When you talk about the mobile biometrics revolution, you talk about FinTech, and any conversation about FinTech is going to prominently feature Daon. The biometric software company deployed its IdentityX authentication solution to great effect in the early days of biometric mobile banking, its trailblazing partnership with USAA clearing the way for mass adoption of strong authentication in financial services. Now that biometrics are reaching a new stage of maturity, new markets are primed for next gen authentication, and Daon is ready to transform experiences beyond the financial transaction.
FindBiometrics President Peter O’Neill recently interviewed Conor White, President – Americas, Daon. Their conversation begins with a recap of Daon’s superb 2018 and an update on Daon’s ongoing work with Visa. White moves on to speak abut the market drivers in the financial services biometrics space, an area in which Daon is considered a pioneer thanks to its aforementioned landmark mobile banking deployments. FIDO2 standards become a topic of conversation, giving way to talk of the new European identity regulations PSD2 and GDPR, and how Daon helps compliance and enhances privacy. Finally, White and O’Neill take a big picture view of the biometrics industry, speaking about the evolution of biometrics and where the greatest opportunities are for strong authentication, as well as what’s next for Daon.
Read our full interview with Conor White, President – Americas, Daon:
Peter O’Neill, President, FindBiometrics: This has been quite a year for Daon. Can you please tell our readers about some of the things that have been going on, especially the work with Visa?
Conor White, President – Americas, Daon: It’s been a fabulous year for our business, and it’s tremendously satisfying to see the ongoing, hyper growth of our technology’s adoption all over the world. Perhaps even more exciting is that companies of all shapes and sizes are embracing the union of security and convenience that only biometric authentication provides. Visa is one of the most progressive payment networks out there, and we’re seeing a large uptick of engagement across all types of financial institutions — with new customers in retail banking, commercial banking, wealth management, and payments.
Regarding our work with Visa, we couldn’t be more proud or excited. As you may recall at Money20/20 last year, Visa announced the launch of Visa ID Intelligence – which is a technology platform that helps move payment authentication beyond passwords. Visa ID Intelligence, using Daon’s IdentityX platform, lets Visa issuers, merchants, and processors leverage and combine tried-and-true biometric characteristics, such as face, fingerprint, and voice, while laying the foundation – and this is critical – for adding future biometric capabilities that haven’t yet found their way into consumer devices. The initiative has gone extremely well.
FB: You mentioned the Money20/20 show, which just passed in Europe. I had a chance to catch up with Clive Bourke, Daon’s President for EMEA & APAC, on the Identity & Authentication panel. Daon has been working a lot in the FinTech and financial services marketplaces for quite some time, and we see you as one of the marketplace leaders. What are some of the drivers that are pushing all of that activity?
Daon: We initially thought it would be security — that it was either fraud or monetary loss use cases that were the primary drivers. But there was another driver that we underestimated, and that’s the total customer experience. When you look closely at consumer feedback, what they’re telling us is that they absolutely reject the devil’s bargain that you should sacrifice convenience for stronger security, which is how most authentication systems work. But the brilliance of biometrics is that if you get it right — if you have the right platform — you can improve both the security and the experience at the same time. That’s what we’re seeing from global brands like Visa and Mastercard, and from banks like USAA, which boasts the highest net promoter score of any bank globally — and that’s precisely because it’s putting so much effort into customer satisfaction.
So, this is really the sum of all our drivers — customer satisfaction — and what it means in practice is being able to protect your customers from fraud while simultaneously making it easier for them to do business. And we achieve this by deploying biometrics in ways that feel most natural and frictionless.
FB: And on the other side of that they strongly dislike passwords, and you and I have chatted for years now about the death of the password. So, it leads well into my next question. There is a new authentication standard developed by the FIDO Alliance in conjunction with the World Wide Web Consortium (W3C) called FIDO2. The goal is to move away from the reliance on passwords for user authentication. Why is this so important for our industry now?
Daon: This is a tremendous advancement in the industry. As you know, FIDO started in its early days with two standards: one for biometrics and another for non-biometric tokens or devices. What FIDO2 does is simplify and unify those two standards, while also extending their reach through the W3C to work across all browsers. In fact, thanks to the WebAuthn announcement from W3C and FIDO, many of the mainstream web browser providers like Microsoft, Google, and Mozilla Firefox will have support for FIDO embedded. So, for the first time ever, we truly have a ubiquitous global standard for biometric authentication across all major platforms that consumers use in their daily lives.
We are huge advocates of FIDO and have been champions of their work globally. We’ve also been a board member of the FIDO Alliance for many years and continue to be very active in the standards development and performance testing work that the Alliance undertakes. We have a significant number of customers in production today using our full FIDO product stack including our client authenticators/SDKs and our identity server.
FB: That is a big step forward, and the end user community is so fed up with passwords and all the nonsense that goes on with passwords right now that the timing really couldn’t be better. There is going to be a revolt from end users saying, “Okay I want to get rid of my passwords now.” So pretty exciting for our industry!
Daon: Yes, I commented recently on the whole Twitter issue. We all woke up one morning and were told to change our Twitter passwords. So if you share passwords across different systems – as most people do – you now have to go and change them on all these other systems. It’s such a broken model for authentication and a real nightmare for consumers. But FIDO solves that problem.
FB: It really is crazy taking such a wonderful step forward. Congratulations on your efforts; I know that you are on the board of FIDO Alliance so that is great.
There is other big news and new things arriving especially on the European side. The updated payment service directive PSD2 is going to change the banking and payments landscape in Europe. How can Daon help companies navigate these new waters? Even though it is in Europe, it is going to affect everybody?
Daon: There are two initiatives in Europe that people are paying attention to. One is Payment Services Directive 2 (PSD2), and the other is the General Data Protection Regulation (GDPR). PSD2 has some complex rules in it, but it essentially boils down to allowing people to authenticate securely using two out of three methods — and biometrics is one of those methods. Importantly, though, compromise of the first channel can’t lead to compromise of the second.
Daon provides this exact technology to our customers. For all the banks and financial institutions that are dealing with PSD2 requirements — this is what we do. In fact, this is what our products were always designed to do, which is to span a “triumvirate” of authentication methods: something you have, something you know, and something you are.
The other important legislation is GDPR (General Data Protection Regulation). This is a new law which came into effect on May 25, governing all companies globally that have EU citizens as customers or do business in the EU. On biometrics, GDPR says you need to have a lawful purpose for collecting biometric data, and you must have a consumer’s explicit consent to collect it. People read this and mistakenly think it’s an onerous new restriction on biometrics companies. But if you’re a responsible company like Daon, you’ve always subscribed to these principles. It would be absurd not to.
So what I think GDPR does is help consumers feel a bit more confident about biometrics in general. And I suspect this drives a greater adoption of the technology over time, as the message to consumers becomes clear: no one is allowed to swipe or misuse your biometric data — which is much more than can be said for all the non-biometric identity data that is continuously and surreptitiously collected by social media companies, for example.
Biometrics can truly be privacy enhancing, and I think GDPR will help consumers understand that.
FB: That was a great explanation, thank you very much for covering that. As you mentioned, it will help the industry moving forward. Just generally speaking, you and I have been in this industry for many, many years, and I’ve known Daon for about 15 years. Where do you think we are, generally, in the biometric adoption curve?
Daon: I think most people understand there’s no going back to antiquated passwords. Ninety nine percent of our cybersecurity problems happen because we aren’t authenticating people. Instead, we’re authenticating “things” that we hope are indicative of specific people – but they often aren’t. For instance, once a password gets shared or stolen, it becomes completely cloneable and impossible to truly authenticate.
So from an adoption perspective, we’re definitely heading down the right path. But in terms of how far we’ve gone along the journey so far, I think it’s still early. We’re seeing financial services companies as the leading adopters (especially on mobile devices), and people love these experiences. Now, we have to translate that same customer satisfaction to other areas such as healthcare, automotive, digital assistants, IoT, etc.
Consider for a moment how you opened a bank account 10-15 years ago – it involved a lot of in-person interaction. Today, we’re helping banks provide a consistent all-digital, trusted experience for their customers – from the point of first contact (when they register their identities) to every other touchpoint, throughout the full lifetime of the customer relationship.
Now look at healthcare applications, for example, where you have online medical records, e-prescribing, and the opioid epidemic. It’s easy to imagine all sorts of use cases in which biometrics allow for a better customer experience, and fraud and risk both drop considerably. So I would say we are well into the adoption curve – but with a lot of potential ahead.
FB: You and I see the market in exactly the same way. Yes, the industry has come very far, yes the products are so good, and the innovation is amazing, and certain vertical markets like financial services and FinTech have really been leading the charge, but there are all sorts of vertical markets that are just beginning that process like healthcare, as you mentioned.
What can we expect to see from Daon in the near future?
Daon: One thing you will certainly see is the continued, widespread adoption of our technology, both via our direct customer relationships and – importantly – through our partners like Visa and Mastercard.
I mentioned earlier that we started in the FinTech world, focusing on mobile, and we’ve since branched out to become so much more. Today, using our capabilities, companies can interact with their customers consistently and securely across all of their daily channels – from the person sitting on the couch interested in signing up for services, all the way to mobile, desktop, contact center, and personal digital assistant systems.
We have a much broader strategy now because we’ve learned that true customer satisfaction means optimizing experiences and relationships from start to finish.
FB: Thank you Conor very much for taking the time to speak with us today, it is always a pleasure to speak with you about our industry. Congratulations on the wonderful year that Daon has just achieved.
Daon: Thank you very much, Peter.