identity – Page 21 – Bredemarket

What You Don’t Know (About Your Identity/Biometric Company Website) Can Hurt You

The identity/biometric company (not named here) never formally learned why prospects shunned the outdated information on its website.

This is NOT the website I’m discussing in this post. The referenced identity company is not named here. This is the website of some other company, taken from https://www.webdesignmuseum.org/gallery/microsoft-1996.

The identity/biometric company never formally learned how its references to renamed companies and non-existent companies were repelling those very companies…and the prospects who knew the website information was inaccurate.

April 11, 2023: “It’s unclear what the change means for Twitter.” From https://www.seattletimes.com/business/twitter-company-no-longer-exists-is-now-part-of-musks-x/.

With those types of mistakes, the entire company’s positioning became suspect.

From https://www.theverge.com/2017/7/13/15966094/30-rock-buscemi-how-do-you-do-fellow-kids-meme-kill-it-please.

It could have learned…if it had met with me. But it chose not to do so.

NOTE TO SELF: INSERT STRONG FEAR UNCERTAINTY AND DOUBT PARAGRAPH HERE. TAKE OUT THESE TWO SENTENCES BEFORE POSTING THE FINAL VERSION!!!

(By the way…while the identity/biometric company never received this information formally, it did receive it informally…because such information is presumably critically important to the company.)

How many other companies are in the same situation, with:

Outdated information?

(T)here are clues within the content itself as to its age, such as “Our product is now supported on Windows 7.”

Stale information (or lack of information)?

My mini-survey shows that of the 40+ identity firms with blogs, about one-third of them HAVEN’T SAID A SINGLE THING to their prospects and customers in the last two months.

Is there a 29-year veteran of the identity industry, an identity content marketing expert who can help the companies fix these gaps?

Let’s talk.

Drive content results with Bredemarket Identity Firm Services.

And yes, the ALL CAPS paragraph was a setup. But I’m sure you can compose a FUD paragraph on your own without my help.

Does Your Gardening Implement Company Require Age Assurance?

Age assurance shows that a customer meets the minimum age for buying a product or service.

I thought I knew every possible use case for age assurance—smoking tobacco or marijuana, buying firearms, driving a car, drinking alcohol, gambling, viewing adult content, or using social media.

But after investigating a product featured in Cultivated Cool, I realized that I had missed one use case. Turns out that there’s another type of company that needs age assurance…and a way to explain the age assurance method the company adopts.

Off on a tangent: what is Cultivated Cool?

Psst…don’t tell anyone what you’re about to read.

The so-called experts say that a piece of content should only have one topic and one call to action. Well, it’s Sunday so hopefully the so-called experts are taking a break and will never see the paragraphs below.

This is my endorsement for Cultivated Cool. Its URL is https://cultivated.cool/, which I hope you can remember.

Cultivated Cool self-identifies as “(y)our weekly guide to the newest, coolest products you didn’t know you needed.” Concentrating on the direct-to-consumer (DTC or D2C) space, Cultivated Cool works with companies to “transform (their) email marketing from a chore into a revenue generator.” And to prove the effectiveness of email, it offers its own weekly email that highlights various eye-catching products. But not trendy ones:

Trends come and go but cool never goes out of style.
From https://cultivated.cool/.

Bredemarket isn’t a prospect for Cultivated Cool’s first service—my written content creation is not continuously cool. (Although it’s definitely not trendy either). But I am a consumer of Cultivated Cool’s weekly emails, and you should subscribe to its weekly emails also. Enter your email and click the “Subscribe” button on Cultivated Cool’s webpage.

And Cultivated Cool’s weekly emails lead me to the point of this post.

The day that Stella sculpted air

Today’s weekly newsletter issue from Cultivated Cool is entitled “Dig It.” But this has nothing to do with the Beatles or with Abba. Instead it has to do with gardening, and the issue tells the story of Stella, in five parts. The first part is entitled “Snip it in the Bud,” and begins as follows.

Stella felt a shiver go down her spine the first time the pruner blades closed. She wasn’t just cutting branches; she was sculpting air.
From https://cultivated.cool/dig-it/.

The pruner blades featured in Cultivated Cool are sold by Niwaki, an English company that offers Japanese-inspired products. As I type this, Niwaki offers 18 different types of secateurs (pruning shears), including large hand, small hand, right-handed, and left-handed varieties. You won’t get these at your dollar store; prices (excluding VAT) range from US$45.50 to US$280.50 (Tobisho Hiryu Secateurs).

From https://www.niwaki.com/tobisho-hiryu-secateurs/#P00313-1.

Stella, how old are you?

But regardless of price, all the secateurs sold by Niwaki have one thing in common: an age restriction on purchases. Not that Niwaki truly enforces this restriction.

Please note: By law, we are not permitted to sell a knife or blade to any person under the age of 18. By placing an order for one of these items you are declaring that you are 18 years of age or over. These items must be used responsibly and appropriately.
From https://www.ni w aki.com/tobisho-hiryu-secateurs/#P00313-1.

That’s the functional equivalent of the so-called age verification scheme used on some alcohol websites.

I hope you’re sitting down as I reveal this to you: underage people can bypass the age assurance scheme on alcohol websites by inputting any year of birth that they wish. Just like anyone, even a small child, can make any declaration of age that they want, as long as their credit card is valid.

By Adrian Pingstone – Transferred from en.wikipedia, Public Domain, https://commons.wikimedia.org/w/index.php?curid=112727.

Now I have no idea whether Ofcom’s UK Online Safety Act consultations will eventually govern Niwaki’s sales of adult-controlled physical products. But if Niwaki finds itself under the UK Online Safety Act, or some other act in the United Kingdom or any country where Niwaki conducts business, then a simple assurance that the purchaser is old enough to buy “a knife or blade” will not be sufficient.

Niwaki’s website would then need to adopt some form of age assurance for purchasers, either by using a government-issued identification document (age verification) or examining the face to algorithmically surmise the customer’s age (age estimation).

Age verification. For example, the purchaser would need to provide their government-issued identity document so that the seller can verify the purchaser’s age. Ideally, this would be coupled with live face capture so that the seller can compare the live face to the face on the ID, ensuring that a kid didn’t steal mommy’s or daddy’s driver’s license (licence) or passport.
Age estimation. For example, the purchaser would need to provide their live face so that the seller can estimate the purchaser’s age. In this case (and in the age verification case if a live face is captured), the seller would need to use liveness dectection to ensure that the face is truly a live face and is not a presentation attack or other deepfake.

And then the seller would need to explain why it was doing all of this.

How can a company explain its age assurance solution in a way that its prospects will understand…and how can the company reassure its prospects that its age assurance method protects their privacy?

Companies other than identity companies must explain their identity solutions

Which brings me to the TRUE call to action in this post. (Sorry Mark and Lindsey. You’re still cool.)

I’ve stated ad nauseum that identity companies need to explain their identity solutions: why they developed them, how they work, what they do, and several other things.

In the same way, firms that incorporate solutions from identity companies got some splainin’ to do.

From https://tenor.com/view/i-love-lucy-lucy-ricardo-some-explaining-to-do-gif-14297186.

This applies to a financial institution that requires customers to use an identity verification solution before opening an account, just like it applies to an online gardening implement website that uses an age assurance method to check the age of pruning shear purchasers.

So how can such companies explain their identity and biometrics features in a way their end customers can understand?

Bredemarket can help.

Age Assurance Meets Identity Assurance (Level 2)

I’ve talked about age verification and age estimation here and elsewhere. And I’ve also talked about Identity Assurance Level 2. But I’ve never discussed both simultaneously until now.

I belatedly read this March 2024 article that describes Georgia’s proposed bill to regulate access to material deemed harmful to minors.

A minor in Georgia (named Jimmy Carter) in the 1920s, before computers allowed access to adult material. From National Park Service, https://www.nps.gov/jica/learn/historyculture/early-life.htm.

The Georgia bill explicitly mentions Identity Assurance Level 2.

Under the bill, the age verification methods would have to meet or exceed the National Institute of Standards and Technology’s Identity Assurance Level 2 standard.

So if you think you can use Login.gov to access a porn website, think again.

There’s also a mention of mobile driver’s licenses, albeit without a corresponding mention of the ISO/IEC 18013-5:2021.

Specifically mentioned in the bill text is “digitized identification cards,” described as “a data file available on a mobile device with connectivity to the internet that contains all of the data elements visible on the face and back of a driver’s license or identification card.”

So digital identity is becoming more important for online access, as long as certain standards are met.

Fischer Identity, Baylor University, and IAM

Fischer Identity recently shared a link to a Chronicle of Higher Education article about campus digital identities. It specifically discusses how Baylor University worked with Fischer Identity and Amazon Web Services (AWS) to create an identity and access management (IAM) solution.

From https://www.chronicle.com/featured/digital-higher-ed/building-an-identity-and-access-management-solution.

I won’t give away all the information about the Fischer Identity-AWS effort at Baylor—you have to opt in to access a gated case study to obtain that—but I will say that the case study claims a 12-week implementation of an IAM system that stores “several hundred thousand identities.”

I assume the alumni at Baylor are a generous segment of the university community.

What is B2B Writing?

Business-to-business (B2B) writing isn’t as complex as some people say it is. It may be hard, but it’s not complex.

Why do I care about what B2B writing is?

Neil Patel (or, more accurately, his Ubersuggest service) um, suggested that I say something about B2B writing.

And then he (or it) suggested that I use generative artificial intelligence (AI) to write the piece.

I had a feeling the result was going to suck, but I clicked the “Write For Me” button anyway.

Um, thanks but no thanks. When the first sentence doesn’t even bother to define the acronym “B2B,” you know the content isn’t useful to explain the topic “what is B2B writing.”

And this, my friends, is why I never let generative AI write the first draft of a piece.

So, what IS B2B writing?

Before I explain what B2B writing is, maybe I’d better explain what “B2B” is. And two related acronyms.

B2B stands for business to business. Bredemarket, for example, is a business that sells to other businesses. In my case, marketing and writing services.
B2G stands for business to government. Kinda sorta like B2B, but government folks are a little different. For example, these folks mourned the death of Mike Causey. (I lived outside of Washington DC early in Causey’s career. He was a big deal.) A B2G company, for example, could sell driver’s license products and services to state motor vehicle agencies.
B2C stands for business to consumer. Many businesses create products and services that are intended for consumers and marketed directly to them, not to intermediate businesses. Promotion of a fast food sandwich is an example of a B2C marketing effort.

I included the “B2G” acronym because most of my years in identity and biometrics were devoted to local, state, federal, and international government sales. My B2G experience is much deeper than my B2B experience, and way deeper than my B2C expertise.

Let’s NOT make this complicated

I’m sure that Ubersuggest could spin out a whole bunch of long-winded paragraphs that explain the critical differences between the three marketing efforts above. But let’s keep it simple and limit ourselves to two truths and no lies.

TRUTH ONE: When you market B2B or B2G products or services, you have FEWER customers than when you market B2C products or services.

That’s pretty much it in terms of differences. I’ll give you an example.

If Bredemarket promoted its marketing and writing services to all of the identity verification companies, I would target less than 200 customers.
If IDEMIA or Thales or GET Group or CBN promoted their driver’s license products and services to all of the state, provincial, and territorial motor vehicle agencies in the United States and Canada, they would target less than 100 customers.
If McDonald’s resurrects and promotes its McRib sandwich, it would target hundreds of millions of customers in the United States alone.

From https://www.mcdonalds.com/us/en-us/product/mcrib.html.

The sheer scale of B2C marketing vs. B2B/B2G marketing is tremendous and affects how the company markets its products and services.

But one thing is similar among all three types of writing.

TRUTH TWO: B2B writing, B2G writing, and B2C writing are all addressed to PEOPLE.

Well, until we program the bots to read stuff for us.

This is something we often forget. We think that we are addressing a blog post or a proposal to an impersonal “company.” Um, who works in companies? People.

(Again, until we program the bots.)

Whether you’re marketing a business blog post writing service, a government software system, or a pseudo rib sandwich, you’re pitching it to a person. A person with problems and needs that you can potentially solve.

So solve their needs.

Don’t make it complex.

But what IS B2B writing?

Let’s return to the original question. Sorry, I got off on a bit of a tangent. (But at least I didn’t trail off into musings about “the dynamic and competitive world.”)

When I write something for a business:

I must focus on that business and not myself (customer focus). The business doesn’t want to hear my talk about myself. The business wants to hear what I can do for it.
I must acknowledge the business’ needs and explain the benefits of my solution to meet the business needs. A feature list without any benefits is just a list of cool things; you still have to explain how the cool things will benefit the business by solving its problem.
My writing must address one, or more, different types of people who are hungry for my solution to their problem. (This is what Ubersuggest and others call a “target audience,” because I guess Ubersuggest aims lasers at the assembled anonymous crowd.)

From https://www.hinklefuncenter.com/attractions/laser-tag/.

Again, this is hard, but not complex.

It’s possible to make this MUCH MORE complex and create a 96 step plan to author B2B content.

But why?

So now I’ve answered the question “What is B2B writing?”

Can Bredemarket write for your business? If so, contact me.

Ofcom and the Digital Trust & Safety Partnership

The Digital Trust & Safety Partnership (DTSP) consists of “leading technology companies,” including Apple, Google, Meta (parent of Facebook, Instagram, and WhatsApp), Microsoft (and its LinkedIn subsidiary), TikTok, and others.

The DTSP obviously has its views on Ofcom’s enforcement of the UK Online Safety Act.

Which, as Biometric Update notes, boils down to “the industry can regulate itself.”

Here’s how the DTSP stated this in its submission to Ofcom:

DTSP appreciates and shares Ofcom’s view that there is no one-size-fits-all approach to trust and safety and to protecting people online. We agree that size is not the only factor that should be considered, and our assessment methodology, the Safe Framework, uses a tailoring framework that combines objective measures of organizational size and scale for the product or service in scope of assessment, as well as risk factors.
From https://dtspartnership.org/press-releases/dtsp-submission-to-the-uk-ofcom-consultation-on-illegal-harms-online/.

We’ll get to the “Safe Framework” later. DTSP continues:

Overly prescriptive codes may have unintended effects: Although there is significant overlap between the content of the DTSP Best Practices Framework and the proposed Illegal Content Codes of Practice, the level of prescription in the codes, their status as a safe harbor, and the burden of documenting alternative approaches will discourage services from using other measures that might be more effective. Our framework allows companies to use whatever combination of practices most effectively fulfills their overarching commitments to product development, governance, enforcement, improvement, and transparency. This helps ensure that our practices can evolve in the face of new risks and new technologies.
From https://dtspartnership.org/press-releases/dtsp-submission-to-the-uk-ofcom-consultation-on-illegal-harms-online/.

But remember that the UK’s neighbors in the EU recently prescribed that USB-3 cables are the way to go. This not only forced DTSP member Apple to abandon the Lightning cable worldwide, but it affects Google and others because there will be no efforts to come up with better cables. Who wants to fight the bureaucratic battle with Brussels? Or alternatively we will have the advanced “world” versions of cables and the deprecated “EU” standards-compliant cables.

So forget Ofcom’s so-called overbearing approach and just adopt the Safe Framework. Big tech will take care of everything, including all those age assurance issues.

From https://dtspartnership.org/wp-content/uploads/2023/09/DTSP_Age-Assurance-Best-Practices.pdf.

DTSP’s September 2023 paper on age assurance documents a “not overly prescriptive” approach, with a lot of “it depends” discussion.

Incorporating each characteristic comes with trade-offs, and there is no one-size-fits-all solution. Highly accurate age assurance methods may depend on collection of new personal data such as facial imagery or government-issued ID. Some methods that may be economical may have the consequence of creating inequities among the user base. And each service and even feature may present a different risk profile for younger users; for example, features that are designed to facilitate users meeting in real life pose a very different set of risks than services that provide access to different types of content….

Instead of a single approach, we acknowledge that appropriate age assurance will vary among services, based on an assessment of the risks and benefits of a given context. A single service may also use different
approaches for different aspects or features of the service, taking a multi-layered approach.
From https://dtspartnership.org/wp-content/uploads/2023/09/DTSP_Age-Assurance-Best-Practices.pdf.

So will Ofcom heed the DTSP’s advice and say “Never mind. You figure it out”?

Um, maybe not.

Avoiding Deleterious Forensic Nursing

Warning: this post discusses sexual assault and child abuse.

Hippocrates. By Unidentified engraver – 1881 Young Persons’ Cyclopedia of Persons and PlacesUpload by RedWolf 05:45, Jan 10, 2005 (UTC), Public Domain, https://commons.wikimedia.org/w/index.php?curid=164808

The Hippocratic Oath imposes duties on medical professionals, including this one:

I will follow that system of regimen which, according to my ability and judgment, I consider for the benefit of my patients, and abstain from whatever is deleterious and mischievous.
From https://www.health.harvard.edu/blog/first-do-no-harm-201510138421.

For people like me who do not use the word “deleterious” on a daily basis, it means “harmful often in a subtle or unexpected way.”

The dictates of the Hippocratic Oath lead us to forensic nursing (as defined by 1NURSE.COM), the invasive nature of some forensic techniques, and what companies such as Foster+Freeman are doing to minimize invasive evidence capture.

What is forensic nursing?

From the U.S. Federal Bureau of Investigation, https://www2.fbi.gov/publications/leb/2002/jan2002/jan02x29x1.jpg.

As 1NURSE.COM notes, forensic nursing is multidisciplinary, operating “at the critical juncture of medical science and the legal system.”

Forensic nursing is a specialized branch that integrates medical expertise with forensic science to provide comprehensive care for individuals impacted by violence, abuse, or criminal activities. These professionals serve as a crucial link between the realms of healthcare and the legal system, collaborating with law enforcement, attorneys, and other professionals to gather evidence, provide expert testimony, and ensure justice for victims.
From https://www.linkedin.com/pulse/forensic-nursing-exploration-intricate-profession-1nurse-com-iedyc/.

When I started my forensic career 29 years ago, I was solely involved in the capture and processing of fingerprints from criminals. If I may be honest, the well-being of the individual who provided the forensic evidence was NOT an overriding concern.

But within a year or two I started to get involved in the capture and processing of fingerprints from NON-criminals who were applying for and receiving government benefits.

For that market we HAD to concern ourselves with the well-being of our clients, to make fingerprint capture as easy as possible, and to treat our clients with the utmost respect.
In the end it didn’t matter, because in the popular mind fingerprinting was associated with criminals, and benefits recipients didn’t want to be treated like criminals no matter how nice we were. To my knowledge, all of the benefits recipient fingerprint programs in the United States have all ceased.

Forensic nursing needs to gather the necessary forensic evidence while preserving the compassionate care that nurses are required to provide.

Invasive forensic techniques

So if we have to take care when gathering information from benefits recipients, imagine the level of care we need to take when gathering information from crime victims. Returning to 1NURSE.COM’s article, here are two of the tasks that forensic nurses must perform:

Sexual Assault Forensics: Specializing in sexual assault examination, forensic nurses provide not only compassionate care but also play a pivotal role in collecting evidence essential for legal proceedings. Their expertise ensures a sensitive approach while preserving the integrity of forensic evidence. Example: A forensic nurse conducting a sexual assault examination may collect biological samples and document injuries to aid in prosecuting the assailant.

Child Abuse Investigation: Forensic nurses are instrumental in assessing and documenting cases of child abuse. They collaborate with child protective services and law enforcement to ensure the safety and well-being of the child. Example: A forensic nurse working on a child abuse case may conduct a thorough examination to document injuries and provide expert testimony in court.
From https://www.linkedin.com/pulse/forensic-nursing-exploration-intricate-profession-1nurse-com-iedyc/.

The “compassionate care” part is important, as Foster+Freeman notes in a separate article:

We have focussed a lot on how the investigation works when looking for crimes of a distressing nature but not actually how this investigation process can affect the victim of these crimes and put the victim first. This period can be incredibly distressing for the victim, and the investigation can make this worse as it is making the victim re-live this experience.
https://www.linkedin.com/pulse/victim-first-forensics-focusing-victims-crime-foster-freeman-gnw6e/

As part of their duties, the forensic nurse has to capture evidence from the very parts of the body that were assaulted during the abuse crime itself. No one wants to go through that again. How can evidence capture be less invasive?

Three ways to minimize invasive evidence capture

While it’s not possible to completely erase the pain that crime victims suffer during a forensic investigation, there are ways to minimize it. The Foster+Freeman article highlights three ways to do this:

Capture evidence via non-invasive techniques. As a supplier of alternate light source (ALS) technology, Foster+Freeman notes that its products can discover evidence, even at the subdermal layers, without touching the victim. “Using an ALS is a non-invasive and non-destructive way to examine potential evidence on the skin. This is especially important when dealing with fragile or sensitive skin, as it minimizes the risk of causing further harm during the examination process.”
Capture evidence quickly. Forensic nurses do not want to prolong an examination. There are ways to gather evidence as quickly as possible. For example, rather than using multiple ALS devices, you can use a single one; Foster+Freeman’s Crime-lite^® X Serology Search Kit is “a multispectral light source that has been made with five wavelengths of light integrated into one unit.”

From https://fosterfreeman.com/crime-lite-x/.

Capture evidence thoroughly. What’s the point of putting a victim through the trauma of evidence capture if it doesn’t result in a conviction? Because of this, it’s important to capture as much evidence as possible. A variety of alternate light sources accomplishes this.

Foster+Freeman is just one of a multifarious array of companies that supply evidence collection solutions to forensic nurses and other forensic professionals.

And no, Foster+Freeman didn’t sponsor this post, although Bredemarket is available to provide writing services to Foster+Freeman or to other companies who need to drive content results.

And now that I’ve successfully used “multifarious,” I need to find a way to use “deleterious.” Keep your eyes open.

Why Knowledge-Based Authentication Fails at Authentication

In a recent project for a Bredemarket client, I researched how a particular group of organizations identified their online customers. Their authentication methods fell into two categories. One of these methods was much better than the other.

Multifactor authentication

Some of the organizations employed robust authentication procedures that included more than one of the five authentication factors—something you know, something you have, something you are, something you do, and/or somewhere you are.

From Krishamurty Pammi, https://krishnamurtypammi-technology.blogspot.com/p/security-management-two.html.

For example, an organization may require you to authenticate with biometric data, a government-issued identification document, and sometimes some additional textual or location data.

From IDmission, https://www.idmission.com/identity-solutions/identity-verification.

Knowledge-based authentication

Other organizations employed only one of the factors, something you know.

Not something as easy to crack as a password.
Instead they used the supposedly robust authentication method of “knowledge-based authentication,” or KBA.

The theory behind KBA is that if you ask multiple questions of a person based upon data from various authoritative databases, the chance of a fraudster knowing ALL of this data is minimal.

From Alloy, “Why knowledge-based authentication (KBA) is not effective,” https://www.alloy.com/blog/answering-my-own-authentication-questions-prove-that-theyre-useless.

Steve Craig found out the hard way that KBA is not infallible.

The hotel loyalty hack

Steve Craig is the Founder and CEO of PEAK IDV, a company dedicated to educating individuals on identity verification and fraud prevention.

From PEAK IDV, https://www.peakidv.com/.

Sadly, Craig himself was recently a victim of fraud, and it took him several hours to resolve the issue.

I’m not going to repeat all of Craig’s story, which you can read in his LinkedIn post. But I do want to highlight one detail.

When the fraudster took over Craig’s travel-related account, the hotel used KBA to confirm that the fraudster truly was Steve Craig, specifically asking “when and where was your last hotel stay?”
Only one problem: the “last hotel stay” was one from the fraudster, NOT from Craig. The scammer fraudulently associated their hotel stay with Craig’s account.
This spurious “last hotel stay” allowed the fraudster to not only answer the “last hotel stay” question correctly, but also to take over Craig’s entire account, including all of Craig’s loyalty points.

And with that one piece of knowledge, Craig’s account was breached.

The “knowledge” used by knowledge based authentication

Craig isn’t the only one who can confirm that KBA by itself doesn’t work. I’ve already shared an image from an Alloy article demonstrating the failures of KBA, and there are many similar articles out there.

The biggest drawback of KBA is the assumption that ONLY the person can answer all the knowledge corrections correctly is false. All you have to do is participate in one of those never-ending Facebook memes that tell you something based on your birthday, or your favorite pet. Don’t do it.

Why do organizations use KBA?

So why do organizations continue to use KBA as their preferred authentication method? Fraud.com lists several attractive, um, factors:

Ease of implementation. It’s easier to implement KBA than it is to implement biometric authentication and/or ID card-based authentication.
Ease of use. It’s easier to click on answers to multiple choice questions than it is to capture an ID card, fingerprint, or face. (Especially if active liveness detection is used.)
Ease of remembrance. As many of us can testify, it’s hard to remember which password is associated with a particular website. With KBA, you merely have to answer a multiple choice quiz, using information that you already know (at least in theory).

Let me add one more:

Presumed protection of personally identifiable information (PII). Uploading your face, fingerprint, or driver’s license to a mysterious system seems scary. It APPEARS to be a lot safer to just answer some questions.

But in my view, the risks that someone else can get all this information (or create spurious information) and use it to access your account outweigh the benefits listed above. Even Fraud.com, which lists the advantages of KBA, warns about the risks and recommend coupling KBA with some other authentication method.

But KBA isn’t the only risky authentication factor out there

We already know that passwords can be hacked. And by now we should realize that KBA could be hacked.

But frankly, ANY single authentication can be hacked.

After Steve Craig resolved his fraud issue, he asked the hotel how it would prevent fraud in the future. The hotel responded that it would use caller ID on phone calls made to the hotel. Wrong answer.
While the biometric vendors are improving their algorithms to detect deepfakes, no one can offer 100% assurance that even the best biometric algorithms can prevent all deepfake attempts. And people don’t even bother to use biometric algorithms if the people on the Zoom call LOOK real.
While the ID card analysis vendors (and the ID card manufacturers themselves) are constantly improving their ability to detect fraudulent documents, no one can offer 100% assurance that a presented driver’s license is truly a driver’s license.
Geolocation has been touted as a solution by some. But geolocation can be hacked also.

In my view, the best way to minimize (not eliminate) fraudulent authentication is to employ multiple factors. While someone could create a fake face, or a fake driver’s license, or a fake location, the chances of someone faking ALL these factors are much lower than the chances of someone faking a single factor.

You knew the pitch was coming, didn’t you?

If your company has a story to tell about how your authentication processes beat all others, I can help.

U.S. Sports Betting Tax Revenue

On Tuesday, February 13, Adam Grundy (supervisory statistician in the U.S. Census Bureau’s Economic Management Division) published an article entitled “Quarterly Survey of State and Local Tax Revenue Shows Which States Collected the Most Revenue from Legalized Sports Betting.”

From https://www.census.gov/library/stories/2024/02/legal-sports-betting.html

According to Grundy:

New York was the state with the largest share of the nation’s tax revenue in the (third) quarter of 2023: $188.53 million or more than 37% of total tax revenue and gross receipts from sports betting in the United States. Indiana ($38.6 million) and Ohio ($32.9 million) followed.
From https://www.census.gov/library/stories/2024/02/legal-sports-betting.html.

Are you wondering why populous states such as California and Texas don’t appear on the list? That’s because sports betting is only legal in 38 states and the District of Columbia.

Sports betting in any form is currently illegal in California, Texas, Idaho, Utah, Minnesota, Missouri, Alabama, Georgia, South Carolina, Oklahoma, Alaska and Hawaii.
From https://www.forbes.com/betting/legal/states-where-sports-betting-is-legal/#states_where_sports_betting_is_illegal_section.

Sports betting was not legal in Florida during the 3rd quarter of 2023, but was subsequently legalized.

Which returns us to California and Texas, opposites in many ways, who are agreed in the opinion that sports betting is undesirable.

But the remaining states that allow sports betting need to ensure that the gamblers meet age verification requirements. (Even though they have a powerful incentive to let underage people gamble so that they receive more tax revenue.)

“Looks like the over-under for the NBA All-Star Game is 400, Mikey.” By Adrian Pingstone – Transferred from en.wikipedia, Public Domain, https://commons.wikimedia.org/w/index.php?curid=112727

If your identity/biometric firm offers an age verification solution, and you need content to publicize your solution, contact Bredemarket.

The Pros and Cons of Discriminating Your Product by Quantifying Your Benefits

Some firms make claims and don’t support them, while others support their claims with quantified benefits. But does quantifying help or harm the firms that do it? This pudding post answers this question…and then twists toward the identity/biometrics market at the end.

The “me too” players in the GCP market

Whoops.

In that heading above, I made a huge mistake by introducing an acronym without explaining it. So I’d better correct my error.

GCP stands for Glowing Carbonated Pudding.

I can’t assume that you already knew this acronym, because I just made it up. But I can assure you that the GCP market is a huge market…at least in my brain. All the non-existent kids love the scientifically advanced and maximally cool pudding that glows in the dark and has tiny bubbles in it.

Glowing Carbonated Pudding. Designed by Google Bard. Yeah, Google Bard creates images now.

Now if you had studied this non-existent market like I have, you’ll realize from the outset that most of the players don’t really differentiate their offerings. Here are a few examples of firms with poor product marketing:

Jane Spain GCP: “Trust us to provide good GCP.”
Betty Brazil GCP: “Trust us to provide really good GCP.”
Clara Canada GCP: “Trust us to provide great GCP.”

You can probably figure out what happened here.

The CEO at Betty Brazil told the company’s product marketers, “Do what Jane Spain did but do it better.”
After that Clara Canada’s CEO commanded, “Do what Betty Brazil did but do it better.” (I’ll let you in on a little secret. Clara Canada’s original slogan refereneced “the best GCP,” but Legal shot that down.)

Frankly, these pitches are as powerful as those offered by a 17x certified resume writer.

The quantified GCP

But another company, Wendy Wyoming, decided to differentiate itself, and cited independent research as its differentiator.

Wendy Wyoming Out of This World GCP satisfies you, and we have independent evidence to prove it!

The U.S. National Institute of Standards and Technology, as part of its Pudding User Made (PUM, not FRTE) Test, confirmed that 80% of all Wendy Wyoming Out of This World GCP mixes result in pudding that both glows and is carbonated. (Mix WW3, submitted November 30, 2023; not omnigarde-003)

Treat your child to science-backed cuisine with Wendy Wyoming Out of This World GCP!Wendy Wyoming is a top tier (excluding Chinese mixes) GCP provider.

But there are other competitors…

The indirect competitor who questions the quantified benefits

There are direct competitors that provide the same product as Wendy Wyoming, Jane Spain, and everyone else.

And then there are indirect competitors who provide non-GCP alternatives that can substitute for GCPs.

For example, Polly Pennsylvania is NOT a GCP provider. It makes what the industry calls a POPS, or a Plain Old Pudding Sustenance. Polly Pennsylvania questions everything about GCP…and uses Wendy Wyoming’s own statistics against it.

Fancy technologies have failed us.

If you think that one of these GCP puddings will make your family happy, think again. A leading GCP provider has publicly admitted that 1 out of every 5 children who buy a GCP won’t get a GCP. Either it won’t glow, or it’s not carbonated. Do you want to make your kid cry?

Treat your child to the same pudding that has satisfied many generations. Treat your child to Polly Pennsylvania Perfect POPS.

Pennsylvania Perfect remembers.

So who wins?

It looks like Polly Pennsylvania and Wendy Wyoming have a nasty fight on their hands. One that neck-deep marketers like to call a “war.” Except that nobody dies. (Sadly, that’s not true.)

Some people think that Wendy Wyoming wins because 4 out of 5 of their customers receive true GCP.
Others think that Polly Pennsylvaia wins because 5 out of 5 of their customers get POPS pudding.

But it’s clear who lost.

All the Jane Spains and Betty Brazils who didn’t bother to create a distinctive message.

Don’t be Jane Spain. Explain why your product is the best and all the other products aren’t.

Copying the competition doesn’t differentiate you. Trust me.

From https://www.yourgreenpal.com/blog/is-there-an-uber-for-lawn-care

The “hungry people” (target audience) for THIS post

Oh, and if you didn’t figure it out already, this post was NOT intended for scientific pudding manufacturers. It was intended for identity/biometric firms who can use some marketing and writing help. Hence the references to NIST and the overused word “trust.”

If you’re hungry to kickstart your identity/biometric firm’s written content, click on the image below to learn about Bredemarket’s services.