The launch of the much-hyped Apple iPhone X was dampened by security concerns over its new facial recognition feature, Face ID¹. A recent poll suggested this innovation, a sign-on feature of the device, was a deal breaker for 20% of respondents on fears that it could be fooled, misused by police or criminals², and of the repercussions of the technology on identity in the future.
Identity is a tricky concept. Philosopher Descartes famously wrote “I think, therefore I am,” asserting that if there was a ‘something’ doing the thinking, there must be a physical self it is attached to. But how to prove that self to others, and attach it to a physical body? Thinking only goes so far.
This is where identity comes in. An identity is essentially, for the purposes of this discussion at the very least, a non-physical representation of a physical person or thing. It is a set of attributes that confirms that a person at this point in time is the same person at another point in time.
The attributes that make up identity are associated with, or describe, your physical person. The ones most of us are familiar with when it comes to formal identity are our names, dates of birth, passport, drivers licence and the address where our physical self resides.
Some of these traits are static – such as date of birth – they don’t change. Others are more dynamic, such as addresses or emails, which don’t entirely prove a person’s identity, but can be used with other points of identification to establish the uniqueness of a person.
Biometric attributes, such as those used by the iPhone X or smartphones which unlock via a fingerprint scan, are effective ways to to prove a person’s identity as they inherently form part of the physical self. They should be, in theory, much harder to fake.
There are multiple use cases in which the establishment of identity impacts on business. Onboarding, removing departing staff, changing employee roles and access levels, and simple forgotten password requests all require time and resources to manage.
When a new staff member comes into the company, for example, a good portion of the onboarding process is to do with identity. This includes background checks in the initial stages of employment all the way up to issuing access to buildings, technology and systems.
While digital identities are managed thousands of times a day, the process has not become smoother with use. Nearly everyone at the water cooler has at least one story about the weeks they were waiting before they had access to their email or how often they had to borrow the visitor’s pass from reception until their own was issued.
Setting up a new identity for all of a company’s functions – often on multiple systems and platforms – can be time consuming and frustrating. Not to mention costly.
Imagine a company with 10,000 staff. With an average turnover of 16%³ that company will have around 1,600 staff leaving, and presuming that other business conditions stay the same, another 1,600 starting in any one year.
Now let’s say that for the average employee to be onboarded with access to all the systems they need to be truly productive takes 2 weeks, or roughly 75 hours. A total of 120,000 hours being spent on onboarding. If even half that time is being wasted, at an average wage of $40 an hour4, that’s $2.4 million (plus tax paid) lost in productivity.
And that’s just for onboarding.
Inefficient and clunky ways of managing identity are costing businesses. And that’s just one of the reasons these processes should be addressed. Identity management also affects facilitation, corporate governance, security, risk and regulatory compliance.
If that weren’t enough to keep a CEO up at night, there is also customer identity to think of. More than just verifying a customer’s credit card numbers match the expiry date, identity plays an important role in how customers interact with a brand.
Creating profiles, managing details – such as addresses, emails and payment options – calling up help centres for technical or billing help, are just some of the many times when identity must be managed, often with associated costs. Call centres, for example, spend an immense amount of time resetting customer passwords, and verifying the people they are talking to in order to do so – time those staff could be adding value to the business in other ways.
The automation of such processes, including the self-service models customers are increasingly demanding and which brands should be pursuing in the quest for less friction, lead to better customer experiences. And less risky ones.
On a purely human level, the risk of mis-identifying a customer can have very real consequences, such as when an abusive ex-spouse is able to find current address information from a phone or credit card company. Online phishing scams can just as easily be analogue and call centres an easy target.
In fact, many companies are moving towards voice recognition to increase security, acknowledging the better identity match it enables over passwords and security questions – information that can be gleaned from the ubiquitousness of social media accounts5.
Digital identity (okay, this might be getting a little philosophical again, but bear with us, it’s relevant to business operations) is changing. Who owns our identity data, how we share it and how it’s verified easily are all questions that are being asked and debated.
And in the not-too-distant future, identity security will undergo major technological upgrades too. Rather than needing to scan a fingerprint or complete a password to access a phone, for example, behavioural driven authentication will complete the process without conscious input from the user.
By sensing the way a person walks, the pressure exerted on the phone or how it is picked up or typed upon, the device will constantly assess the risk of an impostor and act accordingly, locking down the device or its high-risk functions. This continual verification should, in theory, be much safer than a timed login session.
While facial recognition such as that offered by the iPhone X might be a step too far for some, growing investment in biometric and behavioural data indicates the turning of the tide when it comes to identify access6.
It won’t be too long before such sophisticated systems for identity verification are commonplace. In the meantime, businesses should be evaluating how they are addressing identity access with current solutions, which are still lightyears ahead of the legacy systems many businesses are enduring.
The ability for staff and customers to engage with secure platforms is crucial in today’s digital ecosystem. Access should be easy, quick and seamless, not just because they will be more pleasant, which is critical to customer experience, but because of the added flow-on effects to cost, agility, compliance and security.
Companies who have an integrated and mature identification system will be at an advantage over those who continue to spend time manually adding in identities one by one.
© 2017 - 2021 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.