Last week, we had the pleasure of hosting our fourth annual TruIdentity Summit in sunny Scottsdale. It was two packed days of insight and innovation (with some great fun mixed in) among some of the world’s leading cybersecurity and consumer experience professionals – from government officials to customer service providers to fintech titans. Sessions were intimate and attendees weren’t afraid to ask the tough questions, “Trusonauts” included. Whether it was new threats to our data, how authentication impacts revenue and of course the expected blockchain debate – the discussions were rich and informative.
A few key takeaways from the event:
The stakes have never been greater…
This was the message of Frank Abagnale, FBI security veteran for over 40 years, subject of Catch Me If You Can, and advisor to Trusona. There were 58 million scams in 2016. By 2021, we’ll likely hit $6 trillion in losses due to cybercrimes. For individual identity theft, 98 percent of crimes can be committed using only information easily accessed from our Facebook profiles: name, DOB, hometown. Meanwhile, companies can lose up to 7 percent of their revenue due to fraud. Hard to believe!
…but neither have the possibilities to fight back.
Trusona’s #nopasswords mission is a new concept for many and our technology is cutting edge – but each day we learn about new problems and use cases that secures sensitive data from phishers and fraudsters for some of the world’s largest industries.
Call Centers: Tom Nowaczyk, Neustar’s director and product management lead for verification and compliance, shared how authentication can dramatically affect how a call center runs – and how we can decide when to add friction for the sake of security. For context, 30 percent of calls into call centers that have to do with forgotten passwords, and the process of verifying who’s really on the line increases friction without upleveling security. Security questions are cumbersome (they’ve even been denounced by the guy who invented them). Passwords are static and predictable. Tom shared how our work together is exploring a new verification method that side steps these roadblocks in call centers, and approaches a sweet spot of security and convenience.
Healthcare: Prakash Santhana, Deloitte’s managing director for fraud and risk, shared how healthcare companies can fight industry fraud – including the 10 percent of stolen identities that include children’s medical records – with probabilistic technology that lowers the risk of each transaction.
Automation can’t completely prevent human error….
81 percent of breaches are caused by passwords. And customer churn due to authentication difficulties are at 3 percent – even higher in fintech and healthcare. In his keynote, Frank also mentioned that despite the leaps and bounds technology has made in recent years – the only surefire way to stop these roadblocks is to arm the public with the education to recognize red flags and curb risky online behavior (i.e. making your password ‘123456’).
…but great design can help.
Our chief design officer, Kevin Goldman, brought a solution to life in what he has coined the “un-experience” – customer experiences that are designed for the subconscious. Negative, time-consuming customer experiences lead to user workarounds (ex: using the same password for multiple accounts), creating a ‘turnstile in the desert’– a security measure you can simply go around.
The best authentication experience should have zero “form elements” or components on the page that require the users’ attention. With this approach, we are able to create an experience that delights the user, engenders positive business outcomes, and most importantly, protects online information.
Security tech is tough to champion…
During the chat, in our breakout sessions, and throughout the Summit, I received many questions not about Trusona itself, but simply about where to begin in this #NoPasswords movement. Who in the organization needs to weigh in? How do you demonstrate its value when it feels like a preventative measure for which we already have a solution, however flawed?
…but if you don’t push new security tech through bureaucracy, no one else will.
Perhaps one of my favorite parts of the Summit was sitting down with Jim McGuire, former CIO of Charles Schwab, to chat about strategies that champion new security initiatives, and the challenges that follow. We swapped stories about cutting through the bureaucracy of some of the world’s most robust security departments at Fortune 100 companies, including American Express and Charles Schwab – where it took a full eight months to implement the security measures I had outlined when I was first hired.
Our conclusion is this: while it seems there is a functional, inexpensive solution in place, moving to #NoPasswords could be the decision that saves your company billions. Once your implementation stops a major breach, you’ll have built a foundation of credibility that paves the way for huge opportunities down the line.
So the Summit brought some of the biggest issues in cybersecurity to light: increased breach frequency creates more opportunities for human error, but somehow still isn’t enough to justify immediate action from big bureaucratic companies. The good news? The tech to fight back may not be implemented yet, but it’s out there. It’s time we took the leap. Trusona, like every security measure, is not a silver bullet. But we’re starting a conversation around authentication that can prepare our audience for a more secure future. A huge thank you to everyone who attended – we’re already looking forward to next year.