The Evolution of Identity In a World of“Payment as a Feature”

“It is not the strongest, nor the most intelligent that survives. It is the one

that is most adaptable to change”

Darwin

Stoyan Kenderov, Intuit Inc.

Keynote

Business as usual?

What is changing

The scope of identity and its proxies are changing as we transact more and more of our business electronically and across borders

What has changed?The flow of knowledge amongst people and agents prior to the Internet and social networks.

We are on the verge of connected intelligence

Social networks are bringing people’s lives into the open

Mobile devices are adding more context and facilitating information activation

Lies spread fast

…and get caught fast

People are sharing activity streams online to shape their identities or earn

a benefit

Gen Y is INVESTING in their online identities

“I need your attention to feel

safe”

“I need my privacy to feel

safe”

The dichotomy of convenience vs. security in an app world

• 50+% do not use a password or PIN to lock their smartphone or tablet

• 44% who do not lock their mobile devices because “too cumbersome"

• 30% who do not lock their mobile devices “are not worried about the risk”• Only 33% percent make a point of logging into an application every time they use it.

• 66% try to leave applications perpetually logged in unless they are required by the application to log in every time

• 30% “often forget or mistype password on the small keyboard”

• 60% “wish there was an easier form of authentication for mobile applications”

Luckily the mobile phone industry has come to the rescue. Now all apps can be secured at once with our real identity….

Source: Confident Technologies

#hacked

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."

CCC, Germany

How secure are our challenge questions?

• What is your mother’s maiden name?

• In which city were you born

• Where did you go to school?

Its getting easier to impersonate and the bad guys are taking advantage

663,587,386 stolen records of personal information since 2005

How are we responding?

“The Best Payment System Is The One You Don’t Even Notice.”

• Trying to solve for speed and convenience and embedding payments as a feature in more and more apps

The holly grail:

#hacked

“Starbucks executives confirmed that the popular mobile payment app has been storing usernames, email addresses and passwords in clear text, which allows passwords and usernames to be extracted...”http://www.moneynews.com/Personal-Finance/Starbucks-app-hack-iOS/2014/01/17/id/547634#ixzz2vgUIqajd

“4.6 million usernames and phone numbers were exposed when Snapchat got hacked last month…”http://gigaom.com/2014/01/09/snapchat-says-sorry-for-getting-hacked-updates-app-with-phone-number-opt-out/

“Usernames, passwords, mailing addresses, e-mail addresses and phone numbers had been compromised by hackers, but no credit card information had been stolen…5.6 million people have pledged funding to 56,000 projects since its launch in 2009.”http://www.cnn.com/2014/02/15/us/kickstarter-site-hacked/

The real threat is: Password fatigue!We use the same password again and again…in 100’s of apps

How can we solve both security AND speed/convenience

Embrace the expanded notion of identity and

use it to protect customers

Individual device motion patterns as part of identity

Opt-in social data for challenge-response questions

• Who below is not a friend of yours?

• Which of the following songs do you miss hearing?

• Where did you not go in the last 7 days

Let It Go (by Frozen)All Of Me (by John Legend)Let her go (by Passenger)Team (by Lorde)

No Signboard Seafood RestaurantMellben SeafoodParadise Dynasty

126 (搵到食 ) Eating House

• Motion patterns of device in hand• Typing velocity for different bi-graphs and tri-graphs• Device fingerprinting• Using social data for a one-time “something you know”• Real-time machine learning techniques for slightest variations• Collective responsibility for fraud and privacy• Regulation that enables experimentation

A smarter toolkit

Conclusion• Gen Y is demanding convenience and payments as a feature in their applications.

• This in turn brings many new merchants into the payments market.

• Many of these merchants will not have the sophistication to deal with security and fraud.

• Our security toolkit is becoming obsolete all the time.

• The Internet is the new public record and has gradually extended the notion of identity.

• Young customers are far more willing to opt in their online identities and data in exchange for convenience and security.

• Our industry can adapt to the trend and deal with fraud while offering simplicity, convenience and security.

• We need to extend our protective umbrella of fraud prevention methods to those that need it.

• Public policy needs to evolve to allow for this innovation to occur.