In the last few years there have been few mobile identity services launched by mobile operators. The pioneers are the Scandinavian operators and the Turkish operator Turkcell, but similar services exist in Estonia, Latvia and Switzerland.
What do I mean by mobile ID?
Well, it is basically an “identity card” on your phone, which you can “present” to an online service through typing in a PIN code on the phone. The application on the SIM then verifies the user’s identity for the online service. A simple implementation of the service can be seen here.
In order to obtain this digital ID card, you need to have a compatible SIM-card with the necessary application. Then, you would need to register. This is usually done face-to-face, where the actual identity is verified before the SIM-card is loaded with the mobile ID and a pin code is provided. From this point on the mobile ID can be used with any compatible service. Currently, those are usually government and financial services.
The benefits of the service are huge – First, this is a way to identify users once for multiple services, which saves time, hassle and costs for customers and service providers: the lengthy face-to-face process is only done once. Second, it’s a way to do many more sensitive transactions online: from opening a bank account to applying for welfare benefits, from signing major contracts to voting. And third, it increases security significantly – the use of the phone enables 2-factor authentication and the SIM-based PKI encryption is very strong. This is a level of security that is only achievable with Physical hardware token, which hurt customer experience considerably and not always practical to use.
So why is the success of those services so mild? Turkcell, the first operator to launch this kind of service in 2007, had about 80,000 users at the end of 2010, out of more than 33 million customers. Adoption in Scandinavia and the Baltic is also in the tens of thousands. There are several explenations, but they all come down to onw: They are not user-centric.
When engaging in online services, people care mostly about convenience. Online security is also important, but not enough – we all know this since we use the same easy-to-remember password for many accounts. All the services launched aren’t focused on improving user experience online, but on providing an extra layer of security, which does not appeal to customers.Its especially true if in order to get it you to go into the operator’s store to register, and in some cases even pay for the service.
The solution is, as always, to focus on the customer. Operators need to think how can they improve the online identification experience, and only later to add their security features to the mix. This might mean that starting from simple authentication mechanisms, such as apps, and only later advance to complex SIM-based processes. The best way to to this is to engage with the rest of the digital identity community that tries to solves these problems globally (see earlier post), and add the MNO assets, the mobile device and the SIM to it, and not to treat it as a stand-alone service. When customers enjoy a better online experience, the security features that accompany it will come more naturally. As in many other areas, mobile operators need to start with the digital customer, and partner with those who know how to solve her problems, only the combination of that with mobile assets will produce a winning solution.