Gartner IAM Summit Wrap-Up: The Password Must Die

Last week, Jumio attended the Gartner Identity and Access Management Summit 2016 where the latest trends in identity management, to prevent fraud both in daily business transactions and in the workforce, was in the spotlight.

In today’s digital world, the need to establish a match between an individual’s digital identity and their “real world” identity is critical for businesses to operate safely and effectively.

One of the big takeaways from the conference is,“the password must die.” So what should you do to protect your customers and your business?

Gartner analysts, Jonathan Care, together with Tricia Philips, have defined a 4 layer model for Identity Proofing as well as a three pronged approach which creates a convergence between Identity proofing, authentication, and online fraud detection (OFD).

The four layers of identity proofing provide a guideline for companies to achieve the level of security that best fits their needs. As the analyst’s session states, “Absolute Identity Proofing is Dead”. But what does that mean, basically there is always going to be some risk to fraud. There is no sure combination that ensures no fraudster will pass though. The goal is to find the right balance between what is required to provide proof of identity while providing customers a frictionless customer experience.

What I’ve seen is that one element is clear: we must be able to tie the digital persona to the real-world person and that will continue to include the evolution of biometrics as a key element. Today, the most trusted way is to match the photo on a validated document to biometric facial recognition. While fingerprint scans can help with secondary authentication, they can’t provide real identity proof. Perhaps a balance for secondary authentication is to require biometric facial recognition for high-risk transactions, like larger money transfers.

As processes become more complex and stringent you risk churn of “good” or trusted customers to prevent “bad” or fraudster attempts.

Another strong theme from the Gartner IAM conference, and highlighted by Gartner analyst Ant Allan, is the need for analytics to cross all the elements of ID proofing, authentication, and OFD.  Currently, the overlapping of ID verification technologies leads to confusion, and the onus is on companies to pull these disparate solutions together.

For 2017, I predict we will see a convergence of the many solutions that touch ID verification and proofing. To combat these inherent risks, technology will merge to provide even higher levels of ID verification and ID proofing.  By combining inferred data from companies like Equifax, with biometric authentication like biometric facial recognition, geo location and behavior, along with approved forms of government issued IDs, companies will further advance their ability to truly prove a person is who they say they are. These solutions will assimilate and combine to protect the consumer and allow them to take ownership of their security, while providing an excellent user experience and meet regulatory and business requirements for KYC.

Learn more about Jumio’s Netverify real-time ID verification with biometric facial recognition.