As to the software as a service approach, it sounds like this is something that can be and should be implemented enterprise-wide. While individual agencies, for instance state or local governments, might bring it on, is this also something that would be an important approach across the enterprise?

Also, as we talk about digital identity assessment as well as the overall layered approach, what’s the potential for a false positive in terms of what the process would detect?

First, anywhere there is a digital interaction, either with systems or with employee access, the digital identity assessment can be layered.

As far as false positives, with a risk-based approach, it’s not black and white. You’re getting a risk score that’s between 100% risk and 0% risk — so, for example, if the risk is above a certain threshold you may not refuse access, but you’ll put them through an extra challenge question or some other authentication technique that enables you to verify that they are who they say they are.A risk-based approach is completely different from a traditional authentication approach where you either do or don’t get in – here, you have the ability to effectively define how the customer journey works and determine those thresholds in the model that will enable you to decide how you want to work with the false positives. There are always false positives in every system and you look to use layering in the most effective way to enhance the customer experience, while still keeping the majority of the fraud and cyber threats out.