INTERVIEW: The DID Alliance’s Ramesh Kesanupalli talks to us about GADI, the exciting new initiative for Digital Identity…

By | Blog | No Comments

Last month we were delighted to host a webinar introduction to the Global Architecture for Digital Identity (GADI) in partnership with the DID Alliance*.  Ramesh Kesanupalli, co-founder of the DID Alliance, founder of the FIDO Alliance and CEO, Digital Trust shares his insight on this very exciting initiative and why we need a new method to add trust and accountability into Digital Identity.

After your success with the FIDO Alliance, what made you turn your attention to identity?

Ramesh Kesanupalli: “There were a couple of reasons: firstly, digital identity is one of the hot topics that is emerging in the industry – after adding up all the attacks that have happened to major entities, and considering the misinformation and untraceable information that is rampant on the internet – Identity is a problem that needs to be fixed.  After the successful standardisation of FIDO and its inclusion in all major operating systems and browsers, it’s only natural to look into identity binding as the next step.  At the same time, the CEO of RaonSecure, Soon Hyung Lee, who has been developing the OmniOne Identity DLT, asked me to take a look at what they were doing which got me started looking into this space.”

Tell us about the basic premise of GADI

Ramesh: “The basic premise of GADI is to define a trustable identity framework that will work at a global scale and bring different identity systems to establish trust and accountability. While security and privacy are the fundamental rights of everyone, for a functioning business or society, trust and accountability are basic necessities.”

What is a digital address and how is it used?

Ramesh: “A Digital Address is a human-readable access point, which is bound to a unique trust anchor for the user that is generated by a trusted issuer in the GADI ecosystem when the user is being on-boarded into the GADI ecosystem.  Once the initial trust anchor of the user is created, and a Digital Address is created for the user with a Digital Address Provider, the issuers can issue the user credentials using the verifiable credential formats, and publish the DIDs (Decentralised Identifiers) of those credentials to the Digital Address that the user is associated with.  The user can then go to any other issuer who would issue credentials to the user and provide their Digital Address so that the other issuer can start issuing their credentials to that user.  The user will then be able to provide verifiable credential presentations to a service provider to prove identity claims as needed based on the service provider’s context.”

Can GADI work with existing identity ecosystems?

Ramesh: “Yes.  Existing identity systems can turn themselves into a Digital Address Provider by embracing the GADI methods of on-boarding users and issuers.  The creation of the initial trust anchor is the key first step which involves identity verification of the user against a government-issued identity document by a high-trust entity.   This could be a Department of Motor Vehicles (DMV), Passport Agency, Employer, Financial Institution or Medical Centre.   Digital Address providers will have to go through a certification process and must follow the governance and policies of the GADI ecosystem.”

Finally, how can people find out more and get involved?

Ramesh: “We welcome organisations, both public and private to come and join the DID Alliance to contribute to the specification, governance, and direction of the ecosystem.  There are different work streams that need help, support and participation.  We have a Technical Working Group, Governance Working Group, Messaging Working Group, Certification Working Group and so on.

“People can get involved at the board membership level, sponsor membership level or associate membership level.  Please visit the DID Alliance web site didalliance.org for more information and to reach out to us.”

*The DID Alliance is an open industry association created to drive the development of a standardised, interoperable framework for decentralised identity services to ensure the authenticity of an established trust in digital identities.

 

An iPhone Touch-ID moment for the automotive industry

By | Blog | No Comments

Biometrics is no longer a futurist technology for cars. In 2020 we witnessed the arrival of biometric technology into one of the most iconic luxury vehicles in the world, the Mercedes-Benz S-Class.

Mercedes-Benz announced in July 2020 that its new S-Class car will come with biometric technology integrated into its infotainment system enabling “verification of digital payment processes from the vehicle”. The car will feature built-in fingerprint sensors into the dashboard display, face recognition supported by two cameras and the capability to use voice biometrics. The infotainment system is called ‘My MBUX’ and supports four different methods of authentication, three of them biometric, voice, face and fingerprint.

The German auto giant followed a number of Chinese and South-East Asian (Japan and Korea) automotive OEMs in turning to biometric technology to enhance vehicle entry security and provide an ultra-personalised user experience once inside the cabin.

In our latest market analyst and forecast report – “Automotive Biometrics Market Analysis & Forecasts 2021-2026” – Goode Intelligence covers the latest developments in the automotive sector including how biometrics is supporting modern methods of personal transportation delivery from ride-sharing to autonomous cars.

The report identifies that the current major drivers for integrating biometrics into vehicles are user experience, personalisation and occupant authentication.

Tied to driver/occupant authentication are a number of other drivers that include, vehicle entry and start, in-car payments, driver monitoring for health and wellbeing (HWW) purposes, insurance and vehicle to home automation.

The seven major drivers are defined in the following infographic.

To find out more about the market opportunity for automotive biometrics download our latest white paper and visit our report store.

 

The Impact of Coronavirus on Digital Identity and Biometrics

By | Blog | No Comments

We are living in unprecedented times. The Coronavirus (COVID-19) crisis is a global tragedy that is affecting every part of our daily lives. The question on when the world will return to normality is a difficult one to answer. The emergency measures that include restriction on travel and social distancing may well be still in operation into 2021.

Over recent weeks we have been assisting our clients in understanding the impact of COVID-19 on their business This blog provides my views on the effects on identity, authentication and biometrics; the three interconnected areas that Goode Intelligence covers.

I believe that this Coronavirus is accelerating a number of key megatrends of the last twenty years, collectively classified as digital transformation. Moving away from physical service delivery to digital service delivery consumed on any device that can run an app or load a browser. This affects most sectors but is most acute for retail and financial services with physical stores and bank branches being replaced by remote digital services.

The need for social distancing is forcing all of us to perform more of our daily tasks from home. As a CEO of a small business, I am very used to working from the home office and talking to clients and contacts around the globe. I am now joined by my children who are having their lessons delivered digitally via platforms that are normally used for business web conferencing – some of which are managing to stay up with the increased demand. This is a seismic event, one that will put a strain on both technology delivery and society.

The need to accurately identify and authenticate people, and to authorise tasks and transactions through digital channels will accelerate. There will be increased demand for identity and authentication solutions that work seamlessly across endpoints, that are application-appropriate, that comply with regulation, that reduce or maintain acceptable levels of fraud, and meet sudden surges of demand (scale).

This is happening across all verticals; retail, finance, government, entertainment and education. What will be interesting, is whether this ‘emergency’ measure will become more of a permanent feature. Once we start to recover from the crisis, will we go back to commuting to work, shopping in physical stores, banking in branches and visiting theatres and cinemas?

This is my personal view on the impact of the current crisis on this sector, some have an immediate impact; others will materialise once the world recovers.

Biometrics – Don’t Touch This!

In addition to the impact of social distancing on the physical world, touching sensors on shared devices will be restricted during the crisis.

This includes sensors integrated into shared devices including ATMs, point-of-sale (POS) devices, door-locks and kiosks. It has been reported by the New York Times, that the New York Police Department (NYPD) has halted use of its fingerprint entry system at its HQ.[1] Where there is a legal or national security need to use these devices, for instance in border control, then operators will need to keep these devices clean.

Longer-term, organisations may look at deploying biometric sensors that avoid touch in shared and public spaces. We have already seen technology integrated into airports that allow passengers to ‘wave’ their hands through a reader. This doesn’t necessarily mean that organisations will avoid fingerprint as a modality – just don’t touch.

This should not include sensors that are integrated into devices that are not regularly shared, where a single user will enrol and verify; smartphones or biometric payment cards for instance.

Biometric Payment Cards

Gauging the impact on biometric payment cards, I am predicting a delay to large-scale deployment by approximately one to two years. Existing pilots will need to be curtailed and new pilots will likely be postponed. Card manufacturing will be hit as factories are closed down around the globe, although China is slowly starting to re-open (see statement in biometric sensors below).

One of the biggest drivers for adoption is increasing spend limits for contactless transactions. As a result of Coronavirus, countries with high contactless card adoption, including Egypt, Ireland, the Netherlands, Saudi Arabia and UK are increasing the spend limit to remove the need to enter in a PIN for higher value transactions. Ireland has increased its spend limit to €50 from €30, and the UK has increased to £45 from £30. This is a small increase and does not offset the benefit enabled by biometric payment cards of lifting the spending limit for biometrically authenticated payment transactions or bring contactless cards in line with mobile payment wallets.

Biometric Sensors

China, South Korea and Taiwan are the centres of biometric sensor manufacturers and these countries have been at the epicentre of the crisis. Factories have been shut down and will take time to get back to back to normal operating levels after reopening. Factories, especially in China are slowly reopening but it is been estimated that they are still operating at 70-80 percent of their pre-COVID-19 capacity.[2] This will have a negative impact on the supply of biometric sensors to OEMs, although this impact may be lessened as OEMs, in particular mobile OEMs, have recently reported an over-supply.

Demand for consumer electronic devices will be dampened and this compounds the reduced demand for biometric sensors from the principle OEMS.

There is demand for hybrid devices that can both identify and perform an ‘at range’ quick biomedical check on citizens to determine if they may have been infected. In China, these have been worn by law enforcement officers and have also been deployed as scanners at airports. Longer-term, this could potentially kick-start the combination of biomedical and biometrics in ‘worn’ technology – smart watch, wrist bands and clothing – to create applications that know who you are and how you are. Checking body temperature, blood pressure, ECG and heart rate and also knowing the identity of the person (patient).

There needs to be an adequate privacy and trust framework to support this collection of sensitive personal data and it remains to be seen if these ‘emergency’ measures will become permanent once we are out of crisis mode.

Digital Identity Verification (Proofing)

Digital Identity verification answers the following questions:

  1. Is it a real user?
  2. Is it authorised to use the data it presented?
  3. Can you do business with the user?
  4. What is the risk of doing business with the user?

Back in May 2019, I predicted that just over 704 million digital identity verification checks would be made during 2020 around the world. As a result of the COVID-19 crisis and with businesses increasingly reliant on ‘remote’ technology to verify identity and to quickly onboard people to digital services, I believe that this forecast needs to increase – probably by an additional 15-20 percent.

Digital Identity

In a Goode Intelligence analyst report published in November 2019 covering the market for verified digital identity we forecast over three billion digital identity users by 2025. I believe that this forecast still remains relevant but there will be different speeds of adoption between verticals and applications. For instance, for air travel, the impact of COVID is resulting in considerable reduction in passengers. The number of passengers coming through terminals for 2020/21 will be significantly reduced. IATA has predicted that the virus will cost airlines $30 billion[3] and see passengers numbers decline by 13 percent. A driver for the deployment for the ‘kerb-to-gate’ digital identity schemes has been increasing demand on airlines and the need to efficiently process passengers from the kerb to the gate. A consortium of airlines, airport authorities and governments has developed single token systems that leverage biometrics to ensure that passengers can check-in, pass through security and board the plane without the use of a combination of tickets, passports and boarding passes. There will quite likely be a revaluation of these schemes with reduced revenue and repurposing resources to support passenger monitoring and virus containment.

Containing the virus and monitoring citizens and has been a priority for many countries, especially those that have national identity schemes. I expect to see an acceleration in active national identity schemes that collect our ‘digital exhaust’ – identifiable data obtained from a variety of sources including mobile networks and devices, travel/transportation, social network, health networks, financial and payment systems. Even though we are in an emergency situation, this type of ‘surveillance’ identity must be carefully designed and deployed to ensure that the privacy of citizens is respected. Privacy legislation including GDPR must be respected even in these difficult times.

Business Financing

Financing for businesses, especially pre-revenue start-ups may become more difficult, especially in the short-term. Investors have taken a significant hit to their portfolios and will be understandably more cautious about any new funding especially for pre-revenue firms with lengthy runways. This excludes emergency measures from central governments.

How Goode Intelligence is Helping

As a business we have taken steps to support our community by suspending physical events and summits until the time is right to reintroduce them. As an established analyst company with years of experience of running online webinars we shall be creating a number of virtual summits in the coming months to educate and influence our network. If you need support with research or need to influence the industry, we would be delighted to hear from you. In the meantime, please take care and stay safe.

[1] https://nypost.com/2020/03/11/coronavirus-in-ny-fingerprint-security-protocol-halted-at-nypd-hq/

[2] https://www.lazardassetmanagement.com/us/en_us/references/announcements/coronavirus

[3] https://airlines.iata.org/news/coronavirus-outbreak-set-to-cost-airlines-30bn-in-revenue

Realising the new normal of healthcare, through digital identity

By | Blog | No Comments

I was fortunate to recently chair a thoroughly informative and lively webinar on realising the new normal of healthcare, through digital identity on 27th May, in partnership with Mastercard, and I would like to give you a taster of some of the discussion points from the event.

During the one-hour session I was joined by four leading experts in this field;  Dan Johnson, Vice President, Identity Products Cyber and Intelligence Solutions Mastercard, Dr. Sally Eaves, Professor and Strategic Advisor on Emergent Technologies, Dr Manreet Nijjar, Co-Founder, truu and James Monaghan VP Product at Evernym.

In the “new normal” era we face, the speakers unpacked how digital identity fosters the shift of day-to-day healthcare needs to digital channels by bringing together personal health data, empowering doctors to provide ‘telemedicine’ and effectively implementing services such as contact-tracing.

During the webinar, there was discussion on the need to meet individuals’ needs in this digital era and the requirement of collaboration from all parties involved. One of the big takeaways from the session was that by working together, the industry can collectively accomplish what is impossible alone: convenient, secure, smart digital interactions that work better for all of the world’s population.

The webinar included discussions on bringing health data together, contact tracing and the need for global interoperability and how medical teams can be empowered to provide telemedicine.

In his introduction, Dan Johnson defined digital identity as “a way of proving who you say you are”; something that is “much harder to do online”. Johnson commented that since the COVID-19 emergency started, “people are interacting online way more than before”. He said that in the old normal (before COVID-19) that “this event would have taken place in a physical venue” and there “had been a remarkable increase in shopping online”. As a result of COVID-19 there is a “demand for new credentials to support the increasing adoption of digital services”. According to Johnson, “there isn’t really a suitable digital identity service to support this demand”.

Specifically, on healthcare “there is currently no efficient way of sharing healthcare data, especially outside each trust network or boundary”. In reference to telemedicine Johnson believes that it is “more and more important to have a safe and secure method to provide both identity of patients and doctors alike when they are accessing telemedicine services.”

Johnson talked about contact tracing being a “very emotive topic” and asked the panellists their opinion on the matter. Dr Nijjar explained about how “doctors are engrained with confidentiality when discussing their patient’s health” and that there is a risk that technology “could take this away from doctors”.

Dr Nijjar discussed the relationship with trust and digital identity; “Trust is the biggest thing that we as doctors have but as we move more into the digital world digital identity becomes crucial”.

Dr Sally Eaves echoed the importance of trust with healthcare data saying that “trust is imperative” and then expressed her concerns on collection of healthcare data; “there are concerns over what will happen to healthcare data collected for contact tracing after the emergency situation improves. Will this data be used for other reasons other than keeping people safe?” Dr Eaves recommended that communication with patients and citizens should be transparent to ensure that there is trust in the system and cited the example from Australia where there was communication to say, “that this data will not be used for any other reason”.

Dan Johnson concluded this session by saying that he agreed with the other presenters on trust and collection of healthcare data and cautioned that there could be “a temptation to create a solution just for now”. He had been introduced to the term “honest but curious” by a fellow identity professional and believed that this term was very pertinent now in that “healthcare data collected for COVID-19 purposes may be used for other reasons and this could have a negative effect on trust between patients and healthcare providers”.

There is much debate about the merits of centralised versus decentralised digital identity and I asked the panellists their opinion on the subject. Dr Eaves believes that decentralised models are preferable as it “builds trust and ensures that patients retain control.” She cited the partnership between Google and Apple as “being seen as a good decentralised model” but warned that the “acceleration of innovation comes at a risk”.

James Monaghan made a very important point about framing the discussion and explained that “the trend towards decentralisation is about recentralisation around the individual – centralisation around me”.

Dr Nijjar provided a particularly poignant explanation in his comment on the centralised versus decentralised debate with the example of the UK NHS Red Book (a paper book used to hold medical information about new born children); “in the physical world, the decentralised model is something that we have had for some time in healthcare with the maternity red book. The book is held safely by parents and is presented to healthcare professionals to log a baby’s weight and height etc and to record a child’s immunisations. Later-on in a person’s life, healthcare records become centralised. There is an argument that says we should continue with the ‘red book’ model” by making all of our healthcare records and our digital identities decentralised.

If you would like to hear all of the discussions, then please tune in to our YouTube channel where you can watch the whole session.

Identity Verification

The Digital Identity Problem: Solving the Issue of Trust

By | Blog | No Comments

The question of how we effectively and securely identify people online and enable them to perform digital tasks in a safe and secure manner is one of the fundamental issues of our time. Alan Goode, CEO, Goode Intelligence shares his insight in this article.

The question of how we effectively and securely identify people online and enable them to perform digital tasks in a safe and secure manner is one of the fundamental issues of our time. The first challenge to overcome is that there are multiple definitions of what digital identity is. The market for identity solutions is also complex and fragmented, with many competing technologies being used to solve some of the problems facing our digital lives. Even NIST in its Digital Identity Guidelines struggles to pin down identity, stating that: “Without context, it is difficult to land on a single definition that satisfies all.”

With no simple or single solution to this problem, there is a significant opportunity for technology companies to develop targeted solutions to solve specific problems. Is digital identity a means to simply support digital onboarding and comply with anti-money laundering (AML) and know your customer (KYC) regulations? Or is it something bigger – a digital equivalent of a passport or national identity scheme, and are we entering an era of person-centric digital identity or self-sovereign identity?

eIDV services lead the way

In the absence of universal digital identities that can be used across services and cross-border digital identity, eIDV (electronic identity and document verification) services solve a key problem: how to prove a person’s identity for access to online/remote services.

eIDV services also remedy the issue of trust between service providers and their users. As David Britton, VP Industry Solutions of Experian, explained when interviewed for the recent Goode Intelligence Digital Identity & Document Verification Market report (1): “Right now we are in a state of transition where we will have a combination of old and new identity – physical ID documents and digital identity. This is where eIDV is solving an immediate problem.”

Customer identification

The ability to ‘onboard’ new customers to services through remote digital channels, web and mobile is a pressing need for many organisations looking to reduce their physical footprint and to support digital transformation projects while reducing the risk of fraud. eIDV services address this by proving an individual’s identity, while also supporting digital onboarding and meeting the latest AML, KYC and customer due diligence (CDD) regulations.

Specifically, digital identity and document verification systems answer these questions:

* Is it a real user?

* Is the user authorised to use the data presented?

* Can the service provider conduct business with the user?

* What is the risk of doing business with the user?

Features of eIDV

eIDV services offer a combination of ever-more accurate facial recognition, document verification, and a growing variety of verifiable identity sources (data and signals), increasingly powered by machine learning (ML) and artificial intelligence (AI). As a result, service providers are adopting these solutions in ever-increasing numbers.

Goode Intelligence has determined that there are four main elements of digital identity and document verification services, linked to the four questions outlined above:

* Genuine presence assurance: establishing that the entity is a real person and not synthetic. This is usually managed by using a camera, either smartphone or webcam, to capture the entity’s face and then using a number of technologies to ensure that it is a live face.

* Corroboration and risk mitigation: the validation of captured images, faces and documents. Depending on the risk appetite, a range of techniques – including collecting device and network signals and data – will be used to feed into the risk engine to verify the entity’s identity and validity, in order to perform a certain task, such as opening up an account.

* Document capture: the secure capture of the trusted document that is being presented to a service provider, and verification that this document is not a fake and has not been tampered with.

* Orchestration: co-ordinating the workflow that manages the processes and ties all the disparate technologies and data sources together.

Genuine presence assurance

A key challenge in remote identity verification is to offer ‘genuine presence assurance’. In other words, it is essential to know that you are dealing with a living person and not a ‘fake’ one that is trying to spoof the system into thinking that it is genuine. As Clive Bourke, EMEA & APAC president at Daon, explains: “Methods to prevent impersonation which ensure it is a real person, are vital. Liveness detection algorithms that combine both passive and active assessments provide the best protection against fraud.”

Biometric systems plays a key role here in enabling digital identity verification services. They replace humans when it comes to verifying the identity of a person in remote, unattended scenarios. So instead of a bank or telecoms company employee verifying the image on a government-issued document against the face of the customer in-branch or in-store, facial recognition software captures their facial image, then verifies it against the image extracted from the government-issued document.

An essential part of genuine presence assurance is liveness and spoof detection, commonly called presentation attack detection (PAD). A robust facial recognition system used for digital identity verification must be able to deter common spoof attacks, and determine whether a person is real and present during the identity verification process. Modern facial recognition algorithms offer multiple benefits here, including:

* Quality assurance of the live image captured and the scanned image, to make sure they are suitable for facial recognition.

* Liveness techniques including eye blink, head movement, texture, light reflection, sharp lines, perspective changes and behaviour.

* Facial watchlist searching of previous fraudulent applications.

* Facial search of previous applicants in a specific period or high-risk cohort of applicants or all applicants, to detect applications which have different claimed identity data but the same person’s face.

The accuracy of facial algorithms has also improved significantly, due to the availability of machine learning and deep neural network (DNN) capabilities, combined with much larger and more diverse data sources and the ability to continuously train algorithms on real data.

Document verification

Another major challenge in digital identity verification is to establish that any documents being presented to a service provider are not a fake and have not been tampered with. This could include documents such as passports (biometric and non-biometric), driver’s licences and national identity cards.

Depending on the workflow, this activity is generally either the first or second process that will be followed as part of the end-to-end digital identity verification service. Using a government-issued document with an image for identity verification meets AML/KYC regulation and has traditionally been carried out in a physical office or retail store under the supervision of a trained person (for instance in a bank branch when opening an account). But with the growth of digital services and the switch from having physical bank branches and retail stores, document capture and verification is moving to digital.

In this approach, the identity information is captured from the document either using a smartphone camera or personal computer webcam; or it can be done via NFC – near field communications – when an identity chip exists (eg, with biometric passports). The introduction of machine learning and AI technology is having a positive effect on accuracy rates and reliability here. However, it is important not to oversell the capabilities of AI in this area, especially when applied to document authentication and verification. Even with the help of AI, accuracy rates are generally in the 80 percent bracket and human analysis is often required to increase accuracy.

It is clear that document capture and verification accuracy is an important metric in terms of assessment. The solution has to be able to capture fake identity documents in order to ensure AML/KYC compliance and to ensure that fraud rates are manageable. But as stated above, document verification has varying levels of accuracy: Goode Intelligence’s research shows that accuracy rates, where auto verification is successful, are currently running at around 80 percent; some 15 percent of solutions are generally viewed as being suspicious and in need of additional verification – usually by human analysts – and five percent fail and are viewed as fraudulent. As Clive Bourke at Daon said: “Document accuracy is not where it should be. The combination of machine learning and human review may add grit into the process and introduce cost but serves to provide a positive outcome for customers.”

Accuracy rates can be higher with biometric passports where information, including biometric data, is read from a chip using NFC and then verified. Of course, not all passports are biometric and this technique is still only available on certain Android devices. However, a recent announcement by Apple points to iPhones supporting this feature in the next version of iOS (v13), for iPhone 7 handsets and above, available in later 2019. Leveraging NFC for biometric chip reading improves the quality of the images used, by extracting directly from a chip rather than using a scanned image.

Solving the trust issue

The final components in successful digital identity and document verification are corroboration, orchestration and risk management, as follows:

* Corroboration involves using signal and data collection to improve the accuracy rates in identity verification.

* Orchestration, or workflow, services are an imperative for service providers aiming to offer comprehensive end-to-end identity and document verification services. They use behavioral biometrics to prevent fraudsters getting as far as the front door.

* The risk management or decision-making element of identity and document verification is increasingly important. These services ultimately establish, based on the data passed to them, whether a person’s identity can (a) be trusted, (b) is not illegal and (c) is tied to a person that is authorised to perform a certain action (eg, opening up a bank account or reserving a shared room).

Identity data

Identity signals and data can offer a significant means of improving the accuracy of identity verification, supplementing other components such as document verification and facial recognition. These data sources range from the traditional – ie, name, social security number and mobile number – to what David Britton at Experian calls “the digital exhaust consumers are emitting”, such as their data derived from social networks. These sources include:

* MNO (mobile network operator) data – including active data from MNOs and the mobile device itself.

* Citizen data – sourced from a utility or government database.

* Credit data – derived from a registered credit agency or bureau, which manages consumer credit information on individuals.

* Electoral rolls – government data on citizens enrolled to vote.

* Government-issued and collated databases and data – including national insurance data, driver’s licences and passports.

* Consumer data – sourced from direct marketing campaigns.

* Property files – data issued by the government, detailing property ownership.

* Utility data – relating to national utility providers such as telephone, gas, electricity and water.

* Watchlists – country screening programme lists, such as those run by the US Treasury Department’s Office of Foreign Assets Control (OFAC) or the Australian Government Department of Foreign Affairs and Trade (DFAT).

Market growth

There are a number of market drivers for digital identity and document verification services. They include supporting digital onboarding, age verification, meeting AML and KYC legislation, and providing a foundation for trust in the sharing economy. As a result, a range of industries are leading the drive to adopt these services. They include financial services and insurance; telecoms; eCommerce, notably the sharing economy and adult markets; gaming, including gambling and video gaming; and physical retail.

Looking at two leading markets in particular:

* In the financial services and insurance sector, the adoption of electronic identity and document verification has been strongly driven by a combination of AML/KYC compliance, fraud reduction and digital transformation programmes. As Clive Bourke of Daon said in an interview with Goode Intelligence in February 2019: “Across banks there is a growing interest in eIDV. Every second bank that Daon engages with in terms of sales engagement is interested in this area.”

The ability to quickly and securely onboard new customers using smartphones has many benefits to financial service providers and fits in with the strategy of challenger banks and FinTech providers who only have a digital presence. For these banks, the ability to run financial services without a physical branch is a prime consideration, so the ability to onboard new customers and allow them to open accounts by proving their identity on a smartphone or via a web session is essential. This is why challenger banks such as Monzo, Revolut and Starling are leading the way in supporting digital identity and document verification.

* Telecoms is also seeing strong adoption growth of eIDV, around two main scenarios: where the telecom operator is a service provider of electronic identity and document verification; and where the provider is a buyer of eIDV services for its own customers.

There is significant opportunity for telecom providers to play a pivotal role in the identity verification market as MNOs hold valuable information about mobile subscribers including name, mobile number and geolocation information. Vendors such as Gemalto, a Thales company, are strong in this sector.

Summary

In conclusion, the development of biometric -based digital and electronic identity and document verification services provide a means to effectively identify people online, enabling them to perform digital tasks in a safe and secure manner. As a result, these solutions are now being adopted across a number of organisations and industries worldwide.

About the author

Alan Goode is the CEO, chief analyst and founder of Goode Intelligence, a leading UK-based research, consulting and events company specialising in identity, authentication and biometrics. Alan is an expert in biometrics, authentication and identity, with 13 years of research and analysis experience and prior to that 17 years of senior management and technology consultancy experience. He is a frequent speaker and industry awards judge, including the GSMA Global Mobile Awards for the past eight years.

Goode Intelligence’s Digital Identity & Document Verification; Market & Technology Analysis, Adoption Strategies & Forecasts 2019-2024 report provides detailed analysis of the digital identity and document verification services market.

Reference

  1. ‘Digital Identity & Document Verification Market & Technology Analysis Adoption Strategies & Forecasts 2019-2024’. Goode Intelligence, 24 May 2019. Accessed September 2019. https://www.goodeintelligence.com/report/digital-identity-document-verification-market-technology-analysis-adoption-strategies-forecasts-2019-2024/

Biometric Payment Cards – Are We There Yet?

By | Blog | No Comments

2019 has witnessed intense activity in the development of biometric payment cards with many pilots running around the world.

2020 is seen by many as a breakout year for biometric payment cards with pilots turning into commercial rollouts and these next generation payment cards beginning to be delivered to potentially millions of people across the world. This includes the recent announcement by NatWest bank in the UK of the world’s first biometric credit card pilot with 150 customers.[i]

As an analyst company that specialises in high-growth areas of identity, authentication and biometrics, at Goode Intelligence we first investigated the market opportunity for biometric payment cards in 2015 and again in 2018 in the first and second edition of our Biometrics for Payments analyst report.[ii] We predicted low volumes of cards initially as card issuers tested out the technology with pilots, ramping up to almost 579 million cards for 2023. We’ll be refreshing these forecasts in 2020 based on the latest data and input from all parts of this ecosystem, in the meantime here are some insights of how the market has moved along over the past year.

Our analysis in 2018 determined that there are a number of hurdles to overcome before biometric payment cards can be shipped in their millions. This includes cost, including the question of who pays for the card, scheme certification and enrolment.

As one of the hottest topics in biometric payments, we’ve naturally built biometric payment cards into our next biometric event – Biometric Summit London 2019. We’re delighted to have three vendors that are active in biometric payment cards, IDEX Biometrics, Precise Biometrics and an exciting new entrant, Riot Micro, speaking at the event to share their thoughts and vision on this and other relevant topics with our delegates.

I interviewed each of them recently to get their insight on where we are currently with biometric payment cards.

IDEX Biometrics

I caught up with David Orme, SVP Sales and Marketing at IDEX Biometrics to get the latest insight into how the market is currently taking shape.

I asked Orme what the current status was.  He explained that as “biometric technology is already influencing our lives with smart phones and airport terminals etc, the next evolution is with payment cards. We are in the market building phase at the moment with many pilots either concluding or being introduced.”

Orme provided us with some insight into IDEX Biometrics’ latest developments saying, “there is expectation that multiple partners will achieve certification completion for their biometric card that will result in a production order ramp up.”

One of the areas that Goode Intelligence has identified as being critical to the success of biometric payment cards is remote enrolment and Orme informed me that IDEX Biometrics has been very active in developing solutions for this with “remote enrolment patents in many territories around the world and a recent patent license agreement with global card manufacturer IDEMIA.”

Orme also referenced three other major hurdles that need to be overcome to ensure the success of biometric payment cards including “educating consumers and financial institutions on its value and ability to combat fraud”, “the cost of a biometric payment card and who’s responsibility this is” and “addressing common misconceptions such as where the data is stored”.

With high numbers of pilots being concluded in 2018 and 2019 Orme believes that biometric payment cards “will be in mass-market usage by 2020”.

Precise Biometrics

In a discussion with Stefan K. Persson, CEO, Precise Biometrics I asked him where biometric payments cards are in their development lifecycle, Persson’s reply was that “Biometric contactless cards are now getting more mature now and are not the same novel technology as 18 months ago. It’s widely recognised that they bring security at no expense of user convenience and card schemes are increasingly active in certifying these cards, which means the timeframe for commercial adoption is getting quite close now.”

With many pilots taking place in 2019 I asked Persson what this meant to shipment numbers as we approach the end of the current year. “We are involved in a number of pilots with our partners now, including NXP with whom we also have achieved the first Mastercard CAST certification. It’s important that all our quality and convenience criteria are met so we envisage small volumes through the rest of 2019 with a gradual ramp-up in 2020.”

Strong security is vital to payments and ensuring that biometric matching and storage of biometric templates takes place in a secure piece of hardware on the card is important. Persson discussed the importance of this and provided insight into a pilot that they were involved in run by Crédit Agricole in France.

“One noteworthy pilot that we are involved in through our partnership with NXP is the Crédit Agricole and Mastercard trial of G+D’s biometric card (showcased at Money 20/20 Europe earlier this year) with an integrated fingerprint sensor using NXP’s platform featuring Precise’s technology. This card is one of the first with a very strong combination of features requested by the payment eco-system as the NXP platform is based on a contactless card, using the NFC field only without a built-in battery. Most importantly, in addition to delivering enhanced customer convenience, the card is highly secure as the biometric matching and storage of the biometric templates takes place in a secure element (a secure chip in the card).”

Riot Micro

Riot Micro is an exciting start-up that I had the pleasure of meeting at MWC 2019 earlier this year in Barcelona. Riot Micro is a fabless semiconductor headquartered in Vancouver Canada with offices in US and Switzerland and development sites in Egypt and India. Their technology has been incorporated into an ISO compliant cellular biometric card (CBC).

I talked to Abdallah Turki at Riot Micro to get his opinion on where we are with biometric payment cards; “I believe that Biometric cards are gaining recognition as the most effective and seamless method of making secure payments, I expect 2020 will be the year were when financial institutions and others will take a more serious look at implementation approaches, the rise of data breaches as highlighted by the recent event effecting BA and Marriott makes taking [steps] to protect data more urgent than ever.”

Turki provided me with an update on where his company currently is with the development of its cellular biometric cards and plans for 2020; “Riot Micro has committed to delivering a cutting edge cellular technology enabling a disruptive and seamless payment technology. At MWC 2020 we will be showcasing the ISO compliant credit card that has multiple use cases and I am glad to announce that we have signed the second bank for our CBC and are in serious discussions with multiple FinTechs who are exploring multiple product launches.”

There are still challenges to the commercialisation of biometric cards and Turki acknowledges this, “Scalability and manufacturing of cards with complex components remains challenging however with advances in the manufacturing process these challenges will be overcome”.

Cellular biometric cards are following the wake of the success of standard dual-interface biometric cards and Turki suggests that “the first cards, purely online banking cards” will be available “by the end of Q4 this year” with the “prototype ISO compliant credit cards showcased at MWC 2020” with “commercial launches expected by end of Q4 2020.”

I would like to thank IDEX Biometrics, Precise Biometric and Riot Micro for their contribution to this article. All three companies will be involved in the Goode Intelligence organised Biometric Summit London 2019 and will be on-hand to answer any questions that you may have on the next evolution of payment card technology.

To register for this event please follow this link.

Thank you. Alan Goode, CEO and Chief Analyst, Goode Intelligence.

 

[i] https://www.rbs.com/rbs/news/2019/10/natwest-first-uk-bank-to-unveil-biometric-credit-card.html

[ii] https://www.goodeintelligence.com/report/biometrics-for-payments-market-technology-analysis-adoption-strategies-and-forecasts-2018-2023/

Verified Digital Identity – Key Applications Driving Growth and Adoption

By | Blog | No Comments

Verified digital identity provides a method to effectively and securely identify people and enable them to perform both offline and online tasks in a safe and secure manner.  The following definition is the one I use for verified digital identity, and adopted most recently in our white paper “Verified Digital Identity – Key Applications Driving Growth and Adoption”: “A digital identity that is issued by an identity issuer or provider who has a high level of assurance of the authenticity of the individual requesting the identity credential. The issued credential can be used in high-assurance applications/use cases.”

Currently, we have a pretty messy situation with global variations in terms of adoption and a mixture of government and commercially led digital identity schemes that heavily rely on paper (documents) and card-based identity as the anchor point for identity verification.

There is little interoperability between these schemes and many of them have been designed to support a single application; travel, access to bank services or permission to drive a vehicle for instance.

There are signs that improvements are being made with a real willingness for stakeholders, both government and commercial, to fix the digital identity problem.

In a recent Goode Intelligence market analyst report, The Digital Identity Report – The Global Opportunities for Verified Citizen & Consumer Digital ID; Market & Technology Analysis, Adoption Strategies and Forecasts 2020-2025 Identity Verification, a number of key applications that are enabled by verified digital identity were identified including:

  1. Identity Verification
    1. Supporting remote customer onboarding
  2. Access to eGovernment services
    1. Providing a single digital identity to access cross-department digital government services including eVoting
  3. Assured Authentication
    1. When the digital identity is highly assured and issued after strong identity and document verification then it can be used for assured authentication
  4. Digital Travel
    1. Mobile driving licences (mDL)
    2. Kerb-to-Gate airport
  5. Age Verification
    1. Offline – used in bars and clubs instead of a paper document
    2. Online – used to ensure access to adult (age restricted) digital content and services is upheld
  6. Digital Signature
    1. Supporting smart contracts

If you are interested in learning more, I’ll be presenting the findings of our latest research into digital identity, including identity and document verification, at Identity Summit London 2020 on 30 January 2020. I hope I will see you there.

Alan