Yes, you may not realize it yet but the news we announced this a.m. really is just as big to B2C companies as this week’s Verizon iPhone4 launch is to millions of consumers, so it’s only fitting that I blatantly steal the “It Begins” promo tag and include it in my blog post title.
I really don’t want to brag too much or seem too over the top, but today, we changed the world of identity authentication. Really. We did.
How? By launching ExpectID Enterprise, a brand new knowledge based authentication (KBA) product that solves many of the problems associated with those ridiculously frustrating and hard to remember shared secret questions we all know so well – What’s your mother’s maiden name? What’s the name of your favorite pet? etc. etc.
You can read all the details of this new product in our press release announcement. The cliff note version is that ExpectID Enterprise lets a company, say a bank or health insurance provider, create and present authentication questions to consumers using their own internal customer data without having to share any of that data with a third party. The kicker is that these companies still get all the advantages of using a Software as a Service solution to create, manage and monitor their custom questions.
For those of you in the identity verification and identity management industries, I bet I could stop right here. You can probably already see the significance of this announcement. Others not deeply involved in identity might not be quite convinced that this really is as big as Verizon getting the iphone, so let me help by spelling it out just a little more.
I’ve often blogged about the dangers of shared secrets and the difference between static-KBA and dynamic-KBA. (See How Shared Secret Security Questions Are Killing Customer Service and How Dynamic KBA Could Have Stopped Palin’s Email from being Hacked). Not only are shared secrets at a high risk of being socially engineered, consumers just plain don’t like them because they often forget the answers. Think how much easier it is to answer a multiple choice question like “Which doctor did you last visit?” when resetting the password to your healthcare portal, or “How much is your biweekly deposit?” when registering for an online bank account, than it is to rack your brain trying to remember what answer you used several months (or years) ago, how it was spelled and if there were any capital letters or numbers involved.
Businesses having the capability to use their own data as a source for questions sounds simple, but really it’s quite complex. There are a lot of moving parts and analytics associated with identity security questions, which is where the expertise of IDology comes in. This is our business. We understand the nuances related to identity, fraud and dynamic KBA sessions. Now banks, healthcare providers, retailers and essentially anyone using shared secret questions can take advantage of the powerful capabilities of a dynamic KBA solution but using data that is more relevant to their business; and without impacting the data privacy of their customers.