Choosing an Identity Vendor
The way a business interacts with its customers determines its success. The key to this interaction is the information that you possess on each customer — their ‘identity’. What once was handing over personal information on a form to a business, is now consumers creating identities en-masse, to experience the full benefit of the internet.
There was a time when personal information was handed over to a business on a piece of paper. Now, scores of digital identities exist so people can benefit from everything the internet has to offer.
Retail e-commerce is expected to top 730 billion USD in 2023. Online shopping penetration is quietly rising in emerging markets. Indonesia, for example, had higher online shopping penetration than the United States in 2017, at 79% and 77% respectively. Digital commerce might just absorb commerce altogether, so the need for businesses to plan their identity management is more pertinent than ever before.
As a business owner, what can you do to improve your identity strategy, and what should you look for when choosing an identity vendor? The meaning of identity management, its risks and benefits have changed with the scale of digitisation. The efficiency of an identity vendor is measured by their ability to address the concerns and challenges, and harness the opportunities of this brave new digital world. Here are some points to ponder.
1. How much does my business value customer experience?
Due to the rapid evolution of the internet, websites that were built just a few years ago now seem outdated and clunky. Tech-smart businesses consistently made amends based on what consumers like and don’t like online.
It didn’t take long to realise that consumers resented sign-up forms and the idea of requiring to input their details repetitively. Despite this being obvious, long and complicated onboarding processes became the norm for most websites. The blame should be placed squarely at the feet of the identity industry — because the technology to prevent this exists.
Identity management systems tend to mitigate poor user experience by spreading sign-ups over multiple pages or by using Autofill. However, such methods only increase data security risks.
A good identity vendor centres on customer safety and experience. They look to cut down any identification processes to the point of no typing, while ensuring that individuals stay informed on how their data is used.
2. What is my business’s security and privacy appetite?
In the pre-internet era, data theft meant breaking into banks or businesses and stealing documents locked in vaults and safes. The potential security risk of those times to now is like comparing a raindrop to a waterfall.
Hackers can break into accounts, change passwords and commit fraud, all from the comfort of their own home.
The current default in personal data storage has little or no encryption and centralisation, so customer information is easy to steal and read. Password authentication is widespread, but this is a very minimalistic security measure. Identity vendors with a little more aptitude in the realm of security might employ data segregation and partially encrypt data. They could also use Multi-Factor Authentication (MFA) for an extra layer of security.
State-of-the-art identity solutions make security and privacy-by-design their highest priority. Employing heavy encryption, such as those based on the Elliptic-curve Diffie Hellman protocol, and distributed storage for personal information are good indicators for vendors who take security seriously. Privacy-by-Design ensures that all reasonable steps are taken to prevent a person from obtaining any information that they aren’t authorised to access.
3. How much data does my business really need?
Data safety is not just about how hard it is to break into a database but what information, and how much can be taken. Suppose a ride-share app requires all potential drivers to have a driving licence. Consider these scenarios.
Scenario 1: The company asks applicants to send a picture of their licence to prove their eligibility. An image of the document is then stored on the company database.
Scenario 2: The company employs an identity vendor that confirms or denies that the candidate has a driver licence. Only the result is stored — the confirmation or denial.
If the database in each scenario were to be hacked, which situation would pose a higher risk to users? There isn’t much a hacker can do in learning if an individual has a driving licence or not. However, if they get their hands on the personal information contained on a licence, identity fraud becomes easy.
Identity vendors can help you understand how much data you require, so that the severity of data breaches is minimised. The technology available these days has made it possible to acquire the information you need without having to view the data that comes with it. Doing this controls data wastage and reduces the risk of violating data regulations like the GDPR and CBPR.
An identity vendor that encourages businesses to hold the minimum amount of data knows that Scenario 2 is smarter and safer than Scenario 1. If your business however requires more information about your customers, the right vendor will securely deliver that information. Flexibility is key.
4. When integrating new software, how much disruption can my business systems tolerate?
There are many parts to building and maintaining a great website and identity management is just one of them. The implementation of an identity system should be just that — an implementation, not a renovation. You shouldn’t have to redevelop your entire website, and waste time and effort already spent. Look for an identity vendor who can embed their solution with little or no interruption to the rest of your systems.
5. How international does my business aim to be
Compete globally, or don’t compete at all — such seems to be the mantra of today’s economy. Businesses that cater to multiple locations, languages and cultures have a more rounded view of the market. For companies looking to reach high global growth, it is essential to deliver to rapidly growing countries especially. Consider identity platforms that can cater to some of your key target markets.
6. How important is compliance with emerging and future privacy regulations?
In the future, it might just be that the past two decades will be known as the ‘wild-west’ era of the internet, when it comes to personal data. After the occurrence of major data breaches in the years following the mid-2010s, regulators of the world began to see the importance of data privacy. The EU’s GDPR and APEC’s CBPRs set the stage for consumer control of data globally. India is following in those footsteps with a draft Data Protection Bill of their own. Like these regulations, identity vendors almost exclusively deal with personal data. Unless they adhere to data privacy laws, it is not even worth considering trusting them. Ideally, a vendor will be trend-focused and anticipate future regulations.
As the world becomes increasingly digitised, the public, governments and businesses are recognising that reliable identity systems are essential. Businesses must ensure that each piece of personal data they hold serves an important purpose in interacting with their customers. Selecting an identity vendor is about selecting the future of the personal information your business possesses. Choose wisely.
Sphere Identity streamlines the customer onboarding process in a safe and compliant way while also giving individuals their privacy back.