In short, the discussions centered on issues that define how individuals can take better control of their personal information (with or without the help of “3rd Parties”) to promote more efficient ways to carry out Conversational Commerce. Vendor Relationship Management (VRM) was also at the core of discussion, both at the C3 Salon and at IIW, making it clear that the time has come for VRM to move from high concept to more mundane issues around the business considerations that underlie personal data storage, user authentication, privacy protection and tools that, at base, foster trust among individuals and companies who want to carry out business (or conversations) between one another.

Five years after the launch of ProjectVRM at Harvard Law’s Berkman Center, “Vendor Relationship Management” is a topic area that invites more detailed definition. I believe we have successfully positioned it as a complement to existing CRM (Customer Relationship Management) systems which trace their lineage back to the efforts of Tom Siebel (and a few others) in the mid-1990s. Enterprises around the world will spend well in excess of $14 billion this year on systems that capture, aggregate, analyze, interpret and respond to data generated (or emitted) by individuals as they cruise the web, use their wireless phones, make purchases or otherwise carry out everyday activities. Today, that investment gravitates toward technologies that monitor data streams to detect intent and support other business objectives, including new sales, customer loyalty, upsells and cross-sells.

As I noted in this post, any “CRM versus VRM” discussion is off-base. There is no “either/or” proposition. Both individuals and marketers benefit from a “both/and” construct whereby individuals (as browsers, shoppers, radio listeners, customers or whatever other context he or she may bring) opt into a system or use a 3rd party (or 4th party) service that enables them to control and share the terms and conditions under which they are willing to make their personal data available either to other people or to businesses.

This year’s IIW was particularly timely because it provided forums where attendees from start ups, standards bodies, technology providers, government agencies, communications carriers and large enterprises could discuss and define the software, services and schema that will make it easier for individuals to assert their identities and take control of their personal data as required to carry out activities, both online and off. In the past, IIW was a colossally “insider” gathering for the firms giving shape to initiatives underlying “single sign-on” to multiple Web services, “3rd party authentication” (like OAuth), Personally Identifiable Information (PII) and, rightfully, Identity Management. This year IIW attracted a larger and broader spectrum of companies, embracing communications carriers, “Big Data” (in general) and e-commerce. Thus, Ping Identity, Singly, Connect.me and other startups could rub elbows with the likes of Microsoft, Oracle, PayPal (eBay), Adobe, Intel, Orange (France Telecom), SVOX, Ericcson, AT&T, Telus and IBM.

IIW culminated with IIW+Yukon” Day, designed to invoke the dual image of a gold rush into a wild frontier of opportunities. Organizers described it as follows: “One purpose of Yukon is to start to focus on business models and value propositions, so we will specifically be reaching out to angels and VC’s who are interested in personal data economy plays and inviting them to attend.” They were successful in attracting investment candidates like Singly.com (closely affiliated with LockerProject), Azigo (an online electronic wallet), Connect.me (whose founders are promoting a “Trust Fabric” for sharing and protecting personal information), ChaChanga (operator of a “personal broadcasting” platform) and a few others.

What struck me throughout IIW, IIW+Yukon and the Opus Resarch C3 Salon was that “achieving business objectives” is the most common denominator for all three initiatives. Individuals, both knowingly and unknowingly, are the source or a tremendous amount of personal data. There is a move afoot among businesses to convert that data into “intelligence” – by capturing as much as possible and putting it through analytic resources that derive meaning, impute “intent” and (with hope) build loyalty or, at least, stronger engagement. CRM and analytics software providers have already built a business around managing “customer data.” They are joined by third parties like credit bureaus, “social media,” and aggregators like RapLeaf, Intelius Manta and others. If you can understand the business underlying the service bureaus operating on behalf of mortgage bankers, retailers, credit card issuers and car dealerships, you can understand the need (and the business objectives) that can be served by a 3rd party (or 4th party) that caters to a few simple requirements of “savvy” individuals (in their roles as shopper, search engine user, mobile subscriber or social media participant.

Individuals want to define the terms and conditions under which they are willing to share their personal data. When and if they upload information, photos or their location to an online resource (be it a social site like Facebook or Foursquare or just their supposedly neutral mobile phone carrier) they want assurances that the info won’t be shared without permission. As they go through everyday activities, they are destined to shift from “persona A” (private citizen in car) to “persona B” (employee in cubicle) to “persona C” (person shopping for a new bike). The third party that can make selected personal data available as needed in the real-time context of an interaction, will greatly benefit from participating in the Personal Data Ecosystem.

The CRM architecture insures that multiple copies of personal data reside in multiple repositories around the world (and out of the control of individuals). VRM defines roles, responsibilities and (ultimately) revenues for third parties to provide a safe, trusted repository for the information and data that can support a transaction. We don’t know for sure who the third party will be or what the exact nature of the information is, but we do know that it is not designed to replace CRM (which has over fifteen years of development and deployment behind it).

We have to acknowledge that the development and maturity of these information systems will, in no way, obviate the need for person-to-person interaction (aka conversations). What Opus Research is following with great interest is how the tectonic shift taking place between enterprise-centric CRM and individual-centric VRM impact the contact center, especially help desk and support lines where customer service agents have gone far beyond their traditional role of supporting triage and escalation, if necessary.

VRM is destined to enhance the value of existing investment in both CRM systems and contact center infrastructure. At the same time, savvy enterprise IT and communications infrastructure providers have started to define a path beyond the confines of the corporate firewall. The growing popularity of Facebook, Skype, Twitter, Google Apps, LinkedIn and Twitter are seeping into and (in some cases) supplanting company-sanctioned collaboration platforms – like Microsoft’s Lync, IBM Sametime and Cisco Quad.

Ceding more control to end users is no longer optional and, when it comes to “customer collaboration” – VRM is destined to provide the guiding principles. That’s why it is so important for the teams who link IT investment to business objectives to recognize right now that there is a tremendous upside to understanding (and embracing) the emerging Personal Data Ecosystem (PDE), as a step beyond the emerging disciplines surrounding “Identity Intelligence,” which a lead strategist at Oracle, Nishant Kaushik, described as “identity management, data mining, business processing and analytics” coming together “to address enterprise needs for greater transparency, compliance, risk management and business decision support.”

If VRM is added to the equation, those corporate goals can be achieved in concert with each customer or prospect’s needs for greater transparency, collaboration, risk management and decision support. They are not totally congruent, but you get the idea.

One of the banes of phone-based commerce is the phrase, “Your call is important to us.” It tends to be the last thing an inbound customer hears from an IVR system before being put on interminable hold. It would be much more reassuring – and accurate – for an IVR to say that “Your identity is very important to us” and then, rather than indiscriminately placing each call on hold, to treat each caller according to his or her expressed preferences, status, or other known attributes.

Both businesses and technology providers repeatedly affirm that “caller experience is of paramount importance.” Yet, that does not mean that they place risk management or security in a lesser role. They recognize that speaker verification provides a mechanism to serve these seemingly contradictory goals – highly usable, highly secure interactions.

For too long the most common practice for handling inbound calls was to put even their best customers through onerous question-and-answer routines to validate their identity based on “knowledge-based authentication.” While it is deemed “good enough,” it is neither customer-friendly (because it takes so long), nor particularly secure (because the information is often available through a number of physical or online sources).

Instead of making the spurious claim that “your call is important to us,” leading-edge service providers, like Australia’s largest healthcare specialist ahm (Australia Health Management), and one of its top banks (National Australia Bank) are showing customers in practice that “your identity is important to us.” Their use cases are “inclusive,” meaning that the use of speaker verification addresses both UI and security concerns, providing a “win-win” for customer and company alike. Both recognize that quick, accurate authentication is beneficial to the customers as well as to the business enterprise.

Strong Authentication Raises Confidence
As the number of customer-facing voice verification implementations grows, enterprises and their technology providers have already learned the value of strong caller authentication. They’ve also learned that voice biometric authentication never exists in a vacuum. Low levels of confidence in a voice biometric match seldom leads to outright rejection of a call. Instead, they trigger routines to obtain other information that can include CallerID or ANI (automated number identification) as well as “risk profiles” based on customer records, transaction history, “last known location” and the like.

Voice biometric-based authentication can replace or augment the entry of the caller’s account number. When the captured utterance matches a stored voiceprint, the authentication engine returns a high-confidence indicator (“green light”). If there are no other concerns, the caller can proceed toward accomplishing the purpose of the call.

As for market potential, Opus Research sees global spending on Voice Biometrics-based solutions (a category that goes far beyond customer care to include automated password reset, remote “time and attendance” reporting, voice signatures, mobile security and the like) reaching about $124 million in 2009 and growing to roughly $260 million in 2014 (roughly 16% compounded annual growth rate).

The biggest challenge is developing expeditious call flows for handling calls which, for any number of reasons, might fall into one or more gray areas in user authentication. Perhaps the risk profile is high and the call originates from a noisy environment. Automated, phone-based authentication could be difficult. Businesses, and their technology providers, must also build the business logic to govern situations where there is a strong match to the voice biometric, but the risk management system calls for additional authentication based on other metadata (such as a report of a lost payment card).

Solutions providers offer a considerable number of options to deal with the instances where other resources (such as the risk management system) yield a “yellow,” or worse “red” light. Calls may originate from unknown devices, in unexpected geographic locations. The voice biometric may indicate strong confidence in the caller’s identity, but he or she may not remember a pass-phrase or know the actual response to a wallet-based query. (How many of us can accurately answer, “What was the exact amount of your last purchase at a bar or eating establishment?”) Companies have considerable leeway in designing call flows and agent scripts for these instances.

A well-designed authentication routine will minimize the instances that require lengthy, agent-based authentication. Experience in the field is helping to establish “best practices” for dealing with those “caution light” situations when a caller cannot be totally rejected, nor can a company readily allow them access them to sensitive information or personal funds. Agents have important roles to play in establishing caller expectation and, in essence, training them to use the system. They may end up resorting to KBA (knowledge-based authentication) but they will be able to explain to the customer why they are being subjected to further questioning.

The customer care pendulum is swinging away from a short list of company-driven choices toward a wide-range of customer-defined interactions and transactions. Rapid recognition and protection of a caller’s identity and associated information is the basis of higher quality customer care. Over the phone, deployment of voice biometric-based identity proofing can make such authentication simpler, faster and more pleasant. A growing body of “real world” experience shows that voice biometrics streamline the authentication process and lead to shorter calls which are more economical for the company and a better experience for the caller.