This is a talk from Sebastien Taveau, from Validity. He starts by reminding password and PIN issues, and how they are becoming liabilities very quickly. In addition, every person has several identities online, which are more or less related to each other. Authentication systems in use of Internet have no way to relate services to a true owner, which would require the use of natural identity, such as biometrics.
The generic goal of companies is to do xCommerce, leveraging information such as your location, the device you are using, the time of day (no pitch for cocktails at 6am, please), your purchase history, and even an idea of your preferences as you stated them in your profile. If everything goes well, you will end up buying something, and paying for it. That’s where the wallet comes in. About your wallet, there are two schools of thought: cloud-based (eBay, card not present, connected), and proximity (Isis, card present, offline).
Authentication is key there, although it is not easy. Users log in from various devices, including shared ones, several users may log in on the same device, like in a family, and you can mix these things with work by bringing your own device (BYOD). Taveau even introduced BYOT, a new concept to me, standing for Bring Your Own Token, where your identity is personal and reused at work.
In many of the new schemes, security is based on who you are and wheree you are, which are much stronger than just a card or just a password. Confirming the presence of the user is something important and valuable. The device tells where you are and what you have, you can bring who you are through biometry, or what you know through a password.
For payment providers, revenues can increase by reducing churn and fraud. Cart abandonment is a big issue online, where over 65% of transactions are abandoned. On mobiles, each additional screen increase carat abandonment by 15%. What that means is that online providers like Amazon and their 1-click transaction have things to bring to the physical world by easing transactions.
Fraudulent transactions are also an issue, with big discrepancies between online and physical transactions, and nobody wants to reproduce the fraud rate of online transactions in the physical world.
Valaidity sees the future of payment with natural identity authentication, i.e. biometry. The proposed way to authenticate is interesting, by integrating the fingerprint sensor in the “on” button. This way, turnong on your phone also authenticates you. If this can work, I agree that it would be a nce breakthrough in favor of biometry. Of course, this wouldn’t solve all the issues, so Validity is thinking about adding other biometric checks, like voice recognition, kinetics, and more.
Not sure that this would be sufficient, but I really like the idea of using biometry in the background to authenticate ourselves. Of course, we need to make sure that we don’t get in Big Brother mode, but even if we still need to get our secure token out for the 10% most senitive transactions we do, usingnthis kind of natural authentication would get us one big step closer to the objective of security that is here without having to donanything about it.
No Comments