The Face of Travel Today: Smart Airports, Biometrics, ePassports and Defining a Secure Identity Token


This past year, there has been a surge of activity across the travel continuum trying to enhance traveler facilitation and engagement, while at the same time implementing stronger identity assurance and security measures.  In fact, over the next three years, 77% of airports and 71% of airlines are planning major programs or R&D in biometric ID management to smooth curb-to-gate passenger flow. While Dubai has plans for a biometric tunnel – Government, industry, and aviation partners have been pushing for technologies that will allow travelers to move throughout the travel continuum (booking – airport check-in – baggage drop – security screening – airport vendor services – boarding – arrival – customs – hotel check-in – return trip) without the need for the presentation of an identity document.  Many of the solutions being considered in proof of concept demonstrations involve the use of biometrics in combination with a derivation of the traveler data from an e-passport; some of these populate and protect the token within a secure container on a mobile device.  The traveler simply presents the token at the start of their journey to prime the continuum with their identity and travel authorization data. After that first encounter, all subsequent identity validation processes will be satisfied through facial recognition matching of the traveler at various points. The end goal has been to establish a biometrically-enabled, securely vetted, traveler-controlled, identity assertion token that can facilitate traveler interactions throughout the travel continuum.

The Current Situation

All the partners see the value of such a frictionless approach.  They also agree that the identity proofing, and secure token generation/enrollment processes on the front end are critical to the mitigation of the risks that these new techniques introduce to the well-established security controls that are currently in place.  To that end, international standards for the security controls and interoperable data format are being developed to allow the e-passport data to be presented as a “Digital Travel Credential (DTC)” or identity assertion token, that is derived from the authoritative data.  These controls ensure that the DTC can be authenticated with the same level of assurance as the source e-passport document.

Several token enrollment/delivery models have also been reviewed, and some have been implemented in both vendor-specific technologies and other self-sovereign identity solutions.  One model has the government providing and maintaining the DTC, with the traveler contacting the government whenever they were going to travel to have the DTC published to the travel continuum directly by the government.  In another model, the government securely provides the traveler with the DTC when they receive their e-passport document, and the traveler then controls when the token is used and who can access the data.  A third option directly derives the data from the e-passport during an enrollment of the token into the travel continuum.  As this may be a traveler self-service enrollment, or possibly an enrollment at an airline counter, the enrollment must incorporate the performance of the ICAO required Passive Authentication (PA) process to ensure the authenticity of the source document, as well as its cryptographic binding to the traveler.

While the enrollment and backend processing capabilities vary, both government and industry capabilities are being deployed today to support this biometric facilitation concept.  The US Department of Homeland Security (DHS) has been investing in the establishment of biometric capture and assessment capabilities with its Homeland Advanced Recognition Technology (HART) suite which includes a multi-modal biometrics database and supporting services.  Identity proofing vendors across the industry have also established biometric-only, facilitation capabilities that are currently being deployed both domestically and internationally.  CLEAR provides a biometric alternative for security screening at airports and event facilities, while Vision-Box has implemented biometric border control and traveler facilitation (entry/exit) kiosks in several countries.

The Challenge & The Future

The challenge at hand is harmonizing these capabilities across an interoperable fabric that can leverage the standards-based DTC data format, as well as any proprietary formats being used within leading edge deployments; and that can be incorporated into existing commercial, government, and/or public/private partnership initiatives.  This fabric will ensure the interoperable delivery of the identity token across the travel continuum in support of reliable party systems and programs, such as:

  • CBP Entry/Exit Tracking
  • European Entry–Exit System (EES)
  • European Travel Information and Authorization System (ETIAS)
  • SITA iBorders Border Automation
  • IATA One Identity
  • Trusted Traveler Programs, including NEXUS, SENTRI, Global Entry


All these efforts can benefit from and would be enhanced by an investment in the connecting fabric that allows the individual capabilities of each to be extended and leveraged in support of the biometrics-only facilitation of the traveler.

The required security controls related to the underlying identity proofing, token generation, and token transit processes have been defined.  Interoperability across the travel continuum can be supported by standards-based interfaces between the entities.

The day that a traveler can show up at an airport and board a plane without providing anything other than a biometric is coming soon.



Meet us at upcoming events such as ICAO or NAPHSIS




Industry Experts Declare Identity is Broken: A Discussion on Innovation in Identity

Last week in NYC, OWI hosted a panel discussion with BioCatch, InfoMart, Ipsidy, PTB Ventures and Uniken on Innovation in Identity.


Identity is Broken

The first question was, is identity broken? The answer was a unanimous yes. No one disagreed on that; rather the discourse was around what to do about it as global citizens and businesses.

We are all aware of high profile data breaches and the seemingly endless news of personal data being compromised. A popular view was that this is happening because of the many layers that we currently have around establishing identity. Entities tend to glue a lot of pieces together to verify an identity including passwords, devices, ID’s, biometrics and such.

Beyond the layers or pieces, you have other variables to consider. Take payments as an example. You have consumers, employees and multiple device types as variables. All of these must be considered and accounted for in a verification solution, and all agree that humans are the weakest link.

The view was that these layers are what make systems vulnerable and allow hackers to win, and what is missing is a complete identity verification solution that puts the pieces together wholly from the start, say at customer onboarding. The overwhelming majority of fraud is in the onboarding step and can be avoided with sufficient solutions. However, the identity must then be continually verified.

Further evidence to how pervasive the identity problem is, top carriers from the TelCo industry are joining together for Project Verify in which AT&T, Sprint, T-Mobile, and Verizon promise a solution to change identity management and security, replacing passwords with more secure, device-based, multi-factor authentication.


Trends in ID Verification Solutions

Most agreed that biometrics and Artificial Intelligence (AI) are key moving forward. Research group Goode Intelligence has projected that over 580 million bank customers will use cloud-based biometrics by 2020.

One trend is focusing on behavioral biometrics, which may lead to better solutions. This includes obvious things like keystrokes and device use/habits, but can also tap into subconscious behavior. This is one way to beat sophisticated hackers.

Biometrics will also continue to play a big role in the US Army Intelligence with Biometrics Enabled Intelligence (BEI) and in border and access control with continued terrorist threats. With 1.8 billion international arrivals expected worldwide in 2030, identity management is going to become even more complex because not all countries, government agencies, airports and airlines are at the same level of technological maturity.

Other trends included a focus on establishing trusted devices that are tied to identities, creating one single, strong login vs. multiple logins across accounts, mutual authentication – between businesses & consumers – and blockchain.


The US vs. the Rest of the World

Identity verification solutions vary greatly depending on the region. There are socioeconomics, governing systems and adoption rates to consider. In the US for example, there is not a strong identification background. There is a need to redefine this and build a stronger infrastructure. South America was mentioned as an example where identity is linked straight to the government database. Another example was the Bank ID program in Sweden. A consortium of trusted banks downloaded tokens on consumers’ computers and they use the bank ID system for activities such as voting.

Most felt that the emergence of technology will develop and be adopted outside of the US and migrate back. We are seeing many countries adopt verification technology around voting, airports/travel and payments like China’s Alipay and WeChat Pay.


What is the Solution?

Everyone recognizes there is problem with identity verification today. All industries will be looking to solve it and claim that they are “the platform.” It really depends on use case and industry to get a best of breed solution. There is no perfect solution out there.

The concept of a trusted Self Sovereign Identity (SSI) platform was discussed. Is this the answer? Not all agreed. The idea was that with SSI, consumers can present claims that are true to other people without having to go through a third party. Individuals would control what personal data they share, how and with whom. Advantages include enhancing privacy, economic benefits and decentralization.

All agreed that the private sector will drive the solutions and be led by the financial sector, as they have the most to gain and the most to lose.

It was also agreed that at the end of the day consumers want anywhere, anytime capability and convenience. They don’t want security to be their concern in transactions they conduct and do not view this as their problem. Rather consumers want the institution or business they are transacting with to deal with and solve it. Abandonment rates today are as high as 40%; if people can’t do it fast, they are on to the next. There are simply too many choices in every industry and a good experience is key. The bottom line is consumers will avoid friction – but at what cost?



Talk to a specialist about Identity Verification Solutions




Will Biometrics Help Solve the Digital Identity Crisis?

The increase of high-profile data breaches and the evolving sophistication of hackers has shifted consumer perceptions and expectations around trust and identity verification. The identity verification process, once considered a behind-the-scenes step, is now being used by organizations as a differentiator to showcase the importance being placed on protecting customer PII.

But even with growing security concerns, consumers still expect an efficient and frictionless experience during onboarding and day-to-day transactions. As such, biometric technology has quickly become a popular method for authenticating users due to its efficacy, accuracy and convenience.

Biometrics such as facial recognition and fingerprint technology promise to improve the identity proofing process, binding a person to who they claim to be. Customers and users are finding biometrics much more convenient than passwords, paperwork, or online transaction and registration forms. Biometric verification can be used as a layer to strengthen and improve processes for on premise and for mobile or cloud-based services for initial onboarding/account opening, and as a standalone method for ongoing validation after one’s identity has been established.

Organizations are looking for a better method to authenticate users with high fraud prevention. This is especially true given an increasingly digital economy where the trend is towards conducting remote transactions on a mobile device. A new report from Juniper Research predicts that the biggest shift in mobile payment security will be the move towards software-based methods. It predicts that built-in biometrics (such as that offered by voice or facial recognition) will authenticate 1.5B mobile payments by 2023.

However, mainstreaming biometrics faces a variety of challenges. While it is expected that 67% of people worldwide will own smartphones by 2019, data privacy and user acceptance remain the key barriers to adoption. To overcome this, organizations across all industries must invest in appropriate data security mechanisms to protect biometrics data and focus on balancing security with a good user experience. Solutions should be easily adoptable and include familiar behaviors, such as taking selfies for facial recognition and utilizing fingerprints.

As more end-users grow comfortable with verification methods such as iris scanning or facial recognition software, we’ll see biometrics adopted at greater rates across all industries. In particular, airports are beginning to adopt biometrics for easy board gating and to support immigration and emigration border processes. And it’s working — just last month, a newly introduced facial recognition system helped catch an impostor at Dulles International. A 26-year-old man traveling from Brazil with a French passport was flagged by the airport’s facial recognition technology, which was put in place just three days ago. Upon a secondary check, he was found to be from the Republic of Congo and impersonating the man whose picture was in his passport.

Consumers want to feel secure and expect businesses to protect their information, but they still expect their transactions and onboarding to happen in a fast, convenient and effortless way. Similarly, companies need to approve more legitimate customers and ensure their trust, while defending their systems from fraud.



security white paper cta

Five Identity Proofing Trends in Identity and Access Management for 2018


The days of auto-filling your personal information in exchange for “free” access, content and offers are limited. People generally don’t think twice about providing personal information in exchange for what they want quickly, but that is beginning to change as cases of personal data being misused and even breaches on major platforms increase (see Facebook).

The issue of regulations around Personally Identifiable Information (PII) is coming to a head. Self Sovereign Identity (SSI), the concept that people and businesses can store their own identity data on their own devices and provide it efficiently to those who need to validate it, without relying on a central repository of identity data, and what that should mean is paramount in the digital age. The idea of owning your own data and consenting to its use may have seemed impossible just a few years ago. However, European courts gave someone the right to be forgotten and scrubbed from Google search results in 2014 and Google says it has received more than 650,000 requests to remove certain websites from its search results since.

Identity and Access Management (IAM) is moving toward fewer instances of storing personal data and more toward scenarios where information is requested as needed to process services.

As businesses look for ways to streamline and secure digital transactions, here are some of the top IAM trends:


People Will Own Their Data

Due to GDPR and other similar laws going into effect, more and more digital interactions will rely on individuals giving consent for their data to be used. This practicality has birthed the concept of Self Sovereign Identity (SSI) where a person holds and controls all of their own data, including biometrics. This concept could,  and has already in some countries , give way to passport-less travel, where an individual’s biometrics will be used to access all the information needed for border control.


Biometric Authentication Will Go Mainstream

Biometrics is not just a novel way to unlock your iPhone anymore. Expect to see more mainstream adaptations of biometric authentication as leaders in IT fear digital threats will continue to increase. Access control, in particular, is moving from access cards to biometrics with gait recognition being the technology that is gaining popularity for high-security areas.


More Industries Will Invest in Blockchain

The future of using cryptocurrency such as bitcoin for everyday transactions remains to be seen. However, companies like Mastercard are utilizing blockchain technology to reduce fraud and credit card skimming. Mastercard plans to roll out its investment into blockchain technology – the company is the largest holder of blockchain-related patents in the world.

In addition to the finance industry investing in blockchain, healthcare is another industry that is highly concerned with secure yet more streamlined documentation. Ideally, healthcare records would be complete and travel with the patient regardless of doctor or insurance changes. This is still a working concept as the records are stored in many different systems, which have resulted in many recent high-profile data breaches.


Artificial Intelligence Will Improve Security

Currently, Artificial Intelligence is powering identity solutions by learning from millions of transactions and documents to spot anomalies. This is a powerful tool to help combat fraud. Industry leaders envision a future where AI can monitor computer sessions to identify if a real person is conducting a transaction or if a session is abnormal or the result of a breach. Rather than checking against credentials, AI could use a combination of biometrics and user behavior to figure out whether that person poses a risk to security. AI learning the identity of users and their habits dynamically is still a future technology but is one that shows a lot of promise.


Investments in building identity solutions for your business need to include both proven experience as well as groundbreaking innovations. Acuant is proud to be one of the four providers of Identity Proofing Solutions named IDC Innovators, offering the combination of physical document and biometric authentication through human assisted machine learning.



Beyond Machine Learning

Buzz from the Know Identity Conference 2018

The 2nd annual Know Identity Conference just took place in Washington DC and Acuant was in attendance to catch this year’s buzzworthy topics. A major one was how firms will establish consumer identity especially in the digital world and how/when most consumers would use digital identity.  Enter SSI. The industry has unified around the term self-sovereign identity (SSI) to represent both the digital identity credential and the right for the consumer to control access to it and who gets what portion of their identity.


So how do we test whether digital identity is ready for the consumer mainstream? One line of thought by David Birch of Consult Hyperion, was that by taking care of 3 audiences of online consumers (the 3 W’s), that would be enough to ensure the right amount of protection to make business transactions secure. The 3 W’s are witness protection, whistle blowers and people who browse explicit material (wankers in his informal British prose). If digital identities allow the 3 W’s to browse anonymously and protect their transactions, then we can all have an appropriate level of security in the digital world.


Scott Galloway, a professor at NYU Stern School of Business, worries about the ever-increasing control of personal information in the digital world by four companies: Google, Facebook, Amazon and Apple.  He calls these firms the brain, heart, stomach and libido of the digital world.  These four companies each create more revenue each year than the GDP of all other nations except USA, China, Japan and Germany.  Scott argued these companies are already monopolies and innovation could gather renewed energy if these companies were broken into smaller entities, further pondering that they may have just too much information about individual consumers. In the backdrop of the recent Facebook debacle and the pending European GDPR laws, protection of consumer information was at the forefront of many conversations.


The General Data Protection Regulation (GDPR) goes live May 2018.  The hardest part of compliance with this new regulation mentioned by many of the panelists, is compliance with the laws mandating the right for a consumer to be “forgotten” by any company.  With the size and breadth of systems in many companies, the right to erasure of a consumer may prove a daunting task. The days of selling consumer contact lists will be over in the EU come May and the UK is currently racing down the path to adopt similar laws as GDPR by the end of 2018.


Biometrics and its various forms was also highly visible at the conference.  Most sessions and panels discussed biometrics whether it was facial recognition, iris, fingerprint or voice as the natural next step in security. Most experts suggested a multi-modal approach to biometrics (more than one biometric) as there always needs to be a fallback when something does not work quite right. The fear factor of biometrics is much lower now and with adoption rates increasing we should all expect to see more usage across industries.


Lastly, there was a theme of hope as digital ID was seen as a solution to the unbanked and underrepresented for many parts of the world.  Many areas where government IDs are made available at birth (but other forms of identification are scarce, unreliable or inaccurate), could benefit from digital IDs backed by initial ID documents.  With Washington DC as a backdrop, new ways of proving identity with low friction, high confidence and mobility shined through.



security white paper cta

Digital Identity Authentication Provides Additional Security as Breaches Intensify

As large-scale data breaches continue to compromise personal information like login credentials and Social Security Numbers, companies have realized that they need to evolve their security methods over time in order to maintain consumer trust. In the past, many companies have solely relied on knowledge-based factors like birth dates and addresses to verify the identity of their customers.

The data breach at the IRS in 2015 proved that the answers to knowledge-based authentication questions can be deciphered by hackers. In addition, the recent massive data breach at a top consumer credit reporting agency showed consumers that their identities are at risk, and can be at risk for the rest of their lives. As a consequence, companies in various industries are steadily moving from physical to digital authentication.

Digital authentication through biometrics is gaining traction because it is harder for hackers to duplicate biometric features. Biometric authentication, such as our Acuant FRM, uses liveness detection to prevent criminals from using static images to break into devices. Facial recognition technology provides consumers with a more robust layer of security by making it more difficult for hackers to work around.

The convenience of facial recognition makes the technology appealing to consumers who frequently forget passwords or don’t want to carry around digital tokens. Facial recognition allows consumers to unlock their devices without memorizing long strings of characters. For forgetful consumers, the method of resetting a password is also a security risk. Organizations use secondary security questions like “What is your mother’s maiden name?” help consumers easily reset their passwords, but hackers can uncover the answers to these questions through social engineering and spear phishing.

Apple’s adoption of facial recognition technology reinforces our belief that consumers are looking for more secure ways to verify their identities and safeguard their devices. The new iPhone X allows consumers to use facial recognition to unlock their smartphones and verify their transactions on Apple Pay. Although a few Android devices also allow consumers to use facial recognition to unlock their devices, Apple’s adoption of facial recognition technology in the iPhone X demonstrates a significant step in the consumer adoption and acceptance of this novel technology.

In addition to biometrics, at Acuant we provide layers of authentication to enable trusted transactions that allow businesses to know who they are dealing with in a frictionless and customer friendly manner. It’s as simple as verifying that an ID is not fake, then verifying that the ID matches a real live person, all in one easy process that take less than 10 seconds and can be done from any location (via mobile devices or on-premise scanners).

As the industry pushes forward with the convergence of physical and digital IDs, Acuant continues to evolve our product line to stay at the forefront of these changes as evidenced by our latest acquisition of Ozone® PKI Authentication Solutions.


Contact us today to learn more about a solution for your business.

What We Learned at SDW 2017

SDW 2017, a conference for professionals involved in secure ID credentials and government-identity solutions, was last week in London and brought together top minds in the Identity Proofing Industry who all agreed that a trusted identity is the cornerstone of a trusted transaction. Key issues covered included identity fraud, document design, travel documents, smart borders, eID, the growing role biometrics, digital and mobile ID, smart citizens and the future of identity innovations, including the importance of machine learning.


Fraud Isn’t Going Away

The value of an identity isn’t decreasing; fraud will continue to become more sophisticated as security technology also improves. Physical credentials such as passports will soon have more design elements and production complexity to make forgeries more difficult to produce. However, making documents more difficult to forge also has the consequence of forgeries being harder to detect. In addition to upgrading the physical credential, other technologies to verify the identity, such as biometrics, will become increasingly important.


More Countries will use Biometrics at Borders

Many countries have been experimenting with biometrics for border control, and the use of finger print or facial recognition will continue to expand. The TSA is now rolling out a pilot program for finger print scanning for PreCheck customers. Dulles and Atlanta airports have also been experimenting with facial recognition technology with the aim to have secure and frictionless experiences for those exiting the country. Expect to see more roll-out of biometric technology the next time you travel outside the country.


Machines and Humans will Coexist

As both ID documents and forgeries become more sophisticated, it is necessary to augment the abilities of an experienced border guard with the computing power of machine learning. Automation is a key to frictionless document authentication and verification, but the need for humans and machines to work side-by-side to catch forgeries is key – there are elements that computers can be taught to spot in an instant, while there are knowledge and experienced-based situations that humans can better address. To learn more about the benefits of machine learning for ID Proofing, read the whitepaper: Beyond Machine Learning.


Experts are still Figuring out the Standard for Trust

A recurring theme of the conference was the importance of trust being the cornerstone of identity, and a trusted identity being the cornerstone of a trusted transaction. The idea of sharing trusted identities for travel, government and other purposes across common use cases was discussed from a variety of perspectives. Some technologies being discussed in this space include Blockchain, which was also a big topic that was covered in a previous blog about the K(NO)W Conference.


2017 is looking to be a crucial year for businesses to secure their ID-based transactions. The first step is to find a trusted and experienced ID Proofing Solutions Provider. Acuant emphasizes global experience across multiple industries, with ID verification, authentication, and biometric capabilities. Talk to an ID specialist in your industry today and learn how to protect your customers.


What We Learned at the K(NO)W Identity Conference: Part Two

B&B: Biometrics & Blockchain

We are back with more from the K(NO)W Conference and focusing on solutions that create trusted transactions. Digital identity is relatively new. Physical identity has been around for millions of years. We are really just starting to figure out how to build digital trust and what that means for different industries. There were certainly a fair share of buzzwords and solutions spoken of, but the B’s were front and center with Biometrics and Blockchain in the top slots (honorable mention to the Internet of Things).



Maxine Most, founding Principal of Acuity Market Intelligence, the definitive authority on global biometrics market development, stated that customer friction has resulted in 13 times more lost revenue than fraud. We are in a time when we can increase security and decrease friction, which should be the goal for every transaction.  Biometrics allows companies to solve both friction and fraud. Born out of tech and the coolness factor, biometrics has cooled over time into a solution-oriented approach, especially in government. For a long time biometrics was about surveillance. Biometrics today is more about security, and the evolution of mobile devices has played a key role.

The stats cited by Maxine on the number of mobile devices that enable biometrics and the number of transactions that will be on occurring on them in 2020 is staggering- truly game changing. The global smartphone install base is set to grow 50 percent in the next four years to 6 billion devices totaling $355 billion in revenues. We were asked to think about all of the ways we use our mobile devices today and how dramatically that has changed over the past few years. Think of how often you make a phone call vs. the many routine uses that are now second nature. A lot of these uses likely include biometric authentication such as a fingerprint. Touch ID was a tipping point for the industry.

Biometric authentication is very passive compared to other authentication options. There is no fumbling around to find and capture a credential, no remembering crazy passwords or answers to annoying questions. If companies make it hard for people to do the things they want to do- they won’t do it. With biometrics, you must also consider giving consumers a choice otherwise it can seem creepy. For example, today at airports in Canada, travelers can opt for a retina scan to expedite the security process, rather than going thru the slow line. If it was mandatory, it would likely feel like a violation rather than a benefit. Having options at the device level where consumers control the choice also makes biometrics more adoptable and less creepy.

While there is a much broader acceptance of biometrics today, there is still a false perception that when you authenticate yourself one time you are protected throughout the transaction and future transactions with that entity. This is not the case; real threats go beyond just the login or one-time action. Verification must be continuous to truly safeguard those involved in the transaction.  For example, patients in hospitals, customers banking and even sharing economy apps- verification for use cases here should not be considered a one-time thing. The idea of the fabric of an identity of authentication was conveyed. If the same person is not repeatedly represented in an authentication process, the whole thing is destroyed. It was stated that the only way we can do this repeatedly, consistently and unquestionably is with biometrics- as opposed to something you know which is not sufficient anymore (passwords, KBA’s, etc.). This is the opinion of some.

But we know there is no such thing as a perfect solution. Companies must consider what fraudsters are doing today and innovate as they authenticate. One issue is liveness detection for images. Stealing images and passing them off for facial recognition will work if there is not a liveness detection test in the solution. To further layer on top of innate biometrics that could be stolen, the case was made for behavioral biometrics to protect users and data when it comes to mobile device spoofing, being tricked into downloading malware on your device and simply having your device stolen. Behavioral biometrics measure and track uniquely identifying patterns in human activities and range from tracking keystrokes and navigation, to location and device login frequency. This offers another way for consumers to be protected by being passive.



The other B word that was highly mentioned in addressing the question of establishing a trusted digital identity was blockchain. Maybe you know blockchain and are a big fan, maybe you thought it was thing of the past. Let’s start with the definition according to wiki: blockchain is a digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly. The first blockchain was then conceptualized by Satoshi Nakamoto in 2008 and implemented the following year as a core component of the digital currency bitcoin, where it serves as the public ledger for all transactions. The bitcoin design has been the inspiration for other applications.

Essentially blockchain keeps a record of transactions that cannot be manipulated and establishes decentralized and distributed trust. Blockchain was spoken of as more of a movement than a technology. This is largely due to the fact that, as speaker David Birch of Consult Hyperion put it, we have gone from not being able to tell if you are a dog on the internet to not being able to tell if you are a fridge pretending to be a dog. Maybe a tad dramatic, but maybe also too true – hello, catfishing.

Fraud has dramatically increased in recent years, and it is his belief is that it’s going to get worse because of the movement to make everything frictionless in payments and financial transactions. He stated that this is a hacker’s paradise- to make everything easy. One example is the fact that we still use SMS messages for security even though we know this is not secure. And thanks to the internet of things, we live in a world where we have kettles that are connected to Wi-Fi so that we can remotely operate them, where we have Bluetooth socks and Fitbits for dogs (unclear why but they are both allegedly amazing and in high demand). The dark side of this to consider is that all of this connectivity leaves us vulnerable and more open to attacks. But, as David says…there’s blockchain. Bitcoin is a remarkable cryptographic achievement and the ability to create something not duplicable in the digital world has enormous value. TBD on the future of blockchain but it says something that almost every major financial institution in the world is doing blockchain research at the moment and 15% of banks are expected to be using blockchain in 2017.


Conclusion: Problems Aren’t Changing, They Just Look Different

When it comes to tech solutions for authentication, in a lot of ways we are still at step one. If institutions want to scale, it has to be easy – take the human out of the equation whenever possible, but we are not there yet. There is still too much room for human error and institutions and providers are figuring out how to adapt solutions for different environments.

In a room of hundreds of identity professionals, less than 10% confirmed using a crypto key to protect their personal email when we know we are at risk. Consumers will always choose the path of least resistance. Users have to clearly see the value. There are no silver bullets or absolutes. Institutions must consider the use case and the best solution, identifying a point where the authentication meets the level of trust required and addresses the level of risk associated.


Learn more about Acuant's special offer for K(NO)W