You're listening to the identity of the center podcast. This is the show that talks about identity and access management and making sure you know who has access to what? Let's get started. Welcome to the identity of the center podcast I'm Jeff and that's Jim. Hey, Jim. Hey, Jeff, how are you not too bad? Yourself doing great. I don't us today and they were part of the conference. So just a reminder, were here at the authenticate conference 2022 in Seattle. Put on by the fire, do it?
Lions and your Shaker the executive director has done some major solid by making the podcast Booth available for us and making introductions to a lot of the guests that we've had this week. So thank you to Andrew, and also thanks for the donuts. Yeah. More important. Who cares about other stuff? Like it's like the donuts, you know, I'm a fan of any conference that lets you kind of create your own thing.
So for those who weren't here and I'm sorry you missed it, they had sort of These fresh like kind of like doughnut holes and then they had the different, like toppings, you can put on top of it like cinnamon and sugar. And I think there was like strawberry and stuff like that. So well done. I don't know if strategically it was the right decision to make because it was just after the first morning sessions so I can kind of feel sort of like that that sugar coma coming on a little bit.
So we're gonna have to fight through it. Like the professionals that we are. Jim yeah that might be diabetes but hopefully not yet Jim. You're a total down. Best week. Sometimes, let's go ahead and get to our guest. We're very excited to have her here. Her name is Sarah Clark. She's the senior vice president for digital identity at MasterCard. Welcome to the show. Thank you. It's a pleasure to be here. Did you get any donuts? I did not, I somehow missed that entire experience now, I'm
regretful. Yeah, okay. Well, you can live vicariously through us and apparently, diabetes. So thanks Jim. Let's talk a bit about your identity background, because one of the things we like to do on the show was whatever. If someone new is to really kind of learn where they came from, what their identity origin story is, and so we kind of helps put the conversation in context, makka pakka, few different
things here today. But for those who aren't familiar with Sarah, who is, you know, why did you get into the identity space? Is something that you chose, or did it choose you? So I've been in tech for about 25 years now and I've always been attracted to bleeding edge. Really hard problems, I don't know. I'm a glutton For complexity and maybe punishment, so to speak.
But regarding identity, I've been in the identity industry for about a decade and it came about because I worked for a company, and we were looking for a way to expand our products. So, after doing market research with banks, we found that they had a pretty big problem with kyc and friction. And we thought we could solve that By expanding our product set to go into identity, so that's how I ended up leading and identity verification business for a number of years.
We became a global leader in digital identity verification and we specialized in enabling people to use their mobile phone to capture a photo of their government-issued ID as a way to help Banks optimize their onboarding. Us. So I did that for a number of years and learned a lot about identity and quite frankly fell in love with the space. So I ended up leaving in order
to seek broader experience. So I started my own consultancy worked again with banks and other major corporations did Consulting with some smaller companies and really got a broader feel for the space. I also spent some time at a Her in Biometrics and government platforms. And eventually, I ended up a MasterCard where I really believe that we are leading, what will be the future of digital identity, and I'm sure we'll talk a lot more about
that. Sounds to me, like, guys look like the Star Trek episodes, like the Enterprise, like boldly, going where no other identities have gone before, which is very cool. You gave a talk yesterday about the use of Fido in a reusable digital. Jenny Network for folks, who did not attend that or haven't yet. Let's just say because we go to watch on replay. Can you give us kind of a synopsis of what that that talk was about. Yeah. So let me start with what we're doing.
What my team is building at MasterCard. So that is, in fact, a globally interoperable reusable digital ID Network. And I always try to say that without screwing it up, cuz there's quite a lot to say and what that means in really simple terms, Means is you can take your MasterCard and you can use it anywhere in the world. You know what's going to happen? The merchant knows what's going to happen and the issuer bank knows what's going to happen.
So it's a standard process, that's very easy, apply that same concept to Identity. So, in the future, you will own your own digital identity and you'll easily be able to use that anywhere you want to do business with anyone in the
world. And what will facilitate that is the ID Network by MasterCard. So reusable ID that you can assert so you can share your identity and additional credentials where you need to. So, yesterday, I was introducing that concept to the audience because it's not intuitive to a lot of folks that MasterCard would be in this type of business, but it makes only as a new network. And I was also talking about the importance of Fido with respect
to our vision. So in order to manage and share your reusable ID, you would use a mobile app and Fido is how we see individuals authenticating into that mobile app. It standard it's easy for the end user and it's a fishing resistant, very secure method. Authentication. So, it's something that we have built into our reusable digital
ID experience. The seems like you're laying the groundwork for what a lot of other organizations are going to need down the road or you know maybe not in the financial services industry. You Hennessy that way as well. Yeah, in fact, my business works way outside of financial services with respect to the use cases that were satisfying. So for example, example, 1 driver for reusable ID, globally
is age verification. So, you know, rightfully so the regulations are changing so that we have a more secure overall, Global ecosystem when it comes to buying restricted Goods. So, for example, in Australia, where the reusable ID network is fully live, you can use your ID to assert your age in order. To buy liquor online. And what's good about this is a you know your kids won't be able to do that.
It's secured by your biometric. And you know as a guiding principle, the platform is very secured and I can talk more about that but the other benefit is that when you do share your age, you're not sharing your full government issued ID with that liquor. Vendor, you are sharing a proofs that you are above the age required to make that purchase. So that's a high-frequency activity and one, we're ideally, you know, more data privacy is better because I'm sure we've
all observed that too much pii. Spread around everywhere is creating breaches and creating egregious increases in fraud. So, we're trying to create a platform of the future that can be part of the solution. Sulfur that Can we talk a bit about that? How that would work and sort of the real world? Because I like this example of, right? The age verification, right? You went to the purchase of alcohol, which is fantastic. I think about if I could borrow perspective, right?
You've got the bouncer at the door and they're checking IDs and you're sharing way more information. You're given your their entire ID, your name, address birthday, all kinds of stuff. When all they really need to know, is that binary decision, right? Are you old enough to be in here? It's either a yes or a. No, there's really no gray area on that. One, and thats collecting a bunch of a lot of different data you mentioned, having this app. That would sort of be like the wallet right?
Think. I guess it's kind of stores this information. How would that particularly work? Is that, you know, something that like MasterCard would, it would be like a MasterCard app and then I don't know if you can talk about this. Like, how would it work with other issuers?
For example, if there's a comparable Visa wallet or in American Express, sort of wallet and making sure that things are sort of interoperable and not getting into the Chelation which frankly has been a concern sometimes around, like some of the Fido folks of being locked to a specific platform, which I think is getting better and there are certainly plans to have more cross-platform, sinking kind of capabilities may be in kind of walk us through like how you see this kind of
working in your mind's eye? Yeah sure. So let me start with your example of the bouncer really quick and then I'll get into the interoperability just to be clear, a digital identity is not something that you can only use. Route to, you know, to another mobile app or online it's designed to be true, omni-channel. And in fact, we're enabling call in Customer Support as well as in-person use cases. So in the example that you just gave were working, for example, in Brazil with check-in, use
cases to events. So the bouncer at the bar even though that particular use case may Not be our Focus right now. That's completely analogous. And I believe the future should be that you just scan that yes or no. When you're entering age, restricted areas. And in fact, we're facilitating age discounts and other things for in-person interactions such as rights on public transport to answer question about interoperability. So this is a big pillar of our vision is interoperability.
So the idea Network is designed to interoperate with other identity wallets, as well as other identity providers. So as an example, if there's an oem wallet and I carefully, sort of talk about names or anything, but we are designed to interoperate with an oem wallet that may be on your device and you'll be seeing more about that in the future or perhaps there's a domestic or national digital identity scheme than already
exists at scale. If that scheme wanted to enable their citizens with cross-border capabilities, they could also plug into the ID Network. So we're really focused on providing the network, providing the sort of framework for interoperability, which is global and that's its own whole topic. And that can also you know, work well, Create a true Global ecosystem.
I'm going through some words out there, but I'm assuming that this architecture includes blockchain and includes verifiable credentials mentioned, find out answers, some kind of strong authentication capabilities. I'm assuming that also there's maybe some gaps in the market. That didn't fulfill your, you know, your need for your total architecture. What was your approach to that?
Are you looking for? Did you look for like best-of-breed Solutions and use some of those and and, you know, integrate the rest and maybe you have to build some custom components trying to get a vision for how did you go at? Go about attacking from a technical perspective, such a big architectural problem. So we do have a really strong commitment to standards. We are not blockchain based Clear at this point in time that might change in the future.
I don't know, but that is not the case right now. Verifiable credentials have recently been ratified by the w3c. We have embraced that and in fact, we very much are aligned with the vision of an identity Wallet. Not only having proof, like kind of the core proof that you are who you claim to be backed by a government issued credential. But you might other have other pieces of verifiable credentials in your identity wallet.
So as an example we're working with universities in Brazil to have a reusable ID, facilitate smoother, more efficient, more secure University life, and there's multiple use cases there. We envision that also becoming a university credential that could then be used for student discounts by retailers or specific loans by Services.
So, that is definitely the direction that we're moving in and I think if you think about all the potential that just rolls into a lot of value and a lot of easier experiences for both the individual and the businesses. So, you're here at the conference just like we are what are some of the Highlight moments that have been sort of your purview as you've been through here and your experience? Well first I am impressed by the
the attendants. There's a lot of very engaged folks from you know other parts of the world that have come to this conference. It's my first time being at the specific conference so that is something that has really struck me as being you know quite impressive in terms of the engagement and the attendance. And I mean part of what I'm here to learn more about is passkey and everything that's happening with Fido. Do I think it's really
groundbreaking? I think it's really exciting to see apple Google and Microsoft Embrace that. So that heart has been particularly interesting to me. And you know, I'm sort of still thinking through what that means in the broader context. I think a lot of us are but I've really been kind of impressed with the forward momentum when it comes to embracing the cross device capabilities of Fido dance. It's, I'll give a shout-out to Andy handle. He's one of the content chairs
for this. So, great job, Andy. The content is top-notch. I know, MasterCard has been really part of the fight Alliance for multiple years now, I'm not sure how many, but seems to me like, it's a very future facing sort of adoption of this sort of growing standard, but it took years to get to where we're at today. I guess, why is that? Or I guess why was that fight Alliance so important to mass card and what was it that
MasterCard Sawdust? Yeah, we want to be part of this as a general principle MasterCards. Very engaged in standards on a lot of fronts and identity has been a theme of MasterCard for quite some time. So the business that I lead is an emerging business but it's something that has taken time to conceptualize and plan. But Fido in general, the Gov authentication. I mean that's also a venturus when it comes to payments, you know, what is the future when it comes to verifying?
You are you not just in the context of reusable ID, but also payments. So we have you know, many Innovative projects at MasterCard, and we have a lot of commitment to standards in general. So as another example were also committed to the open ID Foundation, they've had quite a large presence. Here and I can name kind of numerous other trust over IP, I could kind of go on and on but we are engaged with and active members of quite a number of Standards groups.
You chaired a little bit of sort of like your vision for identity or digital identity maybe at MasterCard. First of all does it have a Zen in used to have a catchy name? Right? So we're calling passkey.
This thing that sort of the industry is adopted so I'd Love to hear more about sort of like your vision of how this works sort of in the future, because I'm picturing The Fifth Element and, you know, multipass in this thing that kind of does everything that gives people access to things share with us, you know, what is this this Grand Vision that you're looking
to design. Yeah. So like I said it is a new network and with that comes kind of a separation in terms of the trust Mark that in Eventual, well, recognized that by. So, the catchy name is very, very simple, it's ID. So, we do have an ID Trustmark that we've started to move forward with and market and similar to the, you know, the MasterCard logo when an individual sees that, you know, whether it's on a sharing economy, site or to sign up for a wireless device.
They'll know that they can use their They're digital ID to facilitate that transaction. And the concept is very simple. It needs to have simple user experience and very, very high trust. So for the individual, when they see that ID Trustmark, they should be able to scan their biometric. See, give consent to the date of their sharing and they're done. They don't need to scan a document. They don't need to fill out a
form, you know. Future when they have multiple credentials that will just be sort of sent in that same one tap, give consent and you're done. And that's part of why Fido was important and the user experience around using a biometric to unlock your digital ID, it has to be very secure and very, very easy. Our other commitment to Market is higher trust.
So I guess another Trend that I want to point out that were engaged with our digital ID. These mobile driver's licenses that are being issued by governments here in the United States, we have mobile driver's licenses that are still pretty nascent, but quite a number of states are beginning to issue them and that's something that will accelerate and it is happening globally. For example, we're live in Australia and we're also integrating to that type of
ecosystem. So we're committed to also tapping in to emerge. In digital ID, initiatives by governments globally as part of our vision to bring higher trust along with easier user experience to the global market. Yeah, I've been thinking about what are the business outcomes that MasterCard is looking to achieve with this pretty major investment, right? I got to think it's reduction in fraud, better user experience of onboarding things like that.
Are there other things? I mean, those are the two big pillars, you know, user experience equals top-line growth for businesses globally. When you can acquire users, facilitate transactions re-authenticate users. Get rid of password resets I guess passwords are going away but you know, there's a lot of list to businesses for just having an easier way to verify that somebody is in fact who they claim to be and it can also Open up sort of a world of new
experiences. So one example of that is we're focused on a lot of hybrid user experiences so you start something online and then you finish it in person. Maybe curbside pickup is a good example of that. There's a lot of fraud with that because the wrong person goes and picks up the goods and then they're gone. So you can imagine there's just a whole world of different kind of experiences that you can create.
Wait, if you can make that point of knowing you are, who you claim to be much, much easier and maybe knowing something about them. And or, you know, they meet the age, you can facilitate a lot of growth. And then, like you said, reduction and fraud is the other Big Value leaver. You know, synthetic identity fraud is out of control and the us alone last year. It Rose significantly and the measure known amount is to the
tune of over. Twenty billion dollars being sucked out of financial services. Big problem account. Opening fraud Rose by 108 percent last year. So reducing fraud and protecting not only businesses but individuals who are victims of identity fraud and you know, I'll just point out that the future is identity. And payments should merge will merge and you know, certainly that's part of the North Star Vision as well. Do you think card issuers and other institutions? Similar to yourself?
Will have an easier time getting this done, because of the information that you already collecting is part of like an onboarding experience anyway, to get a MasterCard, right, whatever it may be. I think that onboarding question is a question that a lot of organizations struggle is, how do we get people to use our thing? You've already got a pretty good audience, right? People should be using or want to be using your product right for payments. And you know, things like that.
Do you think that gives MasterCard and other similar organizations a leg up and sort of developing this you know it's more of like a centralized identity platform. Well I guess one corruption I might make is it's not centralized so we're not currently using blockchain as a technology yet, but we do follow a decentralized architecture and MasterCard as a company, has a huge commitment to data.
Visee and doesn't actually store really any information about any individual and we think that's really key to the future of identity. I certainly think that's very key. You own your data, MasterCard does not own your data and will not be creating any form of centralized repository with your data. The reason that we think that we are well positioned to solve, this problem is more about the fact that we run another Network
at scale. So we have the Ends with the governance, the operating roles you know in identity if a bad identity gets passed to a business and something harmful happens down the road, there needs to be some, you know, governance recourse rules for how that's handled and that is a key component of what we bring to the table. So if you look at self Sovereign identity, which is sort of a related, Area that we certainly Embrace many of the principles
of in the industry. There's the concept of turning the triangle into a diamond because the governance part is actually important for it to get Traction in the commercial market. So using that Paradigm you can kind of think of MasterCard in our experience running a network at scale as bringing that and that's what I mean by us being committed to To really focusing on the network aspect of it.
I'm glad you're able to clarify that because that was a, I want to make sure that point was very clear that the ownership of the data is not in one person's hands or one company's hands. But I'm glad you were able to help me clarify that my head so thank you. Yeah, take a revolutionary
topic. The, I mean the way you're talking about it is like we've been hearing that from vendors in the space for years, but here's an actual practitioner who works for coming to says this, your data is not My company's data, we don't own your data, you own your data that's revolutionary to me. Yeah. I think it's revolutionary as well. And that's why honesty in business. Come on. Yeah, but, you know, along those lines just like interesting was, you were giving your origin
story. How you got into I am, you're talking about several things that were you know what, I would call a traditional, I am track some of the stuff that you mentioned like kyc. That's the hot topic for a lot of folks and where they are in the career and solving those
issues. Now so that was, you know, kind of part of your tracked, the question I'm going to hit you with is one that we did special episode on and we talked to a lot of practitioners or people have been in this industry for a long time. We all associate ourselves with identity and access management and now we've got this term
digital identity. So the question I'm going to ask you is what's the difference between digital Unity and identity, and access management and there's no right or wrong answer you have there's no right or wrong answer and it's not an
easy one. Yeah, I mean, I think to me, I do think the word digital identity is overused in the market, so the way that I see the future and really today is a digital identity is an individual's identity and honestly, I think it should be defined as an identity. That that individual owns and everything else kind of falls into the identity verification identity and access management,
you know, identity proofing. There's a lot of terms and lingo that have been used for many years around that. So that's the way that I would like to see the market describe these things, which I know is maybe not the way, you know, most people would Define it. It's interesting. I think everybody defines a little bit. Early. But I'd like that definition because it aligns very much with everything you said today.
Right? Is that, that Vision around ownership of the identity and your title being senior vice president of digital identity, right? It's not like an accident occurred, right? Yeah, exactly. It does interesting that we've asked that question, I think kind of officially now like 10 12 times maybe and there's been 10 to 12 different, There's like it's it's fascinating that based on the person who's answering and their context that they're, you know, heading into the, I am
space. It really shapes how they answer that question. So I think it's I think it's very interesting. I know you've got a flight to catch so we're going to help get you out of here on time and make sure you get home. But we want to end things on a lighter note and we were kind of talking about before we hit the record button here about some of the things you work on outside of identity. One of them was snowboarding and I'm just curious Yes, you know what is Your Bucket List?
Snowboarding trip. So, yes, I am a snowboarder and I probably go down stuff that's, you know maybe not too smart for me to be going down, but I love it. I love the thrill and I just, you know, love black diamonds but I have actually never been snowboarding outside of the United States. So whether it's South America or the Alps, that's my bucket list. It's It's hard to kind of make the time for that kind of a trip but I'm gonna do it before. I stopped going down black diamonds.
So I've never been skiing or snowboarding how do I get started? Like what is the pro tip that you can give me for me to get off my butt and try it? Well, I would go with snowboarding and take a lesson. That's it. I mean, take a lesson. It's always best to have somebody give you the right form instead of creating bad habits and hurting yourself, my tip is to wear those. You know, make sure you have this skiing pants because of you end up on your butt a lot.
You don't want to be in jeans and, you know, long underwear or something and have a wet butt all day. Yes, it's not a good thing thumbs down. Let bots on the identity of the sender podcast. So, yeah. All right, we're going to go ahead and leave it there for now as someone decided to open the door. Thank you very much alive conference, any final takeaways Sarah as we kind of what you got on your flight here. Oh boy. That's that's a good one. I guess, check us out.
And when we go to get more information on this, this is something that's publicly available that we can like, actually, you can go to ID service.com. Or you can find me on LinkedIn and shoot me a message and, you know, I'd love to learn more about, you know, Partners, customers what people are thinking, you know, it's a big Vision, a lot of moving parts and it's always good to connect with others in the industry. Yeah, that's how I found you.
I just hear you up on LinkedIn and started following her. We are connected and the slaughter yourself so dangling could to follow So I include in our show notes, a link to your LinkedIn, and then also to ID service dot-coms, that way people can easily reference it. Thank you so much for being part of this very much appreciative that you're able to set aside.
The time for us, we're going to go to leave it there for this week, any, if you have an ongoing for this now, but if you want to find us on the web, we're at age, 84 center.com, and we're on Twitter at, idac podcast. And with that, we'll talk with everyone in the next one. Thanks. Thanks for listening to the podcast. If you don't forget to subscribe.