Consumer authentication for digital services has matured rapidly during the past several years, creating major opportunities for businesses to onboard customers and deliver services remotely. As digitization and automation spread throughout other aspects of consumer’s lives, such as smart home IoT devices, the basic model of self-service authentication could also be the next big market on the horizon for biometrics providers, Mitek Chief Technical Officer Stephen Ritter tells Biometric Update in an interview.
Ritter notes that Mitek serves enterprises, but those enterprises have become deeply concerned with improving onboarding due to high drop-off rates during the process, which is where biometrics come in. Tailwinds have been created for the industry by growing consumer use of and comfort with smartphone-based biometrics, which afford the capability to carry out continuous, passive authentication – an enterprise concept making its way into the consumer space.
“Mitek is very active in looking at ways that we can layer in multimodal biometrics to make it an even better experience, and possibly looking at ways that we can bridge the gap between onboarding and ongoing authentication, because those are very similar activities,” Ritter says.
Facial recognition in the form of selfie biometrics is not exactly commoditized yet, he says, but it is well known.
“There’s certainly still room to differentiate yourself in that space, with accuracy and of course now with model governance and algorithmic bias being a big topic in order to ensure that works for everybody, regardless of demographic,” Ritter points out. “But the other piece is the liveness.”
These technologies taken together have given biometrics a new breath of life in the present moment, but for that opportunity to be extended to a broader ecosystem, work remains in terms of public education, but also building trust.
Apple, where Ritter worked for a few months, has gone out of its way to assure its customers that they are not the product. In other situations, Ritter says, “That trust still needs to be earned in many cases. The good news is it’s not a technology problem.”
How to build consumer trust
In the context of even people who had been hesitant to use remote capabilities like check depositing being forced to do so for the first time, there has never been a better time for digital service providers to win public trust.
“I encourage our customers, banks and marketplace companies, across the gamut, to strike while the iron is hot,” Ritter urges. “Now is the time to have world’s best experience for the end user that uses all these technologies in a meaningful way. But the privacy aspect, the big challenge on the biometric side is the surveillance threat.”
Part of the public education that might help is if people better understand the difference between private information with secret information, according to Ritter. He has been vocal on this topic for some time, having penned a Forbes Technology Council piece on the notion back in 2019. It has only become more universally true since then that our private information is generally not secret.
Layering authentication and security technologies is one way to address this situation, Ritter says, but not without some discernment. “Also, I think using the right biometric at the right time is a great thing. Don’t use face just because it’s face,” he cautions.
Mitek has been talking to a palm biometrics company with a touchless technology that has been having challenges with liveness about that modality’s possibilities.
For smart home IoT devices, the swipe of a palm may be a more natural way to interact than stooping down to allow a doorbell to capture or clear image or say a passphrase.
“That’s why it’s important for companies to pick and choose and understand the strengths and weaknesses of each biometric,” Ritter explains. “Mitek is starting to position itself as someone who can provide guidance there, and somewhat be a platform to help make that easier.”
The choice of authentication method for consumer applications may also involve selecting the channel. Smartphones tend to be a more natural channel for authentication than laptops, and Ritter says the worst thing a company can do during the onboarding process is instruct user to hold an identity document up to a webcam. If held at the right distance for the webcam to focus on the document the image is too small, because webcams are simply not designed for that kind of close-up image.
The best device for the job is the user’s smartphone, and Ritter considers it likely that it would be for a lot of scenarios involving biometrics as well. Not only are smartphones natural to use, consumers are already becoming comfortable with idea of the phone as a “secure enclave” for their data, Ritter says, invoking the ubiquitous devices’ specialized chips.
Considering what players could establish the widespread consumer trust necessary to take a leading role in delivering digital identity and authentication as part of people’s daily lives, Ritter notes that the present is a great time for banks on that count, as consumer trust levels in big tech have tumbled.
Decentralized identity and the emergence of the brokerage layer
The system of device-based authentication with trusted third-parties sounds a lot like decentralized identity, Ritter further notes.
The technology and standards necessary to build authentication using these systems already exists. Governments around the world, including Canada and the UK, are working on building up digital identity infrastructure to carry out a variety of processes through the internet, though it may take time for them to reach production.
“The U.S. will likely be five to ten years behind everybody,” Ritter predicts. “But there are definitely established standards for how decentralized systems like this work. W3C even has published standards on digital identifiers and credential verifiers, which is that concept of verified credentials, and I think that’s the key. Because this ecosystem of credential verifiers, where you think of this model where as a business you say ‘hey, if you want to onboard as a customer, these are my identity requirements.’”
A government ID, or some other document such as a lease will be selected by the end-user, probably from a digital wallet, and then choose from a list of trusted vendors to have the document verified, with that proof sent to the service provider. This model going to be required, he says. Blockchain could have a role, but maybe not.
Ritter points out that even engineers sometimes conflate distributed and decentralized identity. Decentralized refers to the decision-making and authority, while distributed refers to the work.
Between the trusted vendors and service providers above, the emergence of brokerage layer is likely, to manage the various credentials, determining the service provider’s requirements and finding the credentials to meet them. This marketplace of intermediaries will exist to help people find right verifier.
The biggest issues may by regulatory and business sides.
“The big interoperability challenge I see large enterprises is: why in the world would Apple want to federate HomeKit to everybody, instead of just owning the whole thing?” he asks. “So, I’m watching the big guys.”
Ritter is skeptical that an attempt to force consumers to buy the entire stack from the same vendor will work.
No time like the present
Having been on many interoperability boards over the years, Ritter is also cautious when it comes to short term expectations for a broad ecosystem of connected digital consumer devices.
“It feels a little different this time,” he observes. “Being a machine-learning guy also I’ve been through at least a couple of waves, or AI winters. Just like deep learning feels different, like a different hype cycle than previously. I think it’s got much more legs to it.”
The challenge for the industry may be to not squander the present circumstances of rapid digitization. That could happen, however, if consumers are forced to constantly share their personal information.
“Every major company in the world today is sitting on a massive store of PII,” Ritter says. “They have to, to run their business. But what we rather do is make sure that PII stays at the edge.”
While Mitek is a full solution, Ritter says it is generally integrated into larger platforms. Among Mitek’s platform partners are several working with decentralized identity. All of them are currently working on vaccination credentials.
The standards for consumer ecosystem may be established, but the policies are yet to be worked out, Ritter says, “the how’s and the who’s. Who’s responsible for what? How do you get listed as a trusted verifier?” Whether for vaccine passes or something in a home device ecosystem, the answers are yet to be determined.
In the meantime, Ritter sees a tremendous opportunity for businesses to deliver better digital customer interactions. It is always important to keep an eye on next big thing, and even though there is a lot yet to happen before we reach it, there is a lot of benefit to be had from the same technology for consumers right now, Ritter says.
“Within their own ecosystem of users, each service provider can achieve usernameless, passwordless, frictionless, high-security experiences with the right technology right now.”
