Presented by Goode Intelligence #IDSumLon2020 · 2020-02-13 · Open Banking Timeline 2016 2017...
Transcript of Presented by Goode Intelligence #IDSumLon2020 · 2020-02-13 · Open Banking Timeline 2016 2017...
Presented by
Goode Intelligence
30th January 2020
#IDSumLon2020
OUR SPONSORS &
PARTNERS – Thank You!
OPENING KEYNOTE
10:25 – 11:00
#IDSumLon2020
Open Identity & Open Banking
Nick MothershawExecutive Director
Open Identity Exchange
Chris MichaelHead of Technology,
Open Banking & CEO, Ozone
The Identity Ecosystem Status
January 2020
National Trust Framework
Trust Scheme
Trust Scheme
ID Broker
ID Broker
FRAMEWORK
SCHEME
ID BROKERS
INTEROPERABILITY OIX
RELYING PARTIES
IDENTITY PROVIDERS
ss schemes)schemes)Identity Providers
ID Broker
ID Broker
Trust Scheme
ID Ecosystem – Global Model
National Trust Framework
Trust Scheme
Trust Scheme
ID Broker
ID Broker
ss schemes)schemes)Identity Providers
ID Broker
ID Broker
Trust Scheme
National Trust Framework
Trust Scheme
Trust Scheme
ID Broker
ID Broker
ss schemes)schemes)Identity Providers
ID Broker
ID Broker
Trust Scheme
USER
S
MARKET ADOPTION
OIX
ID ServiceIDENTITY SERVICES ID Service ID Service ID Service ID Service ID Service ID Service ID Service ID Service
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
National Trust Framework
Trust Scheme
Trust Scheme
ID Broker
ID Broker
FRAMEWORK
SCHEME
ID BROKERS
INTEROPERABILITY OIX
RELYING PARTIES
IDENTITY PROVIDERS
ss schemes)schemes)Identity Providers
RP
RP
RP
RP
ID Broker
ID Broker
Trust Scheme
ID Ecosystem – Regional Adoption
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
National Trust Framework
Trust Scheme
Identity Provider
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
National Trust Framework
Trust Scheme
ss schemes)schemes)Identity Providers
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
USER
S
MARKET ADOPTION
OIX
IDENTITY SERVICES ID Service ID Service ID Service ID Service ID Service ID Service ID Service ID Service ID Service
FRAMEWORK
SCHEME
ID BROKERS
INTEROPERABILITY OIX
RELYING PARTIES
IDENTITY PROVIDERS
ID Ecosystem – UKU
SERS
MARKET ADOPTION
OIX
IDENTITY SERVICES
ID Broker
ID Broker
RP
RP
RP
RP
ID Broker
ID Broker
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
ID Broker
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
RP
UK Trust Framework
ID Service ID Service ID Service ID Service ID Service ID Service ID Service ID Service ID Service
ss schemes)schemes)Identity Providers
Financial Services Scheme
Government Scheme
Other Sector
Schemes
Travel Scheme
Gambling Scheme
Trust Framework FundamentalsInteroperability: for users and relying parties
ID TRUST
ID Proofing and Verification
ID Authentication
Consumer Information and Protection
Trustmark
Identity Information PackageLoAs, Attributes, ID Evidence
Fraud and Cyber Controls
Security and Technical Requirements
Legal and Performance Requirements
User Experience
UK Government activities
9
Call for Evidence Access to Government DataTrust Framework
Commercial Framework Regulatory AcceptanceDigital Identity Unit
Competent Authority
Anti-Money Laundering
2021
(for Government)
But who is going to use Digital IDs? And When?
TRUST
VOLUME
TRAVELGOVERNMENT
EMPLOYMENT
RETAIL
ADULT
GAMBLING
FINANCE
INSURANCE
UTILITIES
What’s stopping them?
• Critical Mass of Digital IDs
• Regulatory Acceptance
• Business Case
• Liability Models
• What happens if it goes wrong?
How will a UK Trust Framework, DIU and an ID Competent Authority help accelerate Digital ID adoption?
11
• Regulatory Acceptance• DIU will make sure sector regulators allow Digital IDs to be accepted• Finance KYC AML already being addressed• Pension Dashboard consultation response endorses use of Digital ID to UK Framework Standard (GPG45) • What sectors next?
• Business Case• Cost to operate will be better understood• Regulatory acceptance will mean IdPs can see line of sight to revenue
• Liability Models / What happens if it goes wrong?• Framework will define the HIGH LEVEL rules• Will Competent Authority be the ultimate arbiter?• Commercial / Legal details will PROBABLY be down to Trust Schemes / ID Brokers
• Critical Mass of Digital IDs• Framework COULD make it easier for those with millions of IDs to enter the market as ”Identity Providers”
Who is going to be an ID Provider?
BanksSpecialist
IdPs
Telcos
Internet Giants
Disruptor
What is OIX doing?
Trust and Liability
Interoperability and Standards
Architecture Interoperability
Inclusion
Relying Party Sector Focus Groups
Trust Framework Interoperability Fundamentals
Consumer Principles and Trustmarks
OIX Directory
Working Groups Analysis Execution
Role of an ID Competent Authority
Reviews of UK Trust Framework DRAFTS
Unlocking the potential of open banking
30 Jan 2020
Chris Michael
© Open Banking Limited 2020
Open Banking is a global construct
Regulatory v market drivers
CMA Order PSD2
Market Needs
CMA
NCAs
The OBIE Standard
17
1. No shared
credentials
2. Same AuthN
Methods
3. No unnecessary
steps or friction
Trust Framework
NCA 2Authorised
Third Parties
Account
Providers
Directory
NCA 1 NCA 3
QTSP 2QTSP 1 QTSP 3
Open Banking Timeline2016 2017 2018 2019 2020
Sep 2016: OBIE formed Jan 2018: PSD2 comes into force
Mar 2019: APIs to be available for testing
R/W Standard v1 Sep 2019: PSD2/RTS deadline
Mar 2020: FCA adjustment period ends
CMA9
implementation
R/W Standard v2CMA9
implementation
R/W Standard
v3.1v3.1.1 - 3.1.x v3.2.x
CMA9 + other ASPSP
implementation
TBC
AISP adoption
PISP and CBPII adoption
CMA9 + other ASPSP implementation
Feb/Mar 2020: revised CMA order plan
The UK Ecosystem (Dec 2019)
• 75 ASPSPs
• 100 TSPs
• 300 TPPs (<150 authorised/live)
• 100 customer facing apps (live or close to live)
• >1m customers (CMA9)
• >250m API calls/month (CMA9)
• <50k payments (CMA9)
Example use cases
Personal Finance Business Accounting Unbundling Overdrafts
Better Lending Ecommerce International Payments
What’s next?
Evolution of the standard
To include regulatory changes, CoP/CRM in PISP journeys,
and Variable Recurring Payments
Implementation improvement
Ongoing monitoring and support, with a focus on
reduced authentication friction, and conformance/certification
Ecosystem growth
Activity and services to drive adoption by ASPSPs, TPPs and TSPs, thereby enabling
more PSU propositions
End customer benefits envisaged by the CMA Order
Identity standards should enable/support
• Combining with/supplementing PSD2 services
• BankID services
• Open Finance (inc non PSD2 accounts)
• Smart Data
• Aligned to DIU and OIX
• Interoperability with other global standards
Thank youwww.openbanking.org.uk
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
Latest trends from the
World of Digital Identity
Alan GoodeCEO & Chief Analyst
Goode Intelligence
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
100,000 Years Ago
Shells
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
5,000 Years Ago
Tattoos
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
3800 BC
Population Census
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
450 BC
Passports
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
Recent Times
The return of the
blue passport…
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
The Picture Today
Evolution not Revolution
“We are in a state of transition where
we will have a combination of old
and new Identity – physical ID
documents and digital Identity”
David Britton, Experian
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
Digital Identity &
Document Verification
Solving an Immediate Problem
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
Digital Identity &
Document Verification
Market Drivers & Adoption
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
Digital Identity
Verified Digital Identity
A digital identity that is issued
by an identity issuer or provider
who has a high level of assurance
of the authenticity of the individual
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
Digital IdentityModels
Source: Gemalto, a Thales company
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
ANALYST VIEWPOINT
11:00 – 11:30
#IDSumLon2020
PANEL
11:30 – 12:15
#IDSumLon2020
Diversity & Inclusion in Identity
Chair – Emma LindleyCo-Founder of Women in Identity
Schehrezade DavidsonCEO of Tricerion Limited
Charlotte HackettAssociate Director of psd Group
Cindy WhiteVice President, Global Marketing of Mitek Systems
KEYNOTE
12.15 – 12:40
#IDSumLon2020
Bridging the Onboarding Journey
Together with Frictionless Authentication
Mark Matthews Vice President
UK & Ireland, Daon
1
Bringing the Onboarding Journey Together with Frictionless
Authentication
Mark Matthews
VP, UK & I
2
About Daon
Founded in 2000 by Dermot Desmond
• Washington DC, USA (HQ)• London, England• Dublin, Ireland• Canberra, Australia• Hong Kong, SAR China• Belgrade, Serbia• Lagos, Nigeria• Tokyo, Japan
THE MOST TRUSTED NAME IN BIOMETRIC IDENTITY ASSURANCE FOR OVER TWO DECADES
• Cross-Channel Multi-Factor Biometric Authentication and Onboarding Platform
• Millions of Users on 6 Continents• 1 Billion+ identities we’ve been chosen to secure• 100 Million+ authentications performed each day• 160+ groundbreaking technology patents• 150+ major financial firms using our technology• 100+ biometric algorithms
33
What’s Driving Simpler Onboarding?
#1The #1 reason why
banking consumers abandoned
an online application was because
“it look too long to complete.”
Financial Brand
$4kA typical bank onboarding
process costs up to $4,000 per
new customer
Goode Intelligence
50%50% of clients surveyed about their customer
service indicated that in the last 12 months, they
had to re-supply the bank with copies of their
identity documents
Deloitte
43%43% of millennials find that it is easier
to set up an account with a fintech mobile app
than a checking account at a bank
EY
Abandonment rates for online
banking applications are at an all-
time high
Forrester
97%
$60MThe average financial
organization spends $60m
annually on basic KYC needs
Thompson Reuters
4
Your Identities for Sale!
Social
Security
Number
$1
Credit Card
Number
$5-$30
Online Bank
Details
$20-200
Driver’s
License
$20
Medical
Records
$1-1000
Passport,
Selfie &
Utility Bill
$60
5
• Population: 4.78 Million
• Fraud Ranking: 3rd
• Exercise Ranking: 154th
Welcome to New Zealand!
6
Introducing RealMe®
• Renew a driver’s license or passport
• Open a bank account
• Apply for student loans
All from the Comfort of Home
7
AbandonmentIn Person Capture
43%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
1
The In-Person Abandonment Problem
8
Digital Identity EstablishmentFrom the Couch
FRICTIONLESS, SECURE
Secure Onboarding from the Couch
• Web or mobile app compares your selfie to
the Government’s trusted source image
• Passive and active liveness assessments
confirm you’re a real person
• Human review console facilitates
adjudication of close calls
9
• Branch
• Mobile
• Web
Omni-Channel
CLICK FOR CASE STUDY
Omni-Channel Engagement
10
CustomerOnboarding
UserAuthentication
Two Sides of Identity Corroboration
11
• Biometric Blacklists to detect and prevent
repeat fraudsters
• Biometric Searching to search for duplicate
registrations
• Biometric Liveness Checks to ensure it’s a
real person (not photos, videos, masks, etc.)
• Biometric Authentication to enable strong
customer authentication
The Role of Biometrics – for Corroborating Identity
12
Case Study: Cross-Channel Biometric Authentication and e-KYC
13
Case Study: Cross-Channel Biometric Authentication and e-KYC
At a Glance;• Easy-to-use service• Meets e-KYC requirements• Provides a future-proofed, best-of-
breed biometric engine capability • Eliminates expense and complexity• Immediate cost savings• https://www.daon.com/resources/cas
e-studies/polarify
14
App-only Bank: Atom Bank
Passcode – choose a six-digit
passcode
Face – Take a selfie and you
can use any device with a camera
Voice – Record and enroll your
secure pass phrase
First UK Bank to provide a choice
of login options;
15
A Holistic View of Digital Onboarding and Ongoing Authentication
According to Gartner, Identity Proofing and Corroboration (IPC) is the combination of activities such that;• The real-world identity exists
• The presentation must exhibit genuine human presence (i.e., the person is the authentic possessor of that identity and that’s confirmed in real time)
• This process aligns the real-world identity, the digital identity and the person submitting the identity claim
16
The Role of Biometrics: Seamless, Cross- Channel Identity Journeys
For more information:
www.daon.comMark Matthews
VP, UK & I
+44 7967 110 164
SUMMIT KEYNOTE
13:30 – 14:05
#IDSumLon2020
Proving & Managing Customer Identity
A Great Customer Experience?
Ray HockleySenior Pre-Sales Solution Manager
Hitachi Europe
Simon WoodCEO, Ubisecure
Proving and Managing Customer Identity
A Great UserExperience?
Ray Hockley Simon WoodHead of Presales Hitachi CEO [email protected] [email protected]
Identity is complex
Customers are different, scenarios are broader
Friction is the enemy of done
The customer and legislations demands Security
Loss of data
Stolen logins
Password stuffing
Confidentiality
GDPR, PSD2……..
How do we deliver what the customer demands
CUX
Security
The customer wants a great user experience
Fast access to their information
Easy to access services
Simple to use
Personalized experience
How do we deliver what the customer demands
CUX
Security
Customer Retention
• Cart abandonment
• Fast entry
• Correct resources
Removal of Password management
• Costs
• Effort
• Attack vector
• Customer frustration
Know who is making transaction
• Guarantee Identity
• Reduce fraud
• Best user experience
Identity management
Using a simple Biometric
solution
CustomerSecurity Improved
Delivery
Satisfaction Process
Experience Improvement
InnovationEfficiency
Competitive
Strategic
Communication
Transaction completion
Experience
What is VeinID Five?
Step 7Customer SSO session
enabled
Step 8Customer provisions resources
in active SSO session
Step 9Customer logs out of active
SSO / session time-out
Joint Proposition Tagline & Underlying Visions
FAST, SIMPLE, SECURE, BIOMETRIC, CUSTOMER IAM
To be a pioneer in biometric Identity management creating proven, user friendly
and flexible solutions utilising 25 years of Hitachi’s Finger Vein technology.
Current-State User Journey (Standard Authentication)
Mortgage Life Insurance Pension
Future-State User Journey (OIDC Hand Gesture Authentication)
Mortgage Life Insurance Pension
Why Are We Partnering Together – a Joint Proposition
FAST, SIMPLE, SECURE, BIOMETRIC, CUSTOMER IAM
A unique biometric authentication and identity management solution offering a superior user experience, reducing risk of breach, whilst allowing your enterprise to leverage Identity-as-a-
Service to drive value and scalability.
Proven Identity-as-Service cloud
On-premise identity management platform
OpenID Connect infrastructure
Single-Sign-On and Multi-Factor Authentication
Proven Finger Vein biometric technology
Hardware less VeinID Five biometric tools
OpenID Connect infrastructure
Single-Sign-On and Multi-Factor Authentication
What are the Intended Benefits of Our Joint Proposition?
UX
FAST, SIMPLE, SECURE, BIOMETRIC, CUSTOMER IAM
A unique biometric authentication and identity management offering improving user experience, reducing risk of breach whilst allowing your enterprise to leverage Identity-as-a-Service to drive
value and scalability
Improve user experience for retention and capture
Remove cost of resetting passwords
Remove identity & password management overheads
Reduce / eliminate multiple logins
Reduce costs associated with password stuffing
Reduce direct & reputational costs of password breaches
Move to scalable platform-based solutions
Enhance control of assets / resources available to users
Cost
Security
Control
Summary
Fast access
Great user experience
Access everything available
Single sign on
Non- Repudiation
Access from any where
Reduced Phishing and stuffing
Password Removal
Customer Experience Security
Thank youHitachi Europe LimitedT: +44 (0) 1268 585000
W: hitachidigitalsecurity.com
Ubisecure IncT: +44 (0) 7718 232602
W: Ubisecure.com
INNOVATION SHOWCASE
14:05 – 14:30
#IDSumLon2020
Mark HarveyChief Revenue Officer
IPification
M-Identity RemasteredPasswordless Tomorrow Begins Today. No credentials,
tokens, SMS OTPs, header enrichment, or face scans.
A single tap with unparalleled security.
www.ipification.com
First Passport – UK
King Henry V – Granted the first passport to
allow his subjects to travel for trade purposes.
First Bio-Metric Passport
Malaysia 1998 – First Country in the
World to launch Bio-Metric Passport
First Ever Telephone
”Mr. Watson, Come Here”
First Ever Mobile Phone
Dyna TAC 8000x
Benefit Vantage Limited and IPification
• IPification is the advanced Mobile Identity brand within Benefit
Vantage Limited, a Hong Kong-based company also running
initiatives in Cyber Security solutions, Data Protection & Backup
and Mobile Content Distribution
• 55+ staff in six locations – USA, Hong Kong, Belgrade, Vietnam,
Schaffhausen (CH), Sarajevo, UK, Brazil
• IPification solution offers IP-based Operator Discovery,
Seamless Authentication, Device Verification, SIM and Device
Swap and Location/Proximity solutions all based on a simple,
fast and low-cost deployment model
• Live implementations with 7 mobile operators on 3 continents;
50+ mobile operators currently in implementation phase
• www.ipification.com
:
www. ip i f ica t ion .co m
IPification – How It Works
Overview of the IPification technical solution
Januaury 2020
The IPification ‘Golden Triangle’
MSISDN (Mobile Station International
Subscriber Directory Number)
Subscriber Mobile Number
Unique globally with country prefix
IMSI (international mobile subscriber
identity)
SIM Card identification number
Unique globally
IMEI (international mobile equipment
identity)
Mobile Handset identification number
Unique globally
IPification GMiD Box:
• Holds hashed unique values for
subscriber, device and SIM
• Persistent hash (no change) enables
device and SIM verification use
cases
• Change to ANY value flags change
to subscriber status
• IMSI and IMEI changes create SIM
Swap and Device Swap signals
The IPification Solution
SP IDGWIPification Client API (OIDC)
MNO
Global Billing dashboard
Technical
• One OIDC Client API for SP
• Simple to deploy (no telco ID Gateway
required)
• No need for Telco to expose separate APIs
Commercial
• Minimal cost for mobile operator
• Full transparency of real-time transactions and stats
(individual dashboards)
• Immediate revenues – established ecosystem
Smart Discover
y
MNO
MNO
Single API integration
SMS one-time code
replacementlP-based phone number verification and smart operator discovery.
Phone Number
+123 0 0 0
Login to
Your Application
Sorry, this number is not matching your
current device. Please double check.
CONFIRM CONFIRM
By clicking CONFlRM you are agreeing to the:
Terms and Conditions, Software License,
Privacy Policy and all other legal documents.
Phone Number
+123 4 5 6 789 0
Login to
Your Application
PhoneNumber
+123 |
Login to
Your Application
CONFIRM
ConnectingAuthenticating your phone
OK
Success!You’ve been authenticated
SIM Swap ProtectionReal-time flagging of SIM change in the user device. Proactive notification available.
Proximity Location and Roaming StatusIs your customer currently roaming? If Yes, in which country?
Returns True or False value if user is within predefined distance from a target location (ATM location , PoS, etc.)..
IPification GMiD Box -
features enabled
1. IP-based phone number verification
2. Seamless authentication
3. SIM Swap protection (proactive available)
4. Smart IP routing/discovery
5. Carrier Billing authentication
6. Device change detection (proactive available)
7. Proximity location
8. Roaming flag (proactive available)
Thank You
www. ip i f ica t ion . com
Mark Harvey, Chief Revenue Officer
FinTech & Telecom industries business leader for more than 20 years,
ex-GSMA Mobile Connect expert, top 100 influencers in Identity.
Jim Small, SVP Business Development
Over 25 years’ experience driving delivery of technology-based new
service in Telecom industry, ex Digital innovation leader in Orange UH
and Orange Group Technocentre.
Harry Cheung, Founder &President
Serial entrepreneur with more than 20 years of experience incybersecurity
and data protection, Top 10 Business Entrepreneurs in China.
– "Person of the Year in 2008”
Stefan Kostic, Chief Executive Officer
11 years of experience in the FinTech & Telecom industries, ex C-level in
Carrier Billing industry, Best Global Direct Carrier Billing (DCB) Aggregator
in 2017 Award and Tier 1 DCB vendor.
Aleksandar Brankovic, Chief Technology Officer
ICT professional with more than 15 years of extensive experience in
anything technology-related.
KEYNOTE
14:30 – 14:50
#IDSumLon2020
Use of Digital Identity at the Border
Advantages & Risks
Frank SmithChair, ENLETS Mobile
Digital ID at the Border
Advantages and Risks
Frank Smith
30 January 2020
•Security—for the border; for the country, against multiple / emerging threats
•Facilitation—efficiency and throughput for passengers eligible to enter; volumes are projected to double in 20 years
•Cost effectiveness—budgets aren’t limitless; austerity is real…
✓ ?
KEYNOTE
14:50 – 15:25
#IDSumLon2020
People and Technology
Creating Certainty in an
Uncertain World
Joe BloemendaalHead of Strategy
Mitek Systems
Joe Bloemendaal
Identity Verification Strategist
@ Mitek Systems
‘Creating certainty in an uncertain world.’
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
in Cinemas 2004
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
In a recent report, Gartner wrote: ‘..We therefore recommend that identity proofing solutions that rely on shared secret verification, such as out of wallet knowledge questions or memorable personal data, be phased out….’
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
5,000 startups worldwide up from 2,000 just three years ago.
first 9 months of this year VC poured $2,9B into neobanks. Up from $2,3B last year.
source: McKinsey
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
step 1
step 2
step 3
step 4
step 5
step 6
step 7
step 8
step 9
step x
HI & AI
document verification process
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
auto auto auto auto auto auto auto auto agent agent
AGENT ASSIST
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
auto agent agent agent agent agent agent agent agent agent
AGENT ASSIST
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
So do the numbers still work out?
Let’s have a look…..
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
350K NTB*
Fail KBA
150K Set app
In branch
90K CompleteIn branch
260K Gross loss
350K NTB*
Fail KBA
297,5K Approved
MITEK flow
52,5K Set app
In branch
31,5K CompleteIn branch
21K Gross loss
43%100% 26% 74%
100%
330K Approved
85% 15% 9%
94%
6%
current
withMobileVerify
Success rate in branch route after KBA fails
Success rate in digital route after KBA fails
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
Some quick assumptions to estimate ROI
Current costs and losses• Average Cost of Acquistion for a current account client : £ 50• Average Customer Lifetime Value current account holder : £ 250
Current direct costs and opportunity loss is:1. Direct costs > 260.000 x £50 = £ 13.000.0002. Oppurtunity loss > 260.000 x £ 250 = £ 65.000.000
>Total per year of : £ 78.000.000
Investment in remote KYC services• One-time set up (apex) : £ 40.000,00• Transactions 260.000/yr @ £2,00 (opex) : £ 520.000,00
• Total investment for 3 years : £ 1.680.000• Nr of approved customers = 945.000 x CLV : >£ 235M
> ROI : massive
© 2020 Mitek Systems Inc. Proprietary and Confidential ‹#›
1. eID(V) seems stuck between a rock and a hard place.
2. Online identity verification will rely on a combination of experts and
machines for a while.
3. It’s worth doing is well because the numbers add up and it is the
fundament to all other (future) interaction with customers.
KEYNOTE
15:25 – 15:45
#IDSumLon2020
The Role of Government Identity
In Commercial Identity
Andrew ChurchillSecurity Consultant and Researcher
Goode Intelligence
The role of Government Identity in Commercial Verification
Rise London, Barclays
30th January 2020
Andrew Churchill, Security Consultant
Lead Author, British Standards Institution’s Digital Identification, Strong Customer Authentication
Government or Commercial ID?
Intelligence?
The role of Government Identity in Commercial Verification
Rise London, Barclays
30th January 2020
Andrew Churchill, Security Consultant
Lead Author, British Standards Institution’s Digital Identification, Strong Customer Authentication
ID & Security Standards
Relations to a range of Legislative
& Regulatory Developments
• General Data Protection Regulation (GDPR)
• SARs – Subject Access Requests
• Anti-Money Laundering Directive 5 (AML5)
• SARs – Suspicious Activity Reports
• Network Information Systems Directive (NIS)
• Access Control
• Revised Payments Services Directive (PSD2)
• SCA - Strong Customer Authentication &
• TPPs - Third Party Providers
ID & Security Standards
Real-time updates?
• GDPR – DPA 2018
• Anti-Money Laundering Directive 5 (AML5)
• Revised Payments Services Directive (PSD2)
• TPPs - Third Party Providers
How often are TPP directories updated/
TPPs revoked?
Regulatory History
Genesis of the Standard
Electronic Identification, Authentication,
and Signatures (Seals) Regulation
(eIDAS) & Revised Payments Services
Directive (PSD2) – latter in force from
01/08/15, as EBA 2014 SecuRe Pay
‘Strong Authentication’ - Mandates multi-factor
authentication, but now brings in some interesting
caveats, as one or both of these factors:
• 1) must be mutually independent, i.e. the
breach of one does not compromise the
other(s);
• 2) should be non-reusable and non-replicable
(except for inherence);
• 3) designed in such a way as to protect the
confidentiality of the authentication data;
• 4) not capable of being surreptitiously stolen
via the internet.
Regulatory History
Genesis of the Standard
Final PSD2 Legislation at Ratification adds:
‘For remote transactions, such as online
payments, the security requirements go
even further, requiring a dynamic link to
the amount of the transaction and the
account of the payee, to further protect
the user by minimising the risks in case
of mistakes or fraudulent attacks.’
Regulatory History
Genesis of the Standard
Final PSD2 Legislation at Ratification adds:
‘For remote transactions, such as online
payments, the security requirements go
even further, requiring a dynamic link to
the amount of the transaction and the
account of the payee, to further protect
the user by minimising the risks in case
of mistakes or fraudulent attacks.’
WTF?!
Regulatory History
What Techniques Fit?!
Could use a CAP reader to digitally sign
every transaction?
Regulatory Strategy Update
November 2016
Payment Systems Regulator’s Strategy
Forum
Solution 4: Guidelines for Identity
Verification, Authentication and Risk
Assessment
5.75. We will align with current industry
initiatives (e.g. Mobile Identity Authentication
Standard (MIDAS) or Electronic Identification
and Signature (eIDAS)) during the initial design
phase.
Regulatory Strategy Update
July 2017
Payment Systems Regulator’s Strategy
Forum
Solution 7: Trusted KYC Sharing
Blueprint for Future of UK Payments
• Trusted data
• KYC as a utility
• Financial crime intelligence
BEIS Consultation closed August 2019
Next steps due shortly (post-purdah)
Real-time Checks on Companies
Importance of real-time intelligence in securing against fraud & AML
Credit,
Kompli-Global
QED
PAS 499
British Standards
Institution (BSI)
Publicly Available
Specification (PAS)
Code of Practice for
Digital Identification and
Strong Customer
Authentication
499 – why 499?
Industry Reponse
UK Finance Adoption of PAS 499
September 2018
Announcement that PSR agree that
PAS499 meets UKF deliverable
Standard Publication
Final Publication of PAS 499
July 2019
Financial Sector joined by HM
Government in support
• Cabinet Office
• National Cyber Security Centre
• Barclays
• Citibank
• Lloyds Banking Group
• British Telecom
• inter alia …
Government Crime Plan Launched
Publication of Economic Crime
Commission plan
July 2019
• Inter-departmental
• International
• Public/Private Partnership
Alongside Asset Recovery Action Plan
Regulatory Updates
SCA milestones and ‘Mock Exams’
October 2019
Yet many organisations still not taking
it seriously
• Financial Services themselves
• Security solutions to FS companies
• Tech providers to Security solutions
• Investors in all of the above
Liabilties?
• Penalties under– GDPR?
– AML5?
– NIS?
– PSD2
Real-world Contexts
Caveat Emptor
Could use a CAP reader to digitally
sign every transaction?
Too much security and lose customers
Could just use OTP over SMS?
Too little security and lose customers
Could use biometrics?
Poor implementation and lose customers
Real-world Contexts
BBC News website
18th October 2019
Real-world Contexts
BBC News website
18th October 2019
Barclays Bank Customer Text Alert
13:57, 23rd October 2019
Samsung are working to fix a known
issue with the Fingerprint recognition
feature on S10 devices. Whilst they do
this, we recommend disabling
Fingerprint login on your Barclays app.
Please use your 5-digit passcode for now.
We'll be back in touch to let you know
when to switch it back on. Your Barclays
Team
Real-world Contexts
Your risk assessment? Meet Standards? Accredited?
Real-time Contexts
When was your last risk assessment?
Have standards changed?
Has ownership changed?
Has their jurisdiction or governing legislation changed?
Are they now proscribed?
When did you check?
Where did you check?
How good is the data?
Who checked?
Who benchmarked?
So where do losses or
liabilities fall?
Real-world Contexts
Caveat Regulator
Could insist on onerous security tech?
Lose customers, lose market value
Could allow ‘new’ security?
And find the vulnerability was known in
the 1990s
Could enable novel biometrics?
But think through potential sensitive data
issues involving other regulators
Global Take-Up
Global standards bridging:
AML-x
eIDAS
PSD-x
GDPR
et al …
Parliamentary updates
Treasury Select Committee
1st November 2019
Full security recommendations to be
completed by2021, including ability to
identify party A – party B, including
financial crime intelligence.
European Commission proposal
11th November 2019
Consideration to legislate for
introduction a system by 2024,
with ability to identify Member
state of party A – party B, to check
cross-border VAT discrepancies.
International Identity Perspectives
International Outlook
October 2019 and on …
UK Standards presentations
CASE STUDY
15:45 – 16:00
#IDSumLon2020
Self-Sovereign Identity
A case study from the NHS
Dr Manreet Nijjar Co-founder of Truu
Decentralised/Self Sovereign Identity in the NHS: Digital Passports for Doctors
Dr Manreet Nijjar Mb ChB MRCP (Infectious Diseases)
Identity Summit London 2020
Consultant Physician In Acute Medicine & Infectious Diseases
Clinical Entrepreneur Fellow
CEO & Co-founder
Burden on clinical staff
Admin time for repeated identity and pre-employmnet checks
Timely multiple sign on into systems
Patient Safety
Verifying Identity and skills of temporary and permanent clinical staff
Organisational Risk and Operational Inefficiencies
Failure of checks and time to onboard healthcare staff
A Digital Passport for Identity and Pre-employment checks
The Digital Passport provides trusted identity for passwordless
single sign-on
Hu
man
Tru
st
Issuereg General Medical Council
Verifiereg Hospital
Holdereg Doctor
VerifiableCredential
Proof
Trust
LAYER 3: Credential Exchange
Cry
pto
grap
hic
Tru
st
LAYER 2: Agent-to-Agent Protocol
LAYER 1: DID Networks
Public Distributed Ledgers Public Blockchains ( Permissioned or Permissionless)
Public DIDs ( Decentralised Identifiers)
Agent + Wallet Agent + Wallet
Connection
LAYER 4: Governance Frameworks
Domain Specific Framework
Adapted from Sovrin Glossary V2 Sovrin stack https://sovrin.org/library/sovrin-governance-framework/
2018 Discovery & Alpha
2019 Pilot
20 real doctors
Physical to digital interface
Issuing and verifying verifiable credentials
Passwordless sign on in to clinical systems
Evernym connect.me
Viruses 2019, 11(8), 758; https://doi.org/10.3390/v11080758
Confidentiality
Consent & Autonomy
Justice
Privacy by design
Individuals right to control and share their data
Solving this problem can benefit not only the wider healthcare ecosystem but society
GP /Family Doctor
Procedures, treatments
SpecialistDoctors
Drugs/Medications
Hospitals
Family
Insurers
EHR/Medical Records
Diagnostics Wearables
Medical devices/equipment
Scientists/Researchers
Pharmaceuticalcompanies
Nurses
Academia/Universities
Allied Health Professionals
Pharmacist Pharmacy
Patients
Consent
Decentralised digital identity in healthcare: the foundations of a new era of trusted relationship between individuals, organizations and clinical things.Decentralised Identity Book Manning publication ( Under review) Knowles P, Nijjar M
Acknowledgements
Andrew TempleMartyn McKechnieChris WestwellHameed MamaniatPhilip Graham
Andrew TobinVladamir VujovicJames MonaghanJamie Smith
Dr Maurice Conlon Melanie WhitfieldDaniel Elkins
Philip StradlingDr Sam Shah
Will AbramsonJames BroganOctavia CouttsDr Henry Goodier Simon WickesSteve Yoo
Danny StrockisGiri TharamanantharSimon HartAnkur Patel
Sean Corrigan Kamran Chaudhary
Phil WindleyDrummond ReedHeather Dahl
Philip GillShaun FletcherAnthony Wilson
Smarter Identities. Simpler Relationships. Better Care.
@truu_id truu [email protected]
KEYNOTE
16:00 – 16:25
#IDSumLon2020
Identity in UK Finance
Martin Ingram Royal Bank of Scotland
Identity in UK Finance
Martin Ingram, Product Owner IAM, RBS
How we will use Biometrics
• Policies that adapt to threat level
• Mobile
• On-line Banking
• Branch
• Call centre
Isolation or Openness?
In Conclusion
• There will be many more authenticators and they will change more quickly
• Identity will become a business enabler rather than a necessary evil through the orchestration of Customer journeys and the management of Trust
Thank you.
PANEL
16:25 – 17:05
#IDSumLon2020
Self-Sovereign Identity
Bring Your Own Identity
Shelley BryenDirector, Marketing of WorldReach Software
Dan JohnsonVice President, Identity Products, Mastercard
Dr Manreet NijaarCo-founder of Truu
Andy TobinEuropean Managing Director, Evernym
NEXT EVENT
15 – 16 September 2020
IDENTITY FUTURES
LONDON 2020
Featuring:
Biometric Summit
Identity Summit
Two-Day Exhibition & Conference
Two Summits Under One Roof
Identity Futures London 2020