David Thomas, CEO of Evident ID
Consumers embrace the sharing economy for the freedom of choice it offers; using a digital platform means consumers are no longer tied into big conglomerations, but instead deal directly with peer-providers. The sharing economy also gives consumers power by allowing them to participate in a rating system that influences providers’ reputation ratings. Coupled with this additional freedom and control is an inherent level of risk. While digital platforms have taken some measures to alleviate that risk, the most effective risk-mitigation factor would be the requirement of a verifiable online identity for participants in the sharing economy. However, before verifiable online identity can truly take hold in the sharing economy landscape, there are barriers that must be addressed:
Online identity verification creates friction. The sharing economy’s appeal lies in its ability to camouflage itself into daily life. To be effective, a good online identity system needs to be invisible. Lengthy or intrusive onboarding will stop a would-be participant experience in its tracks.[1] Seamless onboarding, on the other hand, drives home real, quantifiable results: “companies that focus on providing a superior and low effort experience across their customer journeys . . .realized positive business results, including a 10-15 percent increase in revenue growth and a 20 percent increase in customer satisfaction.”[2] As verifiable online identity finds its place in the sharing economy, it must be driven by a seamless, consumer-friendly onboarding process. Otherwise, the process will simply lead to abandonment during the onboarding process, which is counterproductive for platforms, providers, and consumers.
- No single definition of online identity verification exists.
Most people’s comfort level extends to offering their identification at banks or airports as a security measure.[3] The same does not hold true for online environments. While traditional identity verification is a relatively standard process, online identity verification is definitely not. Users currently don’t know what information is necessary for verification purposes or how that information enhances their online security.
Currently, the onus falls on each sharing economy platform to decide what components to include in the identity verification process; they then are faced with determining which components need to be outsourced and which can be developed internally, weighing the risks to find the appropriate cost versus performance balance.
- Identity verification processes change by the moment.
In the dynamic sharing economy, fresh players and segments continue to appear almost daily. Identity credentials constantly change. The challenge becomes creating practices and guidelines that remain current and protect against increasingly sophisticated ways to forge identity. In this dynamic environment, the refrain becomes “is this the most up-to-date data?” Trying to stay on top of these changing processes can drain resources—employee and financial.
- Online identity requires a tremendous amount of personal data.
Personal data often includes a person’s full name, Social Security Number or credit information, as well as a secondary source like date and place of birth or mother’s maiden name. Currently, to many consumers’ dismay, online identity verification measures require a good deal of personal data. Companies collecting data face a host of unnecessary risks and potential liabilities. Although security measures are evolving, securing personal data against hacking—which could cause serious damage to the consumer and to the company’s reputation—remains a significant concern.
- Identity verification actually reveals very little about a person’s qualifications.
Information currently collected to establish identity doesn’t tell the consumer anything about the provider’s qualifications—like professional licensure or certificates. Currently, review based scores serve to establish peer-to-peer trust. But those scores can be easy to manipulate. For the identity verification process to be truly useful, it needs to be differentiated based on the sensitivity of the service being offered. For instance, accepting a ride from a Lyft driver requires one level of identity verification—is the driver who she says she is and does she have a clean driving record? Scheduling an appointment with an online health professional requires another level of identity verification entirely. Now the user needs to be able to easily ascertain not only the provider’s identity but also that they are a licensed, credentialed medical professional.
- Online identity verification is complex and requires constant re-verification.
Companies working to grow a vibrant user base must constantly show proof of verification of identity for an ever-shifting user and consumer base. Unfortunately, verifying identity isn’t a one-time process. Identity verification must be established and re-established on recurring basis. These efforts often require large amounts of time and financial resources and leave companies vulnerable to events that could seriously damage their brand-reputation.
- With the sharing economy positioned to double in size every year, online security and privacy regulations are becoming more complex and thorough, particularly in industries that require large amounts of personal data.[4]
Fundamentals like full name, date of birth, and home address must already be verified. Beyond the fundamentals exists a wide variance in the number and type of data sources engaged to confirm someone’s identity.[5] The rapid growth of digital marketplaces means that companies must be up to date with a wide range of security and privacy regulations, including legal compliance with HIPAA, FCRA, CIP, and the Patriot Act . The constant push to obtain personal data for verification unnerves even the most web savvy customers and providers. Nagging questions about who is storing the data, how it will be used, and—ultimately—by whom make users skittish. Additionally, the constant ask for personal data produces friction in what should be a seamless process. Friction pulls users out of the instantaneous experience that they seek on a digital platform. And friction causes drop-off. Meanwhile, companies managing sharing economy platforms must wrangle with crucial decisions about collecting, maintain, and verifying online identity for their users. These decisions could well impact the viability of their company—and the security of thousands of their users.
- Current personal data practices create an environment that breeds internal threats.
Companies can, and do, invest billions of dollars in keeping personal data safe. However, even the best technology cannot eradicate the threat that stems from employees having access to users’ sensitive personal data. Employees assigned to process background information for users and providers have open access to personal data. The best encryption system doesn’t block against the employees who have access to personal data as part of normal course of business. Currently, organizations simply must trust that these employees won’t be swayed by bad-actors who offer monetary reward for the distribution of personal data. Even intelligence agencies haven’t been able to solve this issue—as evidenced by multiple major releases of information by insiders.
Although challenging, these seven key problems are certainly not insurmountable. What is required is a fresh perspective on managing personal identity, so that the sharing economy can realize its full potential.
[1] Key Trend in Online Identity Verification Econsultancy, May 2016
[2] Want A Powerful Customer Experience? Make It Easy For The Customer B. Morgan, January 2015
[3] The Challenges of Non-Face-to-Face Identity Verification Trulioo, June 2016
[4] Sharing is the New Buying Crowd Companies, 2014
[5] The Challenges of Non-Face-to-Face Identity Verification Trulioo, June 2016
Bio: David Thomas is the CEO at Evident. He is an accomplished cybersecurity entrepreneur, having held key leadership roles at market pioneers Motorola, AirDefense, VeriSign, and SecureIT. He has a history of introducing innovative technologies, establishing them in the market, and driving growth – with each early-stage company emerging as the market leader.