We are all tired of logins and passwords, and the promise of switching to the use of biometrics to replace all of that. The new Apple phone has done a fantastic job of explaining what’s possible for going way beyond the easy to hack fingerprint to the facial recognition stored in the unhackable secure enclave of your phone.
But there’s a problem with that.
As great as all of that is – it still starts at the “second mile” of authentication. A facial recognition like that can confirm that your face is the same face that set up security, but they don’t do anything to confirm that you are who you say you are. That’s the first mile of authentication and it’s surprisingly rare.
And if, like a lot of people you are diving into blockchain, while a lot of aspects of blockchain thrive, even depend on user anonymity, other industries can’t move forward until the first mile identity problem is solved. Financial Services and Healthcare are the two big ones that will go nowhere until there is a good, fast, trusted solution for blockchain.
UPort and Civic are two companies that have done a fantastic job of making identity an issue on blockchain. UPort is focused on the private key aspect of things, and Civic is looking to build on the KYC/AML validation that banks need to do for the First Mile, and leverage that for future interactions in a way that add trust and remove friction from the user experience. There’s also a company down in South Africa that’s starting to stitch together several of the identity companies on blockchain so there is interoperability between the different solutions offered by the various players in the space – it’s a bit under the radar – which is why I am not naming it, so if you want more about that – send an e-mail to me at email@example.com and I will tell you a bit more.
Banks and employers will do this when they first establish a relationship with you. They have to do it by law. Banks have a Know Your Customer (KYC) regulation (https://en.wikipedia.org/wiki/Know_your_customer). This is getting a photo ID issued by the government, like a driver’s license or passport and making sure you are who you say you are. They also have to do an Anti Money Laundering (AML) check to be sure you got your money from trusted sources. http://www.investopedia.com/terms/a/aml.asp?lgl=rira-baseline-vertical. But they only do it once. It’s expensive for them – it’s at least $20 per customer for KYC and by some estimates AML checks cost over $7 billion per year (IdentityMind’s web site has that stat). Once they know who you are – they let you get a login and password that could easily end up in the wrong hands because all of the ID/Password information is stored centrally. We know that Equifax and Target have been badly burned by people hacking all of the ID/password information of customers.
So it seems pretty obvious that doing this once is not enough for an ongoing relationship where you have data that you care about.
And our phones/smart mobile devices never do it.
There are services that will do this in varying degrees.
- Jumio will do it but there are people behind the scenes matching photos like a selfie with a government ID so that takes time,
- OnFido is a reseller of services and they are also an option
- IdentityMind is another company that offers this service and it’s hard to know how they do it just looking at their web site, and
- AuthenticID uses a fully automated process that takes less than ten seconds.
So while there are some choices, once you understand what First Mile authentication is, you are probably shocked that more places don’t to more to ensure that you are who you say you are, from banks, to healthcare, even to other things like the babysitter you hire.
It’s probably because until now there wasn’t a fast, easy affordable way to get this done and verify it on an ongoing basis.
So, What’s going to happen?
What’s going to happen is that people are going to start asking for First Mile authentication, and expect / demand it, and because it’s affordable and the biometric data stays on your phone (in the secure enclave making it unhackable), users will maintain control (via consent) of who gets to see it, and because the data will be so distributed, it will be much less likely that you will have these mass identity breaches that we have been seeing from places like Equifax.
This will become ubiquitous.
As it relates to the blockchain, the frenzy right now is around Initial Coin Offerings (ICOs). Something we are already seeing is the use of a First Mile authentication service in the registration process for the buyers of ICO tokens. That will continue as countries continue to clamp down with regulations on ICOs with KYC/AML regulations.
OK, Then What’s going to happen?
After this becomes an expected and ubiquitous technology for replacing ID/password to reduce the risk of fraud and theft – it will quickly pivot to reduce time and friction in customer enrollment for apps and services. There’s about a 20%-25% abandonment rate when people start signing up for a new service because it takes too long and it’s too much typing for what we want to do in the moment. When you can use your biometric (Second Mile) as an authentication and know that it’s trusted from a First Mile authentication, the enrollment process takes a lot less time to move forward to the first transaction, so abandonment rates will plummet, which means customer conversion rates will soar, which means revenues will also soar and we will be better able to get on with our lives.
There you go.