Transcript: OWI State of Identity Podcast with Jessica Patel
May 7, 2020
Airside Chief Commercial Officer Jessica Patel joined State of Identity to discuss the history of our groundbreaking Mobile Passport app, how different industry verticals are coping with the identity impact of the COVID-19 crisis, and the key considerations that went into building Airside’s new mobile identity platform. Click to listen or read the
Cameron D’Ambrosi: Hey, everyone. Cameron here. Are you enjoying listening to State of Identity each week as much as I enjoy recording it? If so, help us out by taking the 2020 State of Identity listener survey. Just click the link in the show notes below. We’d really appreciate it. Thank you again. And on to the show.
Welcome to State of Identity. I’m your host, Cameron D’Ambrosi. Joining me this week is Jessica Patel, Chief Commercial Officer with Airside. Jessica, welcome to State of Identity.
Jessica Patel: Thank you.
Cameron D’Ambrosi: So, you have quite the fascinating background that kind of touches on a few layers of digital identity before joining Airside. I always find it instructive for folks to share a little bit of their personal backgrounds and kind of their unique on-ramps to getting into the digital identity space. Would love for you to walk us through what you were up to in your lead-up to joining Airside. And, then maybe we can dive into what you’ve built and what the platform does.
Jessica Patel: That sounds great. So, before I came to Airside, I was with American Express for a little over 10 years. The most recent years of that time, I was the general manager of the travel payments group. We were helping travel organizations settle their payments with their vendors and, not unlike the digital identity space, there was a real need to protect them from fraud, to protect them from a detail-orientation perspective, and things like that. There was a lot to make sure that there weren’t people stealing the cards and reusing and so on. The technology there was really a one-to-one basis for transactions and I think there is a real parallel to digital identity there as identity, I think, is such a core to the payments industry. And then, it was actually one of my clients there who had gone to college with our CEO here, who introduced us when I was looking to make a change and get more into the startup space. As somebody who, having had my travel background and since our earliest digital identity products here are in the service of the travel industry, it felt like a good fit for me to make the jump and continue to find new ways to support that same client base with a similar kind of innovative technology.
Cameron D’Ambrosi: And from a consumer perspective, in pivoting to Airside, folks are probably most familiar who have traveled at all recently with the Mobile Passport app that you guys offer, but obviously there are some other really exciting things that you’re working on that you’re here to talk about today. Would you mind giving folks just a quick ten thousand foot overview of what you’ve built at Airside, and then we can dive a little bit deeper?
Jessica Patel: Yeah, absolutely. From the earliest days of Mobile Passport, as you said, that’s the consumer product that most folks know us for, that product’s been out for about six years. And in the earliest stages of development there, back where it was really the mentality in the industry to collect as much data as possible, our founders took a really different approach and thought that kind of sensitive data really belongs to the user; it should be completely in their hands, they should have control over who can access it, and when and under what circumstance. And so, interestingly, the earliest architecture of Mobile Passport was really built in a way which put the user in control of their own data. Over time, as we were out there and we developed some of our B2B products which allow for businesses to kind of quickly onboard customers by capturing their identity information in a secure way and exchanging that information securely, what we found was business customers were coming to us and asking how we were keeping the information safe, what were the core components of our architecture. And as we started to explain it, a kind of a new category emerged where really instead of just these component pieces of digital identity, these businesses were coming to us and saying, “You know what? Can we actually just leverage your approach to identity management and data security to manage our own information?” And so over the last couple of years, we’ve really kind of leaned into that and created a suite of products that allow businesses to access information in a time-bound and consent-driven way without ever having to store the information in their own systems. And so, it allows them to stay more compliant and kind of reduce their liability associated with privacy regulations like GDPR or CCPA and still maintain the operations that they need. And conversely, as we look to grow how we’re supporting consumers, we’ve really grown beyond just that customs application that Mobile Passport provides into a broader digital identity solution in which consumers can manage their access, manage the access to their sensitive information, whether it’s in banking, whether it’s in travel, whether it’s a insurance, education technology these days, health tech and so on. We’re seeking to be a ubiquitous form of digital identity that continues to put the control of sensitive information
in the consumer’s hands.
Cameron D’Ambrosi: And, from that perspective, obviously COVID-19 has really blown up the status quo, I guess, for lack of a better word. Maybe even “blown-up” is not enough to fully capture the reality of what is going on and how so many different industry verticals are essentially coping with the reality that they’re unable to interact face-to-face with their consumers. In terms of those verticals that you think are the best fit for these new product offerings, where are you guys really hoping to capture some market share in terms of applications for this platform?
Jessica Patel: It’s a great point. I mean, the world has changed so much in these last couple of months, and I think that there [are] some industries in the really short term that have gone fully virtual that people might not have expected, such as technology supporting virtual education: the need to confirm that a student is who they are when they enroll, the need to confirm they are who they are when they take an important test, and so on. Obviously, virtual healthcare and just the overall health tech space has really [e]volved and become a bigger need in these more recent weeks as well and there I think there’s a real need to confirm both the physician, as well as the patient and things like that. So there’s some of these industries that were not nearly as virtual as they are today, that I think there’s a real need for digital identity to play a major role. And then, when I think about even just in the next few months, hopefully when we start to come out of this, how the recovery is going to look in a lot of critical industries and what changes we’re going to have to make, right? I don’t think a lot of industries are going to go back to operating the way they did before this pandemic. And so, when I think about the changes that all kinds of industries, travel and retail and other physical locations will have to make, I think there’s going to continue to be some moves to offer digital options rather than physical. And I think in the physical interactions, whether you’re in an airport, whether you’re in a retail store and so on, there’s gonna be a real push to implement more touchless or contactless solutions with fewer shared touch points. I think that leveraging digital ID and leveraging biometric technologies are going to play a huge role in the recovery of a lot of these verticals.
Cameron D’Ambrosi: So, diving into the platform itself, obviously we’re at a very unique inflection point where digital identity is really taking off. But at the same time, concerns around privacy, around data security, remain heightened. Can you talk through, excuse me, how the platform works and how you can have this balancing act of accessibility and transmitting enterprises the data that they need to feel comfortable that the identity of the person joining a platform and registering is who they say they are, while at the same time guaranteeing that that person is not sacrificing their personal data to an insecure platform?
Jessica Patel: Sure. Yes. So, I think privacy and security are at the core of everything that we have built. And there’s a few important pieces. From a data privacy perspective, everything that we do is user-controlled and consent-driven. Consumers that are members of ours who are interacting with businesses using their digital ID would be giving a consent that has a few core elements that I think are super important. So they’re always informed,
number one, which organization or company or body is going to access their information. Number two, how long they’re going to have access to that information. I think access should always be time-bound; it shouldn’t be kind of a standing consent, if you will. What purpose they’re accessing that information for, right? I think right now there’s data that consumers believe they’re giving a business for one purpose, such as onboarding themselves, and it really then crosses the transom over to marketing or other communications that they didn’t necessarily realize they were consenting to. So, I think giving that context or purpose is super important. And then the last piece is, which pieces
of information? We’re big proponents of sharing the least amount of information required operationally. It’s not the case that just because you might have included your passport or included your driver’s license in your Airside account that you necessarily want all of that information being transmitted every time. And so it’s the case that the business is able to tell us what is the lowest amount of information they need and that consumer is then
informed transparently when they give that consent of all four of those critical pieces of information. And then, conversely, from the business’s perspective, they’re able to interact using our proprietary AirsideX API. And what that API allows them to do is access that information on a limited basis based on the parameters of that consent that was given. I think what’s really unique about our technology is where other organizations are enforcing consent components more from a contractual basis, we’re using what we like to call a cryptographically-enforced consent ceremony, which is basically a fancy way of saying that the elements of that consent are actually built into the encryption, are built into the technology itself. And so, it’s the case that the business couldn’t access it if they try, if
they’re outside of those consent parameters. I think that’s a really important way to keep the data safe. The other core component, in terms of the data security, is that we use a really decentralized approach. The information is stored on the individual’s device at rest, and that creates a lot of decentralization. It’s also the case that consent is really creating a one-to-one connection between the business and the individual. So, there is no central database, there is no master key, no one at Airside can ever access the data, and there is no one party that can ever access a cache of data. There’s no honeypot anywhere. I think that that’s a really important core to our data security approach as well.
Cameron D’Ambrosi: And from the perspective of what on-ramps folks have to onboard themselves, obviously the Mobile Passport app leverages the passport. Can you talk a little bit about how the API-based solution for non- immigration control or border applications works, and what types of credentials consumers can leverage to onboard themselves using this platform?
Jessica Patel: Yeah, absolutely. The API consumption happens on the business side, of course. And so for them, it’s a pretty flexible solution. It’s really designed to be customized to what not just the industry needs, but what that particular player within the industry needs. We understand that different companies have different operations, and we wanted to design our solution to be super flexible based on how their existing customer journey or customer flow works. In terms of the consumers, the individuals, we are kind of in the early beta stages of our Airside App, and that’s our broader digital identity app. What the individuals can do there, once they download, is they have the ability to enroll a variety of documents, including their passport, including driver’s licenses, and in certain cases they’re able to include other types of identity documents that are use-case specific. In certain healthcare situations, somebody might have to add a medical license. Let’s take pilot training, for example, right? So when a pilot goes to get trained on a new aircraft, they may have to include things like their pilot license or other similar documents. And so it can be customized on a use-case basis and, where possible, such as driver’s licenses or passports, we do our best to use our unique connections to source databases to confirm that the information is source-verified and where possible, also authenticate the documents as well. Depending on what the use case is, we have different elements to
make sure that the business has the peace of mind they need that the information being provided is accurate.
Cameron D’Ambrosi: From an implementation perspective, what kind of lift is required to get this up and running? Obviously, every scenario is unique. But, if I have a startup and I’m looking to get the platform integrated, what kind of engineering resources are required to turn this on and start getting folks on board?
Jessica Patel: Depending on what components of the API they need and how their existing infrastructure is set up, it’s pretty easy to get folks even onto a test agreement really early and get them a sandbox environment to start developing. We do provide technical resources from our side to help any business that partners with us on any customization that they need and to help them best understand how to leverage the core components of our API for integration. We find that it varies across businesses, but we’ve certainly had businesses that were able to integrate some of our products as early as weeks. So, it’s a pretty fast process and we’re happy to partner with any of our customers in whatever way they need to make sure that they’re all set for a fast conversion.
Cameron D’Ambrosi: From a cost perspective, again, obviously every application is different. But would you be able to share what the model is? Is it a flat fee? Is it per transaction, a hybrid model? How does that work?
Jessica Patel: Yeah, sure. In total on the business side, we actually have five products. We have a set of SDKs that customers can use if they want to do the onboarding themselves. They’re a set of offline SDKs that can be put directly into the business’s app. That’s really for them to manage their own data collection, but it is secure in that it is offline so no one at Airside can access any of the information. Examples are: document scanning, NFC chip reading, and biometric-quality selfies. With SDKs like that, it’s a license fee that we’re relatively flexible. We usually do a monthly license contract. But, we’ll work with the customers if they want to change the structure to be quarterly or annual. For our APIs, we have two sets of APIs, one is the verification API. That’s the one that customers would leverage if they wanted to do source confirmations of passport information, visa information, driver’s licenses and so on. In that case, it is a per-transaction basis. And then, the same with the AirsideX API, which is the API that we offer that allows for consent-based exchange of the information in a secure way.
Cameron D’Ambrosi: I guess from the inclusion perspective, how are you tackling folks who maybe don’t have access to these documents? Do you have plans in the road map to spin up options that don’t rely on document-based verification?
Jessica Patel: It’s a good question. Today the Airside solution can take unstructured documents as well. And so, obviously verification for those becomes a little bit more tricky. But, there have been document types that some of our customers have requested that don’t have some sort of a centralized source database for confirmation. And so
they’re comfortable with receiving an image of an unstructured document or something like that. We can customize so long as the business is comfortable receiving an image of an unstructured document. We also work with a wide variety of technology partners where we’re technology agnostic, and so we’re open to partnerships across the board. We do have some technology partners who have physical document readers that can read a wider variety that are not in a standard format. But, from a source-verification perspective, it is easier for us to work with because we do believe in source verification with standardized document types that would have a source database.
Cameron D’Ambrosi: Amazing. Well, one of the favorite questions I have for folks every week is some predictions for the future… crystal ball predictions, if you will. Given the COVID-19 reality, we’re in many ways through the looking glass and I don’t know if any of this could have been foreseen in terms of where we are with the economy and the kind of state of digital onboarding in general. But all that aside, and I suppose taking this with somewhat of a grain of salt, but more just a fun thought exercise than anything else, we’d love to get your perspective on what we can expect to see over the course of the next year in the digital identity space. I guess to focus that down a little bit, do we think that some of these shifts that we’re seeing right now are permanent? Is this current state of affairs in terms of all sorts of new enterprises considering and adopting remote onboarding flow? Is this something that is going to go back to the way it was post-COVID, or do we think we’re really entering a new paradigm, a new era as it were, and we’re kind of going to look back on this and see things as a pre-COVID and post-COVID landscape when it comes to digital identity?
Jessica Patel: I tend to definitely see the latter. I think this has provided an unexpected opportunity for digital ID to be accelerated in a variety of ways. It’s an unfortunate reason that we have to seek to ramp up the adoption. But, from an industry perspective, I think where there was some trepidation or the fact that there was already some opportunities for people to just make this and a nice, interesting innovation [or] versus being a sexy option to go through an airport or a cool option to check into your gym, it’s become actually a critical function now and in a variety of industries, as we were discussing, I think. Not only are individuals going to be seeking more virtual opportunities to conduct certain transactions, I think they’re just not gonna be, especially in the coming year, so eager to necessarily walk into a branch bank or walk into a physical location that requires certain transactions. But when they do, I think that they’re going to increasingly be seeking out or leaning toward businesses that they feel keep them safer, right? So whether that’s keeping them safer physically or keeping them safer digitally, I think there’s going to be an awareness of both. What that means is in the increase in virtual transactions, I think consumers are becoming more and more aware of the data security around where they’re sending their information and how the businesses they’re transacting with are using that information and what kind of control they have over sensitive data. And then, in the
physical space, I think the adoption of biometrics is going to increase for sure. Whether it’s in the travel space where using biometrics to get across an airport used to be kind of interesting and sort of a look to the future in terms of of handling scale, I think it’s really going to be looked at as a more immediate need and a safety factor in terms of just how often documents right now need to be touched by more than one individual through the airport journey. I think a lot of that is going to be replaced by biometrics. Same thing in certain retail places, same thing in gyms and other wellness locations, things like that. I think that a lot of the rebound is going to have to be anchored in a safe and secure digital identity that makes both the businesses feel good from the ability to adopt it and still maintain their compliance with privacy regulations, but also from individuals who are increasingly aware of where their information is going.
Cameron D’Ambrosi: Incredible. Well, this has been so great connecting with you. I think you guys have a really exciting product and it’s something that is in such high demand right now. To that end, what are the resources that folks can look up for how to learn more about the product and how to integrate it into their platform?
Jessica Patel: We actually just redid our website, so it’s great. There’s a lot of great information there and more coming. The website there is airsidemobile.com. And anybody who would like is always welcome to reach out to me personally as well via LinkedIn or I think my information is also on our website.
Cameron D’Ambrosi: Amazing. I will make sure to include those links in the show notes below. Jessica, thank you so much for joining us. Really, really enjoyed it. And hope to connect with you again soon.
Jessica Patel: Great. I really appreciate your time. Thank you.