Biometrics for Payments – Continuous Innovation in Payment Security

By | Blog | No Comments

Continuous innovation in payment security is necessary to counteract fraud and to support smooth customer journeys across new payment channels and biometrics is being increasingly adopted to support these aims.

Payment fraud levels have been rising significantly. In the first quarter of 2024, the UK’s Financial Ombudsman Service reported a record high of 8,734 fraud and scam complaints, with over half related to authorised push payment (APP) scams. In Europe, the European Banking Authority (EBA) and the European Central Bank (ECB) reported that payment fraud in the European Economic Area amounted to €4.3 billion in 2022 and €2.0 billion in the first half of 2023. Payment fraud levels in the USA have also been notably high. In 2023, 80 percent of organisations experienced payment fraud attacks or attempts, a significant increase from the previous year. Additionally, consumers reported losing over $10 billion to various fraud schemes, with investment scams leading the losses at more than $4.6 billion. Credit card fraud remains a major issue, affecting 60% of U.S. credit card holders[1]. In 2023, 52 million Americans experienced fraudulent charges on their credit or debit cards, totalling over $5 billion.

Innovation in payment security has a positive impact in reducing fraud. This is proven. The introduction of Strong Customer Authentication (SCA) under the revised EU Payment Services Directive (PSD2) in January 2021 has had a significant impact on reducing payment fraud. According to a joint report by the European Banking Authority (EBA) and the European Central Bank (ECB), the total value of fraudulent transactions in the European Economic Area (EEA) was €4.3 billion in 2022, but it decreased to €2.0 billion in the first half of 2023 after SCA was deployed.

Similarly, the introduction of Chip and PIN technology to payment cards has significantly reduced payment card fraud, particularly counterfeit fraud. According to reports[i], the implementation of EMV chip cards has led to a 54% reduction in counterfeit fraud costs for retailers who have completed or are close to completing the transition to EMV technology. Additionally, some card issuers have reported an average reduction of 50% in counterfeit losses since the deployment of EMV chip cards[ii].

My own experience of working in payment security for companies such as HSBC, Citibank, and BACS (UK payment system) mirrors this. My work in developing PKI-based security solutions for these financial services providers has enabled me to see how well-designed and deployed security solutions can reduce fraud and improve usability.

I use my own industry and technology experience when researching and evaluating security technology at Goode Intelligence. In my latest report covering the market for biometric technology for payments[iii], I have used my industry experience to evaluate the market for biometric technology in the payments sector. Fundamental to this work was an exercise to determine a typical end-to-end payment process and then map where biometrics is being used to support modern methods of payment delivery and to counteract fraud attacks, increasingly AI-driven.

In the report, I segmented a typical consumer payment process into three main parts (end-to-end lifecycle), from onboarding payment customers (Identity Verification), payment transacting, and fraud management.

The report discovers that biometrics are ubiquitous in all parts of the payment process and are being used to support all three main parts of the payment process:

  1. To prove a new payment customer’s identity when onboarding (Identity Verification);
  2. To authenticate a payment user for both digital and physical payments, to approve higher-risk / higher-value payments (step-up or re-verification); and
  3. To detect and prevent fraud.

To support this model, payment service providers are turning to the most appropriate biometric modality to match the specific requirements of the payment process and payment channel. For instance, face liveness and matching for onboarding, on-device fingerprint authentication for eCommerce payment authentication and palm authentication for physical (POS) payment authentication, server-side face biometrics to support higher-risk / higher-value payments, and behavioral biometrics to support risk-based orchestration models and fraud management platforms.

Outside of these core payment processes are other applications that are emerging and leverage biometric technology. This includes age assurance, where as part of the payment process for age-restricted goods and services (adult content, alcohol, medicines, and knives), biometric technology is used to prove age.

The report also delves into the impact of emerging digital identity technology. There are scenarios where emerging digital identity solutions, including Digital Identity Wallets and Verifiable Credentials (VCs), are used to support the payment processes. Verified credentials, including PII such as data-of-birth, contained in a digital identity wallet can be used prove identity and to authorise restricted goods / service payments. Access to the wallet can be controlled through liveness checks and biometric authentication. I explored the symbiosis between digital identity and payment In the 2024 Goode Intelligence market analyst and forecast report, “Travel Digital Identity – Seamless Travel Powered by Digital Identity”[i] where a digital identity issued by an Identity Services Provider or an Airline, in partnership with airports, can be used at the airport to facilitate payments.

The same model can be applied to sports stadia. For the sports market, there are also examples where branded biometric cards can be used to support ticketing, loyalty, and payment.

An important question that the report attempts to answer is whether biometric technology has the ability to turbocharge future payment services that forego the use of a payment token (card or smart mobile device) – tokenless or naked payments, where a biometric sensor is embedded into a payment (POS) terminal. This is enabling new channels to open up, including automotive (in-car payments) where the ability to make a payment whilst driving is supported by, largely, touch-free biometric payments including face and voice.

The report predicts that there is a bright future for tokenless biometric payments. With ever increasing improvements in the performance of biometric systems they could become good enough to be used on their own without a token to authenticate customers and approve payment transactions – the pay by me revolution. When this will become dominant and replace token-based payments is currently difficult to answer but we are forecasting that by 2030, 337 million people globally will use tokenless payment solutions. The emergence of Amazon One, J.P. Morgan’s partnership with PopID,  and Chinese examples of WeChat Pay and AliPay offers a peak into the future of physical retail stores that could be replicated for mass transit travel (ticketing), events, car rental and car ride-sharing and sports stadia (Hybrid ticketing/loyalty/payments).

In the meantime, biometrics for payments is increasingly a vital part of a payment service providers’ toolkit in the never-ending task of reducing financial fraud and ensuring that their customers can conveniently prove their identity and authorise transactions when paying for trillions of dollars’ worth goods and services in a variety of payment channels. Supporting customers for the entire payment journey in both physical and digital scenarios from onboarding to new payment services, authentication, transaction authorisation and fraud detection.

[i] https://www.goodeintelligence.com/report/travel-digital-identity-seamless-powered-by-digital-identity/

[1] https://www.security.org/digital-safety/credit-card-fraud-report/

[i] https://www.pymnts.com/news/emv/2016/mastercard-fraud-costs-emv-impact/

[ii] Counterfeit Losses Drop 47% As Retailers Bring Up EMV – Frank on Fraud

[iii] https://www.goodeintelligence.com/report/biometric-payments-market-technology-analysis-adoption-strategies-and-forecasts-2025-2030/

Travel Digital Identity – Seamless Travel Powered by Digital Identity

By | Blog | No Comments

Imagine an industry where you can book tickets, store them securely, and then walk from the entrance to your destination seamlessly and securely without having to show tickets and identity documents. Then, when you arrive at your destination, collect a hire car and then walk into your hotel room without lengthy queues and having to present driver’s licenses or passports.

This industry is the travel industry, and this scenario is available now – not a vision for tomorrow.

Biometric Enabled Seamless Travel (BEST) is being used today by millions of people around the world and in a recently published report from Goode Intelligence investigating the market of travel digital identity, we forecast that by 2029 over 1.27 billion travellers will be benefiting from digital identity issued by both governments and commercial organisations including airlines, train operators, and sea travel operators.

This is all happening in an industry with some of the strictest security requirements on the planet. If travel can meet the needs of convenience and security, then other industries can surely learn and benefit from its example.

Biometrics is a key enabler for digital travel identity and is an important area for the reports coverage. From remote selfie-based identity verification on your smart phone, to self-bag drop, accessing VIP lounges, getting through security, concession-shopping, and boarding your plane, train or cruise ship, biometrics is enabling the seamless travel experience.

For government issued and managed digital identity, ICAO’s Digital Travel Credential (DTC) standard is supporting the migration from physical document to digital travel identity. There are promising signs for DTC with several pilots and actual live deployments for DTC Type 1 around the world proving and testing the technology. For DTC Type 1 (eMRTD Bound), the DTC is generated by the user on their smart phone or from a self-service kiosk by reading the chip in the passport. Travellers still need the physical passport to pass through border control. The goal is to have DTCs that can be used on their own, in a same way that digital payments can be used on smart phones without the physical card being present. ICAO has devised a roadmap for this to happen with DTC Type 2 (electronic Machine Readable Travel Document (eMRTD)-PC bound) leading to DTC Type 3, issued without the need for an eMRTD. This means the DTC is entirely contained within a separate component (DTC-PC) and is not directly linked to an eMRTD.

According to the many travel identity experts that I spoke to as part of this research, we are probably five to 10 years away from DTC Type 3.

Of the 1.27 billion travellers that will benefiting from travel digital identity by 2029, 725 million will be air travellers using digital identities issued by commercial organisations, predominantly airlines. IATA One ID was cited by many travel identity experts as an important initiative to provide guidance and a framework for non-government issued digital travel identity. By 2029, we believe that a decent percentage of commercial-issued travel digital identities will be based on IATA’s One ID framework to ensure interoperability and, importantly, a common user experience for air travellers.

Travel offers a great test bed for the wider digital identity market and has been a key sector for growth.

A travel digital identity is your identity information stored electronically in a way that can be used for travel purposes. It can encompass different things, depending on the specific system:

  • Biographic details: Basic information like your name, date of birth, and nationality.
  • Biometric data: This could include fingerprints, facial scans, or iris scans.
  • Digital documents: Electronic versions of your passport, visa, or health certificates.

The main goal is to create a secure and convenient way to verify your identity throughout your travels.

The future is bright for Travel Digital Identity with Goode Intelligence forecasting that by 2029, Travel Digital Identity will be generate over $4.6 billion in revenue with a CGAR of 22 percent over the six-year period.

This puts the sector at the vanguard of Digital Identity adoption globally – outperforming other sectors for growth.

Travel is offering a blueprint in how to digitise identity and provide realisable benefits that that can be replicated by other sectors. Travel offers a great test bed for the wider digital identity market and has been a key sector for growth offering a template for how digital identity can be at the centre of the seamless customer experience. From onboarding and remote identity verification.

It is a sector based on highly secure core infrastructure that is managed by suppliers that are not afraid to embrace cutting-edge technology such as biometrics, digital wallets, and verifiable credentials.

The expected growth is based on strong foundations, a combination of:

  • Global interoperable standards established by industry bodies such as ICAO (driving ePassports and Digital Travel Credentials (DTCs) and IATA (driving One ID).
  • The ePassport, has established itself as the prime internationally recognised identity documents for identity verification – packed full of physical and digital security features that are simply unparalleled in trusted identity and backed up by ICAO’s Public Key Directory (PKD).
  • A compelling business case that benefits all parts of the ecosystem from travellers to governments, travel operators and transport hubs, provided by established technology providers.
  • AI-powered biometric technology that is based on international standards and certification authorities that is accurate, resistant to presentation attacks including deepfakes, and can operate in the cloud and at the edge.
  • The emergence of standards-based Digital Wallets and Verifiable Credentials (VCs) that supports Biometric Enabled Seamless Travel.

If you want to discuss this research, I would be happy to discuss this on a call – reach out via LinkedIn linkedin.com/in/alangoode.

You can find out more about the recently published Goode Intelligence Market Analyst Report “Travel Digital Identity – Seamless Travel Powered by Digital Identity” by checking out our website. https://www.goodeintelligence.com/report/travel-digital-identity-seamless-powered-by-digital-identity/

Thank you, Alan.

WHAT CAN YOU DO WITH DIGITAL IDENTITY

By | Blog | No Comments

What can you do with digital identity is a fundamental, probably critical, question for the industry to answer. It probably should be top of pack for any company thinking of standing up a digital identity solution, as without it you will have created a boat without paddles or a sail. It may look good and be technically sound, but it won’t get you too far. Metaphor aside, if a digital identity solution does not solve an immediate problem and lacks a scalable business plan, then it will quickly lose momentum and become obsolete. This is, of course, true of any technology or business, but is acutely relevant to the digital identity industry.

This is one of the important findings from a report that I have authored, the second edition of the Goode Intelligence Digital Identity report which was recently published and covers the market for verified citizen and commercial digital identity.

In the four years since the first edition of the report was published in 2019, there has been a growing realisation that you cannot stand-up a digital identity scheme or solution without successfully answering these three questions:
1. Does it solve a real-word problem?
2. Will people use it?
3. How can I make money out of it?

The third question is critical to privately run identity systems/schemes.

A failure to answer these questions has effectively ended Self-Sovereign Identity (SSI). The theory that people would choose to download a wallet or generate their own digital identity and then use this identity with a variety of relying parties, including governments, has not been successful. There are of course other reasons, but fundamentally in building solutions without a direct link to benefit (both user and business) there is little appetite for them.

So, what can you do with digital identity and where are we seeing success and growth. With the emergence of digital identity wallets and verifiable credentials there are three new categories that are added to our list from 2019, Employee ID, Healthcare ID, and Digital Qualifications.

Our top eight use cases and applications for Digital Identity in the six-year period that the report covers, 2024-2029 are:
1. Identity Verification: Supporting remote customer onboarding.
2. Access to eGovernment services: Providing a single digital identity to access cross-department digital government services including eVoting
3. Assured Authentication: When the digital identity is highly assured and issued after strong identity and document verification then it can be used for assured authentication
4. Digital Travel: Including, Mobile driving licenses (mDL), Kerb(couch)-to-Gate for airport, rail, and boats.
5. Age Verification: Including Offline – used in bars and clubs instead of a paper document, and Online – used to ensure access to adult (age restricted) digital content and services is upheld.
6. Digital Signature:  Supporting smart contracts.
7. Employee ID: Digitising employee records and career history by exploring the capabilities of verifiable credentials.
8. Healthcare ID: Including healthcare professionals, including qualifications and experience, Patient ID, Healthpass (COVID19)

The second edition of The Digital Identity Report, published October 17 2023, is a comprehensive 272 page study that includes a review of current global adoption, market analysis including key drivers and barriers for adoption, interviews with leading stakeholders, technology analysis with review of key technologies and profiles of companies supplying solutions across key verticals plus forecasts (regional and global) for digital identity users, key technologies, and revenue within the six-year period 2024 to 2029.

More information can be found on the report page.

Beyond compliance: comply and thrive in a PSD2 world

By | Blog | No Comments

Goode Intelligence recently published a white paper aimed at fraud and security professionals that are responsible for the roll-out and management of PSD SCA solutions.

The white paper, “Beyond Compliance: Comply and Thrive in a PSD2 World”, investigates how behavioural biometrics can enhance Strong Customer Authentication (SCA) deployments and resolve issues that have become apparent now that SCA is mandatory across the UK and the EU.

It is aimed at banks and Payments Service Providers (PSPs) that are now SCA compliant who want to discover what is next now that they are SCA compliant.

SCA adoption is high

The payments industry is at the start of its journey with implementing SCA and has rightly focused on being compliant with local SCA regulation. The percentage of transactions processed through SCA-compliant authentication rails is high in Europe with 92 percent of authentication requests being SCA compliant.

SCA has reduced payment fraud

SCA was introduced to reduce payment fraud within Europe and there are indications that this has been the case. Fraud rates are declining in regions that have implemented SCA. The EBA has confirmed that the average value of fraudulent card transactions across the EU has fallen by 50 percent for issuers between June 2020 and April 2021 (0.12 percent to 0.06 percent).

Fraud rates down – at what cost?

This is incredibly positive news but there have been documented issues with the deployment of SCA technologies that include an increase in transaction failure rates (payment attrition), rejected transactions and abandonment in the payment process because of increased friction for consumers. Figures from Microsoft paint a picture of low SCA success rates, and high challenge and abandonment rates.

Beyond compliance: comply and thrive in a PSD2 world

With good levels of SCA compliance and falling payment fraud levels, it is time for the payment industry to concentrate their efforts onto the problem areas that SCA is causing. These include measures that can:

  • Increase acceptance rates
  • Reduce declines and failures
  • Reduce levels of friction
  • Make it easier for consumers to make payments online
  • Detect previously undetected fraud

Benefits of behavioural biometrics for SCA

A technology that can meet these requirements, and one that is being increasingly adopted, is behavioural biometrics. Banks and payment services providers are increasingly turning to biometrics for payment security with many issuers already adopting biometric authentication in their mobile apps. A leading UK bank, that has turned to BioCatch’s leading behavioural biometric technology to enhance its SCA solution has a projected fraud saving of £1million annually. The BioCatch behavioural biometric solution deployed by this UK bank was able to detect 42 percent of the fraud that was being missed prior to the deployment of BioCatch’s technology.

Behavioural biometrics, has many benefits for payment security including:

  1. Meets SCA ‘inherence’ factor requirements
    • Including providing ‘inherence’ for ‘what you have’ SCA factor, e.g., mobile phone evidenced by OTP
  2. Improves user experience
  3. Reduces friction leading to reduced abandonments
  4. Reduces false positives for 3DS and risk-based-authentication (RBA) transactions
  5. Reduces fraud, including previously undetected fraud

Download the full report

You can download the full report here.

Alan’s View – 18th August 2021

By | Blog | No Comments

Alan Goode, CEO and Chief Analyst, shares his views on the latest developments for Digital Trust featuring latest updates on  behavioral biometrics including the acquisition of Revelock by Feedzai and latest round-up on investment and M&A for the industry.

 

Alan’s View – 29 July 2021

By | Blog | No Comments

Alan Goode, CEO and Chief Analyst, shares his views on the latest developments for Digital Trust featuring latest updates on  Covid-19 health pass, quantum encryption and SSI, updates on RSA Outseer and Transmit Security, and latest round-up on investment and M&A for the industry.

 

 

Alan’s View – 22 July 2021

By | Blog | No Comments

Alan Goode, CEO and Chief Analyst, shares his views on the latest developments for Digital Trust featuring UK and France government’s plans for Covid-19 health pass, UK government asks for consultation on digital identity plans, New York City introduces biometric privacy law and latest round-up on investment and M&A for the industry.

Digital Trust World 2021 – The matter of trust in a digital world

By | Blog | No Comments

Digital Trust World 2021

The matter of trust in a digital world

From the company that brought you the annual Biometric, Identify and Identity Summits, join us in shaping the digital trust landscape of the future.

Trust is at the heart of fruitful relationships, both personal and business.  This is true for both the physical and digital worlds.

In the physical world we create trust through security, effective process, and reputation. These pillars guide us through our decision making when establishing trust and inform us when asking questions such as, Do I trust this person to honour an obligation? Can I trust a business with my money?  Do I trust that my healthcare provider will keep my records secured under lock and key, and that the key can only be accessed by authorised people?

Trust is also very much a two-way process – a mutual relationship based on reputation. Can an entity trust that I am a real person and not an imposter, that I will abide by the rules of the relationship, and that I do not have previous history of reneging on a contract, either on purpose or by misfortune?

In the physical world we issue documents and create records that prove who we are, when we were born, where we live, what we can do and what have we done.  These make us eligible to receive healthcare or social care, to permit us to travel internationally, to permit us to drive a vehicle (and what types of vehicles), to prove that we have been fined for speeding. The list goes on….

In the digital world we need to match the levels of trust that thousands of years of human civilisation has created to maintain a safe and prosperous society.

We are in the fourth industrial revolution and due to COVID-19 pandemic, digital transformation is accelerating at an incredible rate. How we recreate the trust of the physical world, and even improve on it, is one of the fundamental questions of our time.

Digital Trust World 2021, a major new event from Goode Intelligence, will provide a platform for the world’s leading authorities in Digital Trust to drive the conversations around how we can effectively develop trust in the digital world, alongside our thought leadership expertise in the digital trust economy.

Goode Intelligence has been active in covering the latest developments shaping Digital Trust since 2007 when it published its ground-breaking market analyst report on the mobile phone as an authentication device. Since then, Goode Intelligence has been instrumental in shaping the narrative around trust in the digital world predicting the

  • Importance of biometric technology for frictionless mobile authentication in 2010 – three years before the arrival of Apple Touch ID
  • Critical role of mobile in remote identity verification
  • Opportunity for decentralised identity, central to the passwordless authentication movement
  • Arrival of multi-purpose biometric technology for cars
  • Future of touch-free biometric payments to support new retail opportunities
  • Importance of quantum cryptography in withstanding the threat from quantum computing.

Topics and Themes

Digital Trust World 2021 covers the following topics and themes segmented into the following technologies:

  • Authentication
  • Biometrics
  • Digital Identity
  • Fraud and Security

The event will also cover aspects such as Privacy & Ethics, Skills and Professional Training, Legal Requirements, Attracting Investment and Powerful Communication for Business Success.

Authentication

  • Pick a date – when will we see the end of passwords?
  • We expected the passwordless revolution to be with us by now, so why I am still using passwords?
  • FIDO Alliance update
  • Biometric authentication – offering the right mixture of security and convenience
  • Continuous authentication – a privacy nightmare?
  • Why we need risk-based authentication more than ever – delivering frictionless authentication

Biometrics

  • The importance of liveness detection in combatting identity fraud
  • How biometrics is being leveraged for secure touchless physical access control
  • The role of voice biometrics in supporting frictionless user authentication
  • Biometrics is not just about identity and authentication – how biometric technology is being used to monitor our wellness and wellbeing

Digital Identity

  • All you need to know about the digital identity wallet wars
  • Who should issue digital identity – government, banks, tech companies or telcos?
  • Case studies
    • What we can learn from the Nordic BankID model
    • Latest developments with digital identity in Canada
  • Is SSI the right choice for your business?
  • Digital Identity in:
    • Government
    • Financial Services
    • Healthcare
    • Travel
  • Identity Verification
  • The security of digital identity – what makes a digital identity system secure?

Fraud & Security

  • New models for fraud management
  • The importance of behavioural analysis in fraud prevention
  • What you need to know about the risk to encryption from quantum computing and how to solve it
  • Encryption as a service – models and benefits
  • The risk of synthetic identity fraud
  • What account takeover (ATO) looks like and how to mitigate risk?
  • Regulatory roundup with updates on
    • GDPR and worldwide data protection regulation
    • PSD2 SCA
    • EU AI regulation

Privacy & Ethics

  • Bias in AI – why it is such an important issue
  • What privacy by design is and how you ensure it is baked into digital trust solutions?
  • Diversity and inclusion in digital identity
  • Important considerations when designing and deploying a biometric system
  • Live AFR – is it such a bad idea?

Join me in October as we shape trust for the digital world by registering for your place now.

Alan’s View – The Healthpass Explosion

By | Blog | No Comments

Despite confusion with UK Government’s policy on COVID-19 immunity and vaccination passports (some weeks it is a ‘no’, some weeks a ‘maybe’, other weeks a ‘yes’), it appears there is growing evidence that some sort of digital record to indicate a citizen’s health status will materialise. This is not just a UK trend. Around the world, a consortium of airlines, airports, travel associations, transport groups, technology vendors and governments are joining forces to design and deploy systems to verify the health status of citizens eager to get out and about again.

These initiatives are known by a number of names including immunity passports, test records or vaccination passports but are now being commonly called a healthpass. Biometrics is fundamental to the success of these schemes and biometric providers are recognising that they offer a great opportunity in an economic age where other sectors are stalling on new projects. Biometrics enable these schemes accurately to verify identity and then to authenticate citizens into the healthpass to allow verifiers to access their Covid-19 health data – have I been vaccinated? When was I last tested? Can I safely enter a country?

The UK is piloting a system jointly developed by iProov and Mvine, and British Airways is testing VeriFLY, a biometric health app developed by Daon. There is a need for common standards and interoperability with these schemes and it is encouraging that a global initiative called the Good Health Pass Collaborative has very recently been launched. This initiative includes iProov and Daon joining forces with the Airport Council International (ACI), ID2020, MasterCard and SITA. I am sure that this something we will hotly debate during the coming weeks and months.

My thoughts for the shape of 2021

By | Blog | No Comments

It has been a challenging year for us all and one cannot underestimate the impact of the pandemic on so many people around the world.  However, there is significant hope that 2021 will be a much better year for many of us.

2020 has been a year of the acceleration of digital transformation.

More people are working from home – At its highest figure during the Covid lockdown, 38 percent of the UK’s workforce was classified as exclusively working from home. [Source 1: UK ONS]

More people are banking remotely – More people are turning to digital banking, mobile and online, and many people are new entrants in using this technology. A study by McKinsey discovered a 20 percent rise in digital banking during the COVID-19 crisis – that’s two years’ growth in just a couple of months. [Source 2: McKinsey]

More payments are moving online – A study from McKinsey says that in the first six months of 2020, consumers spent US$347 billion online with US retailers, up 30 percent from the same period in 2019.

Once it is safe to do so, and the COVID-19 vaccinations have reached the majority of the world’s population, then we shall undoubtedly see the pendulum swing quite dramatically back to physical interaction. We are social beings and a pent-up demand for physical interaction means we will embrace physical shopping, face-to-face business meetings and events and international travel.  However, a new normal will emerge as normal life resumes and we again experience the inconvenience of long queues for parking at the shopping mall or travelling three hours for a 30 minute business meeting. The pendulum will again move towards the virtual world resulting in a balance of physical and virtual interactions with the distinction between the two narrowing. Much of the change in behaviour that has been a result of this pandemic will stick.

The improved digital infrastructure and a change in work culture will go hand-in-hand to support a much more virtual lifestyle. Businesses will support increased working from home and will benefit from improved productivity, reduced costs from smaller office space and improvements in employee mental health – getting that work-life balance is so important.

In the world of digital trust and security, in particular with authentication, biometrics, fraud and security, and identity, I believe that the following will happen in 2021.

Authentication: Despite the many predictions that 2020 will see the ‘death of the password’ it still dominates the authentication landscape.  The need for secure and frictionless authentication mechanisms that work across all channels and devices has never been so pressing but the fact remains that the password is still king. PSD2 Strong Customer Authentication (SCA) has increased the use of 2FA and MFA but banks and payment service providers are largely turning to SMS delivered OTPs despite many reservations from security experts and groups such as NIST. Standards such as FIDO and other passwordless initiatives provide organisations with alternatives to passwords that eliminate many of the security weaknesses, but adoption levels remain muted. There have been positive moves from some of the large tech networks including Microsoft and Google with their authentication apps but in many cases, it is still not mandatory for users to adopt them. I believe regulatory pressure will be the biggest driver to move away from passwords in 2021.

Biometrics: Expect another stellar year for biometric adoption across a wide range of verticals. I predict that behavioral biometrics will be more widely used in partnership with anti-fraud and authentication solutions especially in heavily regulated industries including financial services (EUs SCA and 3-D Secure 2.0 are driving forces in payments).

Will 2021 be the year that biometric payment cards finally arrive for consumers? Expect an uptick in pilots around the world and increasing commercial rollouts to enable secure, safe, frictionless and no-limit payments in physical locations. Surveys from 2020, including our own yet to be published UK survey, indicate that there is strong demand for these cards and a willingness to pay a nominal sum per month for the privilege of owning one. With the rise of contactless cards in many regions of the world, the addition of biometric authentication will make them the top of wallet choice for millions of consumers.

Biometric accuracy and the ability to withstand presentation attacks (liveness or genuine presence assurance) will continue to improve in 2021 making biometrics a reliable method to identify and authenticate people across a wide range of devices and channels.

Biometrics will be vital for a wide range of applications across many different verticals; to support a safe (often touchless) and seamless travel experience, as a pivotal component in remote digital onboarding, to secure the next generation of connected cars, to link the physical and digital worlds for government-issued digital identity and to both actively and passively authenticate people.

Fraud and Security: There is enormous pressure on fraud and security systems to withstand increasing levels of attack on core systems. Covid-19 has led to increasing levels of fraud attempts against digital services. The UK’s Action Fraud reported a 400 percent increase in COVID-19 related fraud during March 2020 with the majority of reports related to online incidents. As remote onboarding increases there will attacks on the tools that are being used to support this process, including using AI-powered attack tools to fool face biometric systems and the collection of personal information for use in synthetic identity attacks. Attacks on remote account opening has increased during the COVID-19 period and it has become one of the favoured attack points for criminals. In terms of a response from fraud teams, I predict increasing levels of cooperation between fraud and security teams to withstand the assault. This will include increasing adoption of layered tools that protect all levels of digital interaction with customers from discovery, onboarding, authentication and transaction processing.

Throughout 2021, more states will enact privacy and data protection legislation akin to the GDPR and California’s CCPA legislation.

Identity: A portable government-issued digital identity is proving to be a fundamental requirement in supporting digital transformation. It has the ability to provide an anchor for a wide range of linked digital identity credentials. This may be issued in a centralised or decentralised (self-sovereign) model – there are merits for both. Governments manage a rich depository of verified identity data across a number of different agencies. I predict that during 2021 governments will wake up to the opportunity that this data provides by enabling third parties to access this data in the same manner that government-issued documents are used in the physical world.

Age verification will be a popular application for next-generation digital identity solutions. I predict that blockchain technology is a realistic platform for age verification services as it can be supported by a zero-knowledge proof protocol that only supplies a cryptographic representation to the answer – am I legally permitted to access/purchase/consume age restricted products and services, including digital adult content and the consumption of alcohol? For instance, I am a student (this for me was some years back) and I am legally permitted to drink alcohol, but I am at an age where I need to verify my age when entering a venue that serves alcohol. Instead of using a physical government-issued document that proves that I am legally allowed to consume alcohol, along with long list of other personal attributes that are irrelevant to the consumption of alcohol, I (the prover) give permission to the venue management (the verifier) to access my digital identity app (wallet) to verify my age. The verifier doesn’t not need to know my date of birth, they only need to know the answer to the question – am I legally permitted to consume alcohol, to which the answer can only be ‘yes’ or ‘no’.

2020 saw Goode Intelligence work with a wide range of digital identity bodies and providers and we’ll be continuing this collaboration in 2021.

I would like to wish all of you a happy and safe holiday season and I look forward to connecting with you during 2021 – a hopefully less stressful year than 2020.

Alan

[1] https://www.ons.gov.uk/peoplepopulationandcommunity/healthandsocialcare/conditionsanddiseases/bulletins/coronavirustheukeconomyandsocietyfasterindicators/1october2020

[2]

https://www.mckinsey.com/industries/financial-services/our-insights/no-going-back-new-imperatives-for-european-banking