Monthly Archives

November 2022

Digital Trust World 2022 – Multi-Factor Authentication Done Right

By | Digital Trust World 2022 | No Comments

Multi-Factor Authentication Done Right

Following on from our major autumn event, Digital Trust World 2022, held in London on Monday 21 November, we would like to share the thoughts of our Authentication & Privacy sponsor, Anonybit, as they walk us through how to get Multi-Factor Authentication right. The article was written by Frances Zelazny, Co-founder and CEO of Anonybit. This article is taken from the Digital Trust World 2022 brochure which can be viewed here.

Multi-Factor Authentication (MFA) is the latest buzzword for protecting users and assets. But the fact is, there are a lot of misconceptions about what actually constitutes an effective MFA strategy. Case in point: A recent study of 500 financial organizations worldwide found that there is broad confidence in their security departments’ approach to authentication, with 90% saying that their approach is mostly or completely secure. Yet, 80% of them were breached in the last 12 months due to weak authentication. 

To understand where most common MFA methods fall short, let’s review the common attack vectors to bypass them:

Passwords, PINs, and Knowledge-Based Questions: These knowledge-based authentication factors are not even considered multi-factor authentication. The means to gain access to them are numerous, ranging from phishing web sites, or buying troves of compromised credentials to impersonate victims.

SMS Messages and One-Time Passcodes (OTPs): SMS can be spoofed in multiple ways, for example via SIM swaps, which occur when a victim’s phone number is ported to another SIM card that the attacker has in his phone. More commonly, the codes are phished or social-engineered – just like a password.

Device Identification: Device Identification (Device ID) is a passive authentication method that binds users to specific devices and relies on device attributes to associate ownership. This problem with this approach is that device identification does not equate to identification of an account owner trying to gain access to a service. 

Device Biometrics: With device biometrics, a selfie or fingerprint is used to release a cryptographic key that authenticates the user into an app or service based on FIDO protocols. However, like device identification, device biometrics does not bind the account owner to the account itself. In addition, the fallback of device biometrics in most cases is a password or PIN code.

Getting MFA Right

Establishing correct implementation of MFA requires taking a broader look at how trust in a users’ identity is established and maintained. Today, organizations employ a stack of solutions to orchestrate a users’ journey beginning with digital onboarding, which generally involves verification of a holder’s identification credentials and selfie comparison. Once the identity has been verified, a user will typically be invited to create a username and password to access and utilize an online service.

This is the root of MFA failure. Getting MFA right requires biometrics to be collected at onboarding and leveraging the biometric as the anchor of trust for further authentications. The trick is to do this without creating privacy and data management burdens for the enterprise. 

With new technological breakthroughs and well thought out system design, these challenges are being overcome. For example, Anonybit’s MFA solution leverages multi-party computing and zero knowledge proofs to preserve biometrics privacy while connecting the different elements of the identity journey in a seamless manner. Selfies captured during the onboarding process are ingested into the Anonybit system, sharded for storage and kept in a decentralized manner for downstream authentication. Used at login, to verify transactions, enable self-service account recovery and other step up authentication actions, the platform’s APIs seamlessly communicate with different orchestration platforms. Device, phone number, and other factors are linked to the user’s biometrics for secure MFA and compliance.

Click here to learn more about Anonybit’s biometric MFA solution.

   

Digital Trust World 2022- Fraud Management Insight

By | Digital Trust World 2022 | No Comments

On Monday 21 November in London, Digital Trust World 2022 brought the digital trust community together to discuss the latest developments in digital onboarding, digital identity, authentication & privacy, and fraud management.

Leading the fraud management session, was Clare Messenger, Head of Fraud Protection Services at JT International.

Clare led a panel of fraud experts from UK Finance, Cifas, Vodafone and FICO to discuss how the industry can counteract the latest digital fraud threats. Clare shared her thoughts on this important topic in the Digital Trust World 2022 brochure and this is reproduced in this blog post. You can access the full brochure online here.

MANAGING DIGITAL FRAUD

The adoption of a digital-first approach, that has been accelerated during the pandemic, has led to consumers becoming increasingly accustomed to communicating with businesses and organisations online. While this has created more opportunities to engage with customers, provided us all with greater convenience, and ensured that life continues through times of crisis, it has also created vast opportunity for criminals.

The volume and variety of online fraud predicated by this digital-first approach continues to accelerate at an alarming rate. From identity fraud, SIM Swap/account takeover and smishing, to Authorised Push Payment fraud, pension and investment, and romance frauds, the list goes on.

As our digital footprints have become deeper and more complex, the skill and ingenuity of fraudsters has advanced. Rather than lone wolves gifted with extraordinary skills as its all too often portrayed, digital fraud has become the domain of organised crime. Well prepared teams of fraudsters can be articulate, financially knowledgeable and armed with credible resources. Organised crime groups have brought with them ever more elaborate ways to defraud their victims, including the alarming threat of insiders being recruited, and the use of bribery of vulnerable targets to aid in criminality.

All of this now means that any one of us can become a victim, no matter how technically or financially savvy we may be. This was illustrated in 2019 as fraudsters took control of former Twitter CEO Jack Dorsey’s phone number through a SIM Swap scam. Despite this well documented example of a high profile individual being duped, many people still don’t know just how prevalent SIM swap fraud has become. In the UK SIM swap fraud increased by 400% in the five years between 2015 – 2020, with losses of £10m.

Half of the world’s total population own a smartphone, and two billion of these individuals are using mobile banking. Approximately 87% of all banking customers today use mobile devices as their primary method of accessing services, providing greater opportunity for cybercriminals.

Although online fraud and scams are seen as lower risk alternatives to traditional crime by fraudsters, with the threat of a global recession looming a sharp increase in fraud is expected as more join the fraudsters’ ranks to earn some money.

The data processors and controllers of our personal information need to double down to address one of the most pressing issues of our times. We know that security and control tools are among the top features users say they want in mobile banking apps, signifying that businesses need to find a way to protect their customers against SIM abuse while still providing the best digital customer experience.

Speaker Announcement – Leah Birch – Cifas

By | Digital Trust World 2022 | No Comments

We are excited to announce that Leah Birch, Product Marketing Manager, Cifas, is speaking at Digital Trust World 2022 in London on 21 November.

Leah is hosting a lunch and learn session in one of the venue’s executive meeting rooms. Grab some lunch and join Leah as she details who Cifas are and exciting news about a new digital learning product, Apollo.

Despite an eclectic background working in museums, universities, welfare to work and a family solicitors, Leah has been on the frontline of communicating the threat of fraud with Cifas for nine years. An English graduate, she specialises in taking complex, technical subjects and transforming them into easy-to-understand, accessible concepts using clear language and messaging. She has been a core member of three project teams that were commended, nominated for, or won major awards: the Museum and Heritage Awards; the Art Fund Prize; and the CIPR Awards.

Session Announcement – Lunch & Learn with Cifas

By | Digital Trust World 2022 | No Comments

We are excited to announce a new session at Digital Trust World 2022 in partnership with the UK’s leading fraud prevention community, Cifas.

Leah Birch, Product Marketing Manager, will be hosting a lunch and learn session in one of the venue’s executive meeting rooms. Grab some lunch and join Leah as she details who Cifas are and exciting news about a new digital learning product, Apollo.

Systems and processes are only as trustworthy as the people behind them. Cifas, UK leaders in fraud prevention, have created game-changing digital learning called Apollo, which delivers universal fraud training to your entire organisation. Apollo is a living, learning environment that prioritise behavioural change over ‘tick box’ learning, enabling your people to defend themselves and your business against a range of threats – from identity theft and social engineering, to the insider threat and online attacks. This talk will explain how your staff can be your organisation’s weakest link or its strongest defence, and demonstrate how Apollo can empower all your workforce – from C-suite to reception – to fight fraud.

Join us at Digital Trust World 2022 in London on Monday 21 November by registering today.

Speaker Announcement – Sam Ingrey – Cifas

By | Digital Trust World 2022 | No Comments

We are delighted to announce that Sam Ingrey, Head of Information Security at the UK’s leading fraud prevention community, Cifas, is joining the Fraud Management panel at Digital Trust World 2022 in London on Monday 21 November 2022.

Sam is the Head of Information Security at Cifas and has a wealth of knowledge and experience in InfoSec. Sam leads the development and maintenance of Cifas’ Information Security Management System (ISMS) which is certified to ISO 27001. This includes the InfoSec policies, standards, and processes that help protect Cifas against both the insider threat and external attack. Sam provides InfoSec risk assessments, as well as general security advice and guidance across the business, protecting Cifas’ information assets and systems, and reputation with its members and stakeholders. Prior to joining Cifas, Sam worked in Digital Forensics, and was an InfoSec and Data Privacy Consultant.

Sam joins UK Finance, JT International, Vodafone and FICO on an expert-led panel that will discuss the latest developments in managing digital fraud including the rise of Authorised Push Payment (APP) fraud.

With one week to go until the only conference dedicated to digital fraud, there are a limited number of delegate tickets available. Please visit our dedicated event website for more information in how you can attend.

Speaker Announcement – Dr Chris Allgrove

By | Digital Trust World 2022 | No Comments

We are delighted to announce that Dr Chris Allgrove, Director and co-founder at Ingenium Biometrics, is speaking at Digital Trust World 2022 on 21 November in London.

Chris is giving his expert opinion on two separate sessions at the conference, “Digital Identity” and “Authentication & Privacy”.

Chris has been working in identity and biometrics for 25 years, having initially received his PhD in electronics, specialising in the application of biometrics, from the University of Kent where he was a researcher in computer vision research group. Chris is presently an expert independent advisor to a range of UK and international clients on the user of biometrics in digital identity, as well as more widely around identity authentication.

Chris previously worked in the UK Government with the National Cyber Security Centre (NCSC, part of GCHQ) where he was Head of Identity in Government and managed the NCSC teams responsible for identity and biometrics.

Chris was an internationally-recognised subject matter expert in the field of biometrics. He headed a research team investigating the performance and vulnerabilities of biometric systems, in support of the work of the NCSC and GCHQ as the UK Government National Technical Authority.

Chris was the author of NCSC’s guidance on the use of biometric systems, and a subject matter expert contributing to NCSC’s password guidance, end user device guidance and other identity and cybersecurity publications. In addition to his work in the NCSC, Chris was also the co-chair of the Cross Government Identity Standards Group within the UK government and worked at the Identity and Passport Service advising on identity, biometrics and PIV cards.

Chris is an active member of the Biometrics Institute, an international body promoting the responsible and ethical use of biometrics, and has been a member of the UK national committee IST/33/5 on identity and biometrics, responsible for UK contributions to ISO SC27 WG5″.

There is still time to register to attend this conference by registering here.

Digital Trust World Session Spotlight – Authentication & Privacy

By | Digital Trust World 2022 | No Comments

Monday 21st November 13:30-15:00 GMT

Title: Balancing Security / Privacy and Accuracy of Authentication Technologies in a Volatile World

This session, moderated by Chris Burt, Editor, Biometric Update, includes keynote presentations from authentication and privacy experts from the world of technology and business. Chris will ask the panel their views on how organisations can meet data protection / privacy regulation whilst ensuring that they effectively, and securely, authenticate users, without adding too much friction into the user journey.

Chris is joined by Orlando Martinez, VP of Business Development at Anonybit, David Rennie, Digital Identity Platform Service Owner at IDEMIA, Allister Fraser, Digital Identity – New Business Development at BT / EE, and Chris Allgrove, Director and Co-Founder, Ingenium Biometric Labs.

Speaker presentations will be followed by a live Q&A session with the panel.

Register to attend Digital Trust World 2022 here.

Digital Trust World Session Spotlight – Digital Identity

By | Digital Trust World 2022 | No Comments

Monday 21st November 11.30 – 12.30 GMT

Title: What do the latest UK and EU Digital Identity initiatives mean for business and what does business need from a portable verified digital identity

Join a panel of five digital identity experts as they explore the latest digital identity initiatives in the UK and EU and discover the impact on business from identity and verifiable credential frameworks.

Our speakers include Hannah Rutter, deputy director of digital identity at the UK Government’s Department for Culture, Media and Sport (DCMS), Dr Chris Allgrove, co-founder and director of Ingenium Biometrics, Dan Johnson, VP Identity Products at Mastercard, Jonas Ingelstrom, co-founder and CEO of Svipe, and Greg Crosby, Senior Account Executive at Incode.

Hannah Rutter will outline the latest developments in the UK Governments Digital Identity and Attributes Trust Framework with the announcement of live deployments and the first certified Identity Services Providers (IDSPs).

Speaker presentations will be followed by a live Q&A session with the panel.

Register to attend Digital Trust World 2022 here.

 

 

 

Speaker Announcement – Hannah Rutter – DCMS

By | Digital Trust World 2022 | No Comments

We are very privileged to announce that Hannah Rutter, Deputy Director, Digital Identity, Department for Culture, Media & Sport (DCMS), is speaking at Digital Trust World 2022. Hannah will join the digital identity session and speak on the latest initiatives from the UK Government on digital identity.

Hannah is an experienced civil servant with a track-record of using innovative approaches and new technology to improve public services. Her time in the Cabinet Office’s Government Innovation Group saw her driving new policy-making tools across Whitehall and establishing the world-leading UK Policy Lab. In DCMS she has led on various digital and data projects, bringing together citizen, economic and government needs. Since joining the Digital Identity Team in 2019, Hannah has become obsessed with the possibilities for digital identity for the whole UK economy and is excited to be part of driving it forward.

Digital Trust World takes place in London on 21 November 2022 and you can register to attend here.