Among the largest risks implicit in the way we transact online is our inability to authenticate both to one another and the services we rely on. So it comes as little surprise two giants, both of whom are already working on the project separately in their respective industries, are collaborating. Earlier this month, Mastercard and Microsoft announced a “strategic collaboration” to improve how we all manage our digital identities. They said little else.

Digital Identity is fast becoming difficult to define given the growing number of ways we can prove who we are when we’re transacting online. The fact is proven by the sheer number of public and private projects aimed at creating a standard. In North America, alone: 
  • SecureKey is working with IBM — using the tech giant’s blockchain — to create what it calls an “identity and attribute sharing network.”
  • Capital One is offering a series of APIs to partners that charges businesses for tools that verify, enroll, and authenticate customers. The technology is being pitched as a way for outsiders to improve their “user experience, reduce online abandonment rates and not least of all guard against fraud.”
  • Equifax and FIS have launched an OnlyID product. Similar to Capital One, the “identity verification solution” is billed as a solution that provides “a higher level of account protection and personal control through a single, secure digital log-in, consisting of the consumer’s thumbprint or another unique identifier.”  This solution leverages location, behavioral characteristics, and network intelligence from across relying parties to ascertain identity
With more than 65 million customer accounts, Capital One’s solution offers a degree of scale that could incent relying parties to pursue early integrations. And the Equifax-FIS-product brings together the capabilities of the technology provider and the reach of credit union to allow smaller banks to participate in the digital identity ecosystem.

The Microsoft and MasterCard partnership potentially offers the same benefits. Only on steroids. Mastercard’s acquisition of NuData last year means that through its behavioral biometrics technology it understands consumer’s transactions more deeply than ever before. Microsoft is among the largest purveyors of authentication and identity access management (IAM) technologies. IAM, however, is effective for enterprises with tens of thousands of identities, not the millions of retail customers issuers must manage to lower their risk of fraud. 

Indeed, the success of the collaboration will rely on willing issuers’ and merchants. Depending on the use case, emerging payment- and banking-focused digital identity products will have to overcome the same hesitancies Facebook’s federal identity scheme faced among banks and 3-D Secure has historically confronted with e-commerce merchants in the U.S. 

They all know there’s a delicate interplay between privacy, security, and convenience. Banks in particular recognize the brand and financial risks they could incur if something went wrong. That said, MasterCard and Microsoft are not Facebook, but that doesn’t mean that they don’t face an uphill battle. Can these two organizations build an effective digital identity solution? Undoubtedly.

But solving for digital identity is more than just building a secure and effective solution. An identity scheme isn’t worth anything if it is one that organizations don’t trust, and ultimately fail to adopt.


About Sean Sposito

Sean Sposito is an analyst in the fraud & security practice at Javelin Strategy & Research. His primary focus is the intersection of retail banking and information security. The topics he’s keenly interested in are vulnerability disclosure, cybersecurity insurance, threat intelligence, and the overall challenges facing security executives inside financial institutions. 

Before joining Javelin, Sean worked as a reporter at the San Francisco Chronicle, the Atlanta Journal-Constitution, and American Banker, among others. As a content strategist at the Christian Science Monitor, he counseled security vendors, PR agencies, and in-house communications executives on storytelling techniques and media engagement. 

He has moderated panels at the Visa Security Summit, the ATM Debit & Prepaid Forum, the Emerging and Mobile Payments Card Forum, the Mobile Banking and Commerce Summit, and the Mobile Payment Conference, among others. He holds a bachelor’s degree from the University of Missouri’s School of Journalism. 

Stay in Touch!