Disruption or the Reality of Legacy

Often times people speak of disruption as this traumatic thing being imposed upon them, their industry or society. Yet, if we look under the covers disruption more than likely is all about a competitor, not locked into a legacy approach, approaching the market with different tools.

The world of payments, as so many others, have implemented technology then gone on to enhance or update multiple times. Each time, someone or some group of people, had to adapt therefore invest to keep up. More often than not, a community would decide to hold on to what they built, sometime ago, hoping no one tried to disrupt the status quo.

With payment the need to embrace more effective approaches parallels the robustness and frequency of transactions. It also parallels the desire of sellers to do business with anonymous buyers. A lack of trust and a need to reduce the amount of cash we carry drove, markets to promissory notes. These promissory notes further evolved, as trusted intermediaries entered the market and created more efficient methods of providing that guarantee of payment.

Not wanting to duplicate what is already written about the history of money and payments we can jump forward through the paper phase to where we are in North America: Cash, cards, some checks and electronic debits & credits.

If we look inside the evolution of legacy.  We find what we have, is a stumbling block, holding innovation back.  We need to decide to adapt what exists or remove and replace.

To connect or disconnect this is the quandry

Pymnts.com in conjunction with Visa published a study of the connectedness of the American population. While reading I wondered how they could identify 36% of our population as Super Connected Consumers. Thinking this profile might be people like myself. I began to wonder how could such a large percent of the population be so connected.

Reaching out to the publisher it became clear this report was well developed and the sample matched the citizen of this country. This led me to wonder about our connected world and how over 42 years I have gone from carrying a beeper to having thermostats, phones, watches, computers, Alexa, TVs, security systems and who knows what else connected somehow to that great network we once dreamed about.

Digital Identity and Multi-Factor Authentication, A Necessity in an Increasing Digital World

Last night November 8, 2018, Bryan Cave Leighton Paisner hosted the Atlanta Chapter of BayPay’s

Digital Identity and Multi-Factor Authentication,
A Necessity in an Increasing Digital World

The panel moderated by Philip Andreae, Principal at Philip Andreae & Associates included:

  • Clay Amerault, First Vice President, Digital Delivery Lead at SunTrust
  • Blair Cohen, Founder, Chief Evangelist & President at AuthenticID
  • Jennifer Singh, Innovation Specialist & Digital Identity Strategist at Thomson Reuters
  • John Dancu, CEO at IDology
  • Vivian van Zyl, Senior Product Architect at FIS

The panel focused on the need to address Digital Identity and Authentication with a clear focus on the user experience.  The discussion considered the balance between friction and security.  All of the panelist  articulating the demand for convenience.  The Audience questions which is it the desire, or is it the demand, of the American consumer.

All agreed, the key issue, as we move towards digital only relationships, is the challenge of Identity Proofing.  The panel also reminded the audience to layer various techniques in order to recognize the presence of the right user and the need to incorporate various fraud mitigation strategies to manage risk and assure identification.

Some of the participants asked if we should start educating the consumer and help them to understand the balance between a frictionless experience and one where a degree of friction is a symbol of how the enterprise (relying party) demonstrates its concern for the consumer’s data and responsibility to protect the consumers assets and identity attributes.

The question of centralize biometric databases versus distributed biometric databases, reminded people of the reality, our data, attributes and identity is already available on the Dark Web.  How we restore privacy and what will happen as the new GDPR regulations go into force in Europe, and as California moves to introduce its privacy legislation; requires each of us to  watch carefully and be part of the move to  restore the consumers’, OUR, right to the data that is us.

of Identity and Authentication in a Connected World of things.

Various engagement and conversations pull me into thinking about the realities and the necessities, of this emerging world of connected people, objects and thoughts.

Looking back, this topic has been part of my life since 1982 when I was first introduced to the concept of a smart card. At that time we spoke of using the smart card to securely configure a trading deck on Wall Street and in the City of London. The goal securely and automatically configure the voice, video and digital support a particular market trader.

In 1993 to when I was tasked to drive the development of EMV, we could have talked about the fact we were creating a means of secure digital identity. A trusted Identity document based on the trust that existed between the cardholder and the financial institution.

Instead We talked about:

  • Card Authentication “the CAM” now Data Authentication to assure the card was unique and genuine.
  • Cardholder Verification “the CVM” to verify the right user was presenting the card.
  • Card risk management to allow the issuer to support authorization in a offline world.
  • Should we include an electronic purse to support low value transactions?

Today the Debit card could easily be enabled as a secure means of digital identification, with the Financial Institution being the trusted party. Simply knowing the public key of the international or domestic debit card payment scheme allows the party reading the card will know the person was issued this card by that financial institution.

While we in financial services focused on our requirements, the telecom industry was working on the SIM & GSM specifications under ETSI leadership. They created another form of Secure Digital Identity. They focused on securing the identity of the communications channel and were less worried about making sure the right consumer was present, although there is the ability to allow the user to lock the SIM and now even the mobile phone.

2013 I had the opportunity to join the FIDO Board. Within that body, the objective was to separate the concept of identity from the act of authentication. It works from the premise that as digital relationships expanded, the use of passwords and PINs are becomes an issue. The FIDO Alliance also recognized that the only way to secure our digital world, like we secured payments and mobile communications was with the introduction of multi-factor authentication rooted in the belief that the first factor had to be “what You Have” a secure element / enclave, TEE, TPM … capable of generating and or storing secret (symmetric) and private (Asymmetric) keys unique to the object and more importantly unique to the relationship.

Clearly identity and authentication are essential to secure relationships. And, in a digital world, communication is the mechanism that connects people and things together.

Helping consumers manage their relationships assuring privacy is an interesting angle. If I am understanding your platform, at least at the level of the subscription for telecommunications services this you are helping to manage.

Anyway. Back to the pitch. I would like to see about scheduling another conversation and figure out if there is anything I can do to earn an income and create revenue for you.