banking and mobile identity
TRANSCRIPT
Vertical Solutions & Mobile Identity
David Andrzejek VP Vertical Solutions, Apigee
©2015 Apigee Corp. All Rights Reserved.
Not all your APIs have equal business impact
2
©2015 Apigee Corp. All Rights Reserved. 3
Accelerate your adoption of high business impact APIs
High business impact APIs
4
Unlock the most
critical data
Deliver high value use cases
Drive ecosystem adoption
Apigee API Accelerators
5
Open Banking Identity Health
Banking and Mobile Identity
Improving fraud detection & multi-factor authentication
David Pollington GSMA
Secure Authentication & Identification services delivered by the Mobile Network Operators
David Pollington, GSMA @ the Open Banking & PSD2 Summit, London, 19th May 2016
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
About the GSMA
The GSMA represents the interests of mobile operators worldwide Spanning more than 220 countries, the GSMA unites nearly 800 of the world’s mobile operators, as well as more than 230 companies in the broader mobile ecosystem.
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Online privacy and security is the biggest threat to sustainable digital growth
Personal Data – Mobile Connect 9
The Challenge
Digital services rely on username + password or social login to identify users
However • Hard to remember for users • Security and personal data breaches • Difficult to prove identity digitally Leads to abandoned log-ins and shopping carts and online fraud
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Hardware tokens tip the balance too far
1. Costly to deploy
2. Inconvenient for the user
• Poor user experience (copying the code across from the token)
• Necessity of carrying a different token per service
Personal Data – Mobile Connect 10
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Getting the balance right between convenience vs security is of paramount importance
Personal Data – Mobile Connect 11
Convenience
Security
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Solution: Authenticators intrinsic to the mobile phone & network
Personal Data – Mobile Connect 12
Something I Know
Something I Have
Something I Have +
Something I Know
Something I Have +
Something I Am
or or
Locally-verified
+
Adaptive authentication
Something I Have +
Something I Know +
Something I Am
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Mobile Connect: convenient alternative to passwords and protects consumers’ privacy
Personal Data – Mobile Connect 13
The key which unlocks access to online services
• Authentication and Identity from a Regulated Industry with strong KYC and privacy rules
• Backed by verified customer data
• Decades of experience in the secure management of their networks and their subscribers’ information
• Convenient and in your customer’s pocket
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
The global growth of Mobile Connect
Personal Data – Mobile Connect 14
Apr May Jun Jul Sep Oct Nov Dec Jan Feb Mar Aug 42m Australia
70m Bangladesh
85m Spain
178m
Peru Turkey Argentina
Mexico
622m
Indonesia Spain
China France
Italy
2Billion
Malaysia Bangladesh
Indonesia
Myanmar
Switzerland
Thailand
Philippines
Finland
China
Morocco
Egypt
Mexico
Pakistan
2.5Billion
Thailand
India
Sri Lanka
26m
Mobile Connect has grown at an exceptionally rapid pace, and is available today to more than
2.5bn mobile users
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Mobile Connect enables Operators to support a portfolio of services
Personal Data – Mobile Connect 15
Mobile Connect Authenticate
(LoA2)
Higher security authentication
(LoA3) Authorisation Identity Attributes
Authentication: authentication of an individual Authorisation: authorisation of an action Identity: verification of customer identity Attributes: provision of customer information
Provides a solution for PSD2
requirements around Strong Authentication
Mobile Connect Identity & Attribute products support KYC validation
and mitigate fraud
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Mitigating account takeover attacks
Problem statement:
• Verify that a user request to their bank to update MSISDN details is genuine
Solution:
• API call from Bank to Mobile Operator to verify a number of customer details
• Operator can also provide contextual information for Bank to use in spotting fraudulent behaviour
Personal Data – Mobile Connect 16
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA. Personal Data – Mobile Connect 17
Mitigating account takeover attacks
Contextual information for use in spotting fraudulent behaviour
Set of signals that can be used by a Bank to catch a multitude of fraud attack vectors thereby mitigating against bank account takeover attacks
• Stolen/lost phone
• SIM swap
• Device change
• Unconditional call divert set
• Account activity
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Mobile network operators are ideal partners to provide flexible, secure authentication & identity services
Personal Data – Mobile Connect 18
• Regulated Industry: Mobile Operators adhere to strong KYC and privacy rules
• Possess verified customer data
• Decades of experience in the secure management of their networks and their subscribers’ information
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
API documentation & sandbox: https://developer.mobileconnect.io
Personal Data – Mobile Connect 19
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA
If you would like more information, please contact GSMA via [email protected] GSMA London Office T +44 (0) 20 7356 0600 www.gsma.com/personaldata Follow the GSMA on Twitter: @GSMA
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Decoupled architecture; consistency towards SP (single API); utilisation of open standards (OpenID Connect)
Personal Data – Mobile Connect 21
MNO
Tablet/desktop
Serviceaccessrequest
Service Provider
Authenticationrequest
IdentityGW
SIMappletprotocol (CPAS8)
AuthNserver
SIMapplet
Consistent user
experience
Consistent SP experience
SIM applet Smartphone
appSMS+URL USSD
Builds on Web standard OAuth 2.0
ETSITS102204
Thank You