The last of the current series of blog posts on themes we use, for which at least one person involved in this process (me) is grateful! As always, these are ways we think about understanding technology trends, and consequently how to build companies, identify potential exits (paths and benchmarks), what kinds of support and services to give our portfolio companies, and how we seek to understand and analyze potential investments.
Theme 7: Who Are You?
It is possible to trace an enormous arc through human history that tells the story of trade and trust. Guilds, societies, communities, rituals, dining traditions, dress and arguably even religion all evolved in part as ways of creating binding ties between members or cohorts such that they could better trust each other. And one of the primary motivations for that was to facilitate trade. It’s a generalization of the old “only do business with people you went to school with” idea – which worked perfectly well for the city for a long time. Until they started letting in all those mathematics PhDs – not one of whom understands the importance of a decent lunch.
Ideas like credit, currency and contracts are fundamentally based on trust between human counter-parties – you will meet your obligations or risk losing your good name, your standing, your ability to conduct future trade, potentially your livelihood or possibly your life in parts of the globe. Fundamentally, people do business with other people they trust, people they know, people who’s reputation is reliable – and who’s word is their bond. A signature on a contract, a reference, a handshake – a deep look into the whites of each others eyes. I’ll have my lawyer talk to your lawyer – an entire fabric of trade and commerce has built up around different ways of discovering whether I can trust you, confirming I do trust you, and being absolutely clear about what will happen if that trust is misplaced.
“Fundamentally, people do business with other people they trust, people they know, people who’s reputation is reliable – and who’s word is their bond.”
So what happens as trade becomes virtual? What happens when it is no longer people doing business with people but machines doing business with machines? How does a machine know an individual or business on the other end of a transaction is who they say they are? How does it know they are entitled to buy (or sell) whatever the goods or services that comprise the transaction are? How does it even begin to know it is the same entity at the end of the transaction as at was at the beginning? As it was 10 minutes ago? 30 seconds ago? Everything about the way we have done business for millennia will have to be reinvented for a new medium – and the only thing we know about it so far is it will look nothing like what we have done historically. Becoming a feeble online replica of the identity and trust systems we have in place now is not going to work.
We are in fact living through something of a perfect storm – an identity crisis if you will (sorry!). The need is accelerating. Anyone who runs a branch network – be they bank or retailer – has concluded their best bet is to stop opening physical facilities on the high street and expand virtually. The problems are compounding. Online payment fraud will reach $25bn by 2020 according to one analyst. Identity theft – of an individual to steal goods or money, of an employee to steal trade secrets or more money – is reaching epidemic proportions. And consumers and businesses are increasingly concerned about who gets to know and store what data about who and in what circumstances – and how often and how badly that data is being compromised. And as if that wasn’t enough, noting that businesses have been very poor at managing all this data so far, regulators have stepped into the fray. They are demanding that merchants and service providers ask for more information, more often – and that they need to take better care of it when they get it. Ouch! All of a sudden selling fruit on the high street for cash looks like an innovative business model.
So far we have responded to this quagmire with completely inappropriate artifacts mostly borrowed from Commerce 1.0. We have tried to replicate physical identity online through a user id and a password. But as everyone now knows, user id and password combinations demonstrate the almost uniquely unhelpful combination of being both readily hackable and eminently forgettable. Entitlement is tested – where it is tested at all – through scanning copies of passports or driver’s licenses, or perhaps taxpayer identification numbers of some kind. Not much proof of anything except someone has a scanned copy of something that looks like a document I might own. More secure 2-factor authentication solutions – including hard or soft tokens – are better but most consumers struggle with them, forgetting steps in the elaborate sign on procedures. You might memorize this once for your bank – you are not going to do it 20 times for all the other institutions you deal with, let alone the dozens of merchants you may want to do occasional business with online. And that’s before we deal with all the rest of the issues around data privacy, entitlement, and compliance. Most companies are far from prepared when it comes to compliance – and typically not even well informed about the expectations of the regulator. It’s a mess – and a major brake on growth. Unless of course you are in the fraud, identity theft or hacking businesses. Those are good businesses, growth businesses – these are the good times!
We are witnessing a once in an epoch shift in trade and commerce structure, the entire identity and trust infrastructure that has greased the wheels of arguably mankind’s greatest invention – trade – is no longer fit for purpose. To put a positive spin on it, we think there are many interesting and innovative billion-dollar businesses to be built in this area.
“We are witnessing a once in an epoch shift in trade and commerce structure, the entire identity and trust infrastructure that has greased the wheels of arguably mankind’s greatest invention – trade – is no longer fit for purpose.”
So where are they likely to be found? Let’s start with identity. Passwords and user ids suck. Complex logins might protect companies and reduce fraud – but they don’t encourage commerce or ease consumer frustration. And let’s face it, there is no such thing as an undiscoverable password anymore. There are lots of much better ways to id you – for example through your reputation, built up online, which you might be unwilling to risk through dodgy behavior. We already use Facebook and Google logins to authenticate to different services, and there are good opportunities to create more consumer friendly versions of these services. Alternatively, identification can be delivered through biometrics, or behavioral patterns – still in their infancy but much harder to fake.
What is also true is that in order to more clearly protect consumers, id needs to be clearly tied to entitlement but not across entitlements. You may want to go onto a shopping destination and pay with minimum fuss – perhaps you can prove entitlement to do so backed by a bank or an innovative fintech. However, you probably don’t want whatever id you use to share information about where else you have been shopping with the current merchant. Perhaps more seriously, you wouldn’t want health data being shared with companies who might want to sell you insurance – or stop covering you with an existing policy. An id that entitles you to healthcare – booking appointments, accessing or updating medical data, ordering medicine – needs to be pretty secure. In fact anyone in the entitlement id business needs to be super secure and clear about data privacy – no sharing personal identifying details from the real world – photo’s, address, financial status, whereabouts – with merchants who correlate them with virtual details. The current process where all kinds of data about you is shared with everyone so they can lose it, or where database vendors can build up detailed profiles of you by scraping online sites is hopeless. It’s one major incident away from being a political catastrophe.
“The current process where all kinds of data about you is shared with everyone so they can lose it, or where database vendors can build up detailed profiles of you by scraping online sites is hopeless. It’s one major incident away from being a political catastrophe.”
Think for example about a range of simple transactions that you would do everyday with people you know, which are well suited to being done online for efficiency and efficacy. Picking up a repeat prescription from a pharmacy, approving an investment decision, ordering a case of wine – or perhaps even reordering more shot for your shotgun. All regulated or controlled businesses, where you need to prove who you are, that you are entitled to purchase the good or services, where you don’t want one service provider to know about transactions with the others – and where the consequences for getting it wrong are either bad for you, bad for the provider or bad for society. And none of which is currently hassle-free or particularly reliable when done online.
Also think about it from the other side of the transaction – the merchants and service providers who have to assess risk, extend credit, move money or sell goods and services based on imperfect information and in Internet time. All of those activities are ripe for creative disruption – analytics, machine learning, dynamic scoring algorithms, portfolio risk, back office integration, total exposure – lots of good stuff. Just tracking who you are working with as a business and making sure your information about them is current, auditable and secure is problematic. Most businesses are completely negligent when it comes to taking the proper compliance procedures with their customer base, as well as providing traceable usage information for that data – who had access to what sensitive data at what time and what did they do with it?
So if there are plenty of opportunities, what kinds of teams do we think should pursue them? We are typically looking for founders with deep insight into one of these markets – payments, security, KYC/KYB – combined with deep technical skills. You have to have that virtuous combination of disruption and adoption working for you – something sufficiently technologically innovative where there is a strong business case to adopting it, and someone with strong enough industry knowledge they can sell it into the existing business workflow. There is lots of tech and business debt you need to understand – security, scale, analytics and dashboard, data protection, regulatory compliance, enterprise readiness etc. You also need really, really good understanding of your market – bottoms up and top down, how will you get access and eventually gain traction (are these some of the reasons why we don’t live in a Blockchain world??).
“So if there are plenty of opportunities, what kinds of teams do we think should pursue them? We are typically looking for founders with deep insight into one of these markets – payments, security, KYC/KYB – combined with deep technical skills.”
You can probably argue this is the most important problem we need to solve to really unleash the potential of e- or m- or even vr- commerce. You can certainly argue it’s currently pretty broken and there is a lot of money to be made in doing multiple aspects of it a lot better. In either case, build a big business here and everyone will know who you are.