.

Complementary technologies

There is little doubt that any business looking to move forward with using smart devices for applications such as airport access will need to do its due diligence – Apple, for example, is implementing these very changes to its Wallet app, and is working closely with the TSA to ensure that the security is watertight.

Others will seek to follow suit or pursue similar paths, and for those businesses – indeed, for any business building digital journeys – there needs to be the utmost consideration given to the authentication technologies that will underpin those journeys.

That means looking beyond the technologies that are in common usage. Conventional static biometrics, for example, are not up to the task. They are easy to circumvent and once broken, nigh-on impossible to fix. If your device has been hacked and someone has obtained a 3D model of your face, you can’t exactly go and change it.

Those technologies exist already and are they’re already being used by major organisations. In particular, behavioural biometrics – where users are passively and invisibly authenticated by the way they swipe and type, even the way they hold their phone – and device fingerprinting technology that detects the behaviour of the hardware components of the user' s phone, rather than legacy methods like cookies, are seeing increased adoption across the globe, as well as the backing of influential entities such as the UK’s Financial Conduct Authority.

With vendors such as Callsign able to provide easy-to-integrate solutions that incorporate behavioural biometrics and allow for 3-factor authentication from a single transaction, the barrier for adoption is low.

An age-old conundrum

Building and maintaining digital trust is difficult.

In an online world, innovation is pretty much the definition of an unstoppable force, a key to staying competitive, and that applies to evolving user journeys as much as new technologies. But security has to keep pace with UX.

Because all the goodwill built up by having a smooth and fluid UX can be destroyed by a single instance of fraud – the very definition of an immovable object.

What happens when those two things meet? That’s probably something best left unsolved.

About Amir Nooriala

A knowledgeable and engaging panellist, moderator and speaker, Amir Nooriala is Callsign’s Chief Commercial Officer. His broad expertise across financial services, identity and Fintech is rooted in his extensive experience – including working as CSO and COO at OakNorth and Ops and Tech MD at BGC, as well as key roles at Barclays Investment Bank, Accenture, and Cisco Systems. Beyond Callsign, Amir is a champion for social mobility in the UK, being a long-serving trustee of the charity Making the Leap and the UK Social Mobility Awards (UKSOMOs).

About Callsign

Callsign has a simple vision: we want to make digital identification seamless and secure. Our unique positive identification approach balances high security and user experience, allowing customers to interact online safely, with minimal friction, while ensuring that bad actors are blocked to protect customer’s identities and business interests.