Wireless industry analyst Mark Lowenstein recently published a survey after he polled his friends and business colleagues on what real-world everyday problems they would like tech companies to solve. The second ranked problem on his top ten list is ‘A Simplified Log-in and Password Regime'.
We all have some degree of annoyance with the present “log-in and password regime” for the simple reason that it is so darn hard to remember all the usernames and passwords without using Post-it notes or scraps of paper! Content and application providers don’t like the “regime” either. Customers often forget them, call up to reset passwords and in turn create added costs and disruption to the service flow.
As if that was not enough, password based systems create a significant security risk for providers as they can be hacked, phished or stolen - just ask Yahoo! The irony of all this is that the password based user authentication system is on the rise. A recent study found that the number of online accounts is growing at a 14% rate, it doubles every 5 years.
Isn’t it time to switch to something easier? How about we transition from a what you know to a ‘what you have’ or ‘who you are’ system? The GSMA’s Mobile Connect provides such a capability. The beauty is that it leverages the most prevalent ID system in the world -- with over 6 billion IDs worldwide and growing – it is the mobile phone number. This method authenticates users with ‘what you have’ – a mobile phone and number. Increasingly implementations also use bio-metrics to authenticate users via fingerprints or facial recognition which is based on ‘who you are’.
What’s the catch?
The catch is that the adoption rate of Mobile Connect has been slow. It is a classic chicken and egg problem. First, Mobile Connect Authenticators must be made available in a seamless, easy to access manner to content providers. Second, the content providers must add Mobile Connect as an authentication service to their existing verification systems which in turn makes it available to their customers. Finally, Mobile Connect needs to be available globally.
As of Feb 2017, Mobile Connect was available via 51 operators in SE Asia, LATAM and parts of Europe. The non-participant mobile operators will cite the main impediment to their participation as: If I agree to support the Mobile Connect password system, how do I monetize it? On the Content Provider side, not enough content providers are using Mobile Connect. They cite their main concern as: Mobile Connect changes our login mechanisms and introduces additional steps of complexity. So, the industry is left with the question: How can we create a more frictionless experience for all parties?
Start by following the money
Content providers are monetizing services on mobile networks at an extraordinary pace. To take one example, Facebook’s ARPU in the US now exceeds the ARPU of many traditional telcos in the developing world. It is growing amazingly fast even by Facebook’s standards.
This ARPU is driven from Facebook’s knowledge of their users and by making user experiences seamless. They are on the same quest - looking for ways to make their user experience more "frictionless". Facebook and other content and application providers are all incentivized to reduce the problems associated with the present “password regime”. Rather than wait for a solution, they are taking the lead to address this challenge. For example, Facebook Connect, a single sign-on solution allows users to interact on other websites using their Facebook identity.
Mobile operators could be a major player in leveraging such a solution to their economic and to their subscribers’ benefit. They can help deliver a new customer experience by enabling a Digital Identity token system via GSMA’s Mobile Connect. This new system - free of Post-it notes and scraps of paper - authenticates the user with identity tokens that are unique to each content provider and are given out to content providers without introducing new user interactions. Content providers can then use these tokens to seamlessly authenticate the users or use them in combination with their existing login solutions to add additional layers of security. Operators are in a unique strategic position - to be the authoritative providers of these tokens - this is how they can add value to the OTT ecosystem.
Operators need a solution that provides a new robust authenticator that leverages the network identity of the subscriber. It can create a digital identity token in real time making that available to content providers who can use this to facilitate a seamless login and password experience. Subscriber attribute information can be passed via identity tokens and would enable mobile operators to monetize their subscriber traffic through new use cases such as micro-transactions, video plan upsells and IoT.
It is time to replace the “old regime” and secure new revenue streams.