Mark Mamone, Group CIO, GBG, a £1 billion UK tech scale-up that provides identity technologies to brands like HSBC, Nike, Waitrose and Transferwise, has delivered some of Europe’s largest technology implementations for the likes of UK government, Royal Mail, BAE Systems, TfL and major financial institutions. Mamone was previously Regional CIO and Group CTO at Serco – a £1.7 billion business and Europe’s largest public services supplier.
Intelligent CIO spoke to Mamone about his role as CIO, the identity threats he believes business leaders should be aware of and his technical approach to tackling threats and innovation opportunities within the business sphere.
A year ago you took up the CIO role at GBG – what was it about the industry and the company that appealed to you?
It’s hard not to get excited about the challenge of creating and governing trust in a digital world. The new, digitally-powered economy depends on identity – you can’t trade with people you don’t know, but unfortunately, the Internet was built without people’s identity in mind. If you consider how our lives are increasingly dependent on the Internet, the need to establish trust becomes pivotal to society and the new economy.
GBG is a rapidly growing business which creates trust by connecting together a vast ecosystem of data, with technological capabilities that use cutting-edge approaches to help every organisation reach, engage and transact with every citizen safely and securely. To me, that means we are using three core areas of expertise – identity, location and fraud – to help build a new infrastructural layer upon which the future will be built.
In the same way that the Internet provided a foundation which has been fundamental to the origination and growth of organisations such as Amazon and Apple, I feel that GBG takes on a similar role in powering digital economy. GBG plugs the gaps that exist in the Internet, to enable us to safely and securely transact in the digital world.
Why is ‘identity’ increasingly finding its way on the board agenda?
Identity is a mess and out of step societally and technologically. The ways we recorded, stored and verified identity have remained stuck in the past – documents get faked; static data gets hacked; consumers lack the time and patience to put up with outdated processes. In fact, consumers are increasingly overwhelmed by their fragmenting digital identity, the challenges of controlling it, and the value exchange that powers many of the digital services they now rely on. That is a complex challenge for any organisation.
The end goal we focus on at GBG when addressing this is ‘frictionless trust’ – finding ways to offer a simple and fast customer experience while protecting data privacy and protecting businesses from fraud and compliance risks. The challenge is rightly finding its way onto the board agenda because it’s a combination of threats and opportunities that link directly to the bottom line – from losing customers to facing hefty regulatory fines.
What is the ‘innovation-trust tightrope’ and how should the C-suite be approaching it?
The PC era and the advent of the Internet connected the world, but they also offered a huge boon to the fraud industry – under the economic glamour presented by ‘Digital Transformation’, vast numbers of businesses have all but buckled under the pressure to switch from analogue to digital, while keeping fraudsters out. Fraud is now a profession, a marketplace even, not just a vocation, worth £3 trillion a year. Meanwhile, as a digitally-native economy takes shape, the new de facto digital value exchange – personal data in exchange for digital services – has created tension and of course, grabbed headlines.
In amongst the unprecedented commercial opportunities, we see stand-offs between citizens, policymakers and a new cohort of business leaders, in a struggle to find balance between fostering innovation and protecting consumers. And with the media in their corner, citizens are beginning to own the narrative: ethical, safe and secure is the new mantra for a business seeking to win the hearts and minds of the public.
This is the crux of a technological challenge facing every business today and in the future. How can you keep your organisation and your customers safe, while constantly innovating and improving the customer experience? For example, how do you carry out 10-times more checks during a transaction in an environment that is 10-times faster and 10-times easier for the customer? How can you make an experience 10-times better while retaining a focus such that they are protecting themselves as well as their customers? It all comes back to that concept of frictionless trust as the end goal.
What are some of the specific identity-related threats organisations should look out for?
Across industries and economies, it’s getting harder for criminals to bypass the system checks and barriers being put in place by organisations. As a consequence, rather than less fraud, we’re seeing rising numbers of new types of fraud emerge: account takeover, transaction fraud, online payment fraud, application fraud and goods lost in transit, are just a few examples. This is the new fraud and compliance landscape – and these are just the new forms of fraud already categorised and accounted for by support groups such as Action Fraud.
One of the fastest growing threats posed to both organisations and customers is the rise of synthetic identity fraud – where synthetic or fictional identities are created by taking parts of an identity that is valid, but may not be active. For example, in many countries, components of an identity (such as Social Security numbers in the US) are created at birth but then not used in earnest, or at all, for many years. These details therefore can be harvested and used to form part of a synthetic identity which can easily pass a claim test if used out of context and in isolation.
Data security is now, of course, an always-on problem that requires always-on resilience – over 14 billion data records have been lost or stolen since 2013. This has made it even easier for criminals to combine real and fabricated identifying details and take advantage of verification vulnerabilities. This not only poses a problem for today, but it’s a real issue for the future as a new generation enter the world of the digital economy.
Some point to AI and predictive analytics as a possible solution. Do you agree?
Predictive analytics will certainly play an increasingly important role across most functions of a business – including the detection and prevention of fraud and anti-money laundering (AML). This will be the case especially in transactional industries like banking, insurance and telecommunications, where there may be hundreds of transactions taking place per second.
The main benefit of predictive analytics here is the ability to connect data points from a variety of sources such as user, device, activity and other meta data, to determine risk propensity. This, for instance, will flag the use of fabricated identity details during on-boarding or a transaction. Using statistical processes and techniques, predictive analytics can correctly classify fraudulent and non-fraudulent transactions in real-time, without the need for human subjective analysis.
But the real opportunity is to build on that analytical foundation with combined algorithms and pattern detection – in other words, the use of Machine Learning (ML), a subset of Artificial Intelligence (AI). The same data that can be used to validate a person can be applied to explicitly identify other ‘risk identifiers’, triangulating the data across many sources and then checking, for example, whether the location is associated with suspicious activity or with other sources of known risk. Neural networks, which learn in real-time, could also improve the way teams hypothesise and apply fraud detection rules within their systems – spotting unexpected patterns of fraud, flagging them and applying new rules as a result.
With all these threats and innovation opportunities to contend with, what technological approach are you taking to tackle them?
As a business, we have been breaking down siloes of expertise, technology and product, and bringing them together, transitioning from being a product company to a platform company. This is critical because we believe that data orchestration – the ability to efficiently, effortlessly orchestrate the use of all this data through one layer – will shift from an aspirational concept to a ‘must have’. Gone will be the manual batch-feeds of soloed data between systems – replaced by connected datasets that speak to each other and create smarter answers in real-time, without a customer, or potential fraudster, ever even knowing. This data orchestration component is part of a broader data mesh that enables better informed decisions and as a result, greater business insights at scale.
This data orchestration approach will improve safety and security in almost every aspect of an organisation’s relationship with prospective customers. At on-boarding, to use one example, it means not just taking information given at face value, but preemptively using additional data sources to verify identity and cross-check whether this person or entity has committed fraud elsewhere. This will bring more context and accuracy to fraud detection and prevention efforts – even in established, heavily regulated industries already familiar with orienting decisions around data. While banks already cross-check with third parties such as Cifas, for instance, what other types of data could they be benefiting from? If rich location data could highlight when a fraudster is applying for an account with an address linked to 50 other ‘users’, across a range of other services online, surely that can only benefit the bank and honest customers?
That is the key piece of advice I would leave fellow technology leaders with: think about how internal and external data could help your organisation make smarter decisions every day, and how a connected, intelligent, orchestration approach could enable those benefits. Only then can you truly achieve ‘frictionless trust’ and thrive in the new economy.