‘We can’t pawn it off on other companies’: Equifax has changed the industry’s approach to digital identity
- Equifax-gate teaches us that customers have to start taking control of their own data security
- There's no immediate solution that'll come out in response to the breach, but it augments a space that was quickly increasing in popularity
Last week, 143 million Americans’ most personal information was compromised when data systems at Equifax, the major credit reporting bureau, were breached.
This isn’t the first large scale breach U.S. consumers have ever witnessed. Last year Yahoo, Verizon among others suffered data hacks. The year before it was Ashley Madison and Experian. But in the last two years, customers’ lives have become digital — and more and more companies are starting to view personal data as toxic assets instead of valuable ones.
The financial services industry often talks about trusted financial institutions as good potential custodians of data and providers of digital identity. But if Equifax-gate teaches us nothing else — people mostly know that their data is in the wild and being used in ways they don’t know or control — it’s that customers have to start taking control.
We asked attendees at the NYPAY/Consult Hyperion Unconference in New York Monday what the impact of the breach will be on the digital identity space.
Ghela Bosckovich, founder, FemTech Leaders
When we look at the components of identity it’s much, much more than just a credit rating. This seems to be a less than well thought out solution to have a single provider do that. There needs to be cross-government, cross financial institutions, cross commerce validation of identity because we operate in all of those aspects. A holistic identity provider is not going to be just a credit rating it’ll be something that takes in my government validated identity, my movement, transactions, travel, digital footprint, spend, opinions, biometrics — these are all minimal inputs to identity. If you can’t solve for privacy, identity management is a moot subject.
Donnie Price, practice leader, Edge Consultancy
It’s going to make consumers and financial institutions question having single depositories for risk assessment and identity uses such as Know Your Customer. These are the companies that financial institutions rely on for this information yet being hacked has propounded the problem they’re supposed to be solving. In three to six months you’ll start seeing results of what just happened. I think people are going to seriously think about alternative sources for data — they haven’t jumped into that conversation yet — in the next eight to 12 months.
Digital payments consultant, EY
It reinforces everyone’s belief that all their information is already out there. It makes us think more about how we should be using authentication separate in ways that safeguard financial heatlh. We’re all shocked by Equifax because now it’s on us to safeguard everything when we were assuming the banks and credit bureaus were taking care of it. The Equifax hack brings into focus the fact that consumers have to take responsibility — we can’t pawn it off on these companies. This doesn’t solve the problem but it creates awareness that there are consequences.
Jane Barratt, CEO, Goldbean, an investing startup
It should change how we think about identity and hopefully it will for the long term. In the short term it’s very disheartening that a private company without any consent has so much data on us and has the power to make or break us financially. And it all come down to your data. I hope this is an inflection point where people will both own and get value out of their own data. We have multiple generations of people who have given up their privacy for a digital experience — like Facebook or Google — we do it willingly because we get value from it. Something from Equifax is an enforced relationship, we’re not actually getting value out of it. People tolerated it before but this should call into question its very being. That data exists elsewhere.
Brandon DeWitt, CEO, Datavore
It doesn’t change the need for a better aproach to digital fingerprinting and identity verification but it remains an often paper-and-pencil business with a lot of legacy systems. This [event] is maybe the straw that broke the camel’s back and make it more top of mind for the industry to give it more of the focus that it deserves. Hopefully the pace of progress increases, but I’m 30 and when I was born I was still given a paper social security card. It takes a really long time to change legacy systems. I don’t think it will change in the near term but you’ll see a lot more companies cropping up and focusing on this, particularly from a cybersecurity standpoint.