Larry Aubol, CEO of Tascet, intends to change that. Tascet is an enterprise risk management company in Madison, Wisconsin bringing technology aimed at resolving the risks related to identity for customers, patients, users and employees.
Aubol takes a hard stand against the processes used to know the identity of consumers. A crucial first step is being skipped: identification. Identifying customers before verifying or authenticating them is the missing component in the legacy systems currently in place. “Everyone wants to verify and authenticate; no one wants–or understands–how to identify,” says Aubol. “Relying on third party data to identify, authenticate or verify is akin to shooting the arrow then painting the target. It's a guessing game. It doesn't work.”
The outcome? The presence of millions of synthetic identities in customer, employee and patient databases: individuals using the Social Security numbers of others to gain access to the nation’s financial and payments infrastructure, healthcare system and the digital world. It’s become too easy for individuals to build multiple identities for fraud, despite the growing use of big data. There are greater tools to mine and analyze personal data than ever before, but they haven’t led to the end of identity fraud. Instead, they’ve caused the information about individuals to become highly valuable and sought after by hackers. Today, companies know information, not identities, and according to Aubol, it’s led to unmanageable risks to the enterprise. Tascet changes this.
Risks are different in a digital environment. That much is clear. “Think about the Robin Sage Experiment, synthetic identities, and massive data breaches with malicious intent,” says Aubol. “These are happening because information and assumptions are valued over certainty.”
“Technology gathers data faster than business gathers wisdom,” he continues. “We have to ask ourselves, what’s more important to do? Get ahead of the risk or manage the outcome. Compliance doesn’t come first. Risk does. Yet compliance is often what drives decisions on implementing technology. A proactive position to managing risks is the intelligent approach to good governance and meaningful compliance efforts.”
Aubol sees that the reactive approaches enterprises have become embedded in has meant that necessary things are treated as unnecessary. Sound confusing? It is. An example he offers is that of a company planning a new IT initiative without any regard to fraud. Companies spend millions of dollars on new software platforms, he explains, yet determine that they’ll worry about fraud later, or that preventing fraud is the responsibility of a different division. “Why would anyone implement a new software platform that took years to install and millions of dollars to adopt without ensuring that pristine databases won’t become contaminated with false and fraudulent identities or mismatched patient records? It’s a short-sighted approach to risk management and a fatal flaw that fraudsters exploit.”
In Aubol’s view, the IT department is often given the responsibility to create protocols as they relate to digital events, but digital risk reaches across the entire enterprise. Digital risk should engage top level management. They, in turn, should drive all strategic, operational, tactical and technical initiatives across all lines of business within the enterprise. “Too many IT systems are reactive, not corrective or proactive when it comes to interactions with individuals,” Aubol says. “This leaves an opening for fraud and malicious events to occur.”
We develop a unique number for each customer, patient, employee or user through our ICONN activation process
The challenges, he says, lies in the fact that today, everything is digitized, except the most important thing: the customer, the patient and the employee. They remain stuck in the sixteenth century of paper and ink. “When we rely on paper and ink solutions to identify the people we do business with, we inadvertently promote fraud and threaten GRC efforts,” says Aubol.
Tascet provides software as a service that digitizes the individual. “We create a unique number for each customer, patient, employee or user through our ICONN™ (Identity Confirmation Number) activation process,” explains Aubol.
“Now we can identify ourselves.” The number is also unique to the sector in which the customer or patient is doing business or receiving services, according to Aubol. “In financial services, we issue a Financial Security Number™, in healthcare we issue Standard Patient Numbers™, and in the payments sector we issue Secure Transaction Numbers™.”
“For enterprises, our digital process enables real-time knowledge and actionable intelligence about the people who are their customers, patients and employees. We’re both proactive and corrective,” says Aubol. “Legacy systems create reactive solutions and we’ve seen the outcomes.”
Tascet works across organizations and industries to ensure a person has only one identity–a Super ID. “That can only happen through a process of unique identification that relies on the characteristics of the individual, not on information,” says Aubol. Tascet works in multiple sectors because, according to Aubol, “every sector faces the same challenges to identifying consumers. They’ve all had to rely on paper and flawed processes.”As long as the enterprise truly knows the customer, it will always be ahead of compliance rather than chasing it. When it comes to data security and anonymity, Aubol has partnered with Daren Klum and his company, Secured2. According to Aubol, “Secured2’s technology and our ICONNs create the next-generation environment that makes data breaches a thing of the past.”
While fraud and risk management tools today are information-based and often occur behind-the-scene, Super ID engages customers, patients and users with companies in the fight against fraud. “We created Super ID so consumers know the enterprise is protecting them. Super IDs cannot be replicated, stolen or misused. If it is ever compromised, we can issue a new Super ID in seconds.”
Privacy is a priority for Tascet. Aubol explains that the risk and compliance solutions provided today rely on big data to know consumers. This collection and use of vast amounts of information has created a privacy-security paradox. “You have to give up one to get the other,” says Aubol. Tascet is working to eliminate that paradox. “We take great pride in the fact that we use no outside identifiers. Consumers give permission to enterprises to create Super IDs and we make a promise to not data mine or monitor transactions.”
Aubol’s goal is to see industries as a whole start to eliminate fraud. “Fraud is not an enterprise problem. It’s not an industry problem. It’s a problem for America and the world,” he says. “We created our Identity Infrastructure™ as a development platform for products that meet ever-evolving compliance requirements and solve threats that are yet to be imagined, for our clients and for industries.”