The Money 20/20 conference and exhibition in Las Vegas this year was a first for me. The physical floor space, the number of speakers (500 we were told) and the diversity of the streams were so vast that it made all the numerous payment industry conferences I attended for the past 20 years seem like small gatherings in comparison. The first challenge was to identify the core sessions to attend over the next three and a half days, bearing in mind that there was often 10 minutes walking distance between the rooms when choosing consecutive sessions from different streams. As you might expect, this involved some trade-offs.
Better digital identity solutions required now!
I decided I needed to capture the latest thinking on some of the hot topics, which include digital identity, blockchain and open banking. On Sunday morning, Dave Birch (Consult Hyperion) chaired a very informative panel discussion on digital identity that included banks, innovative businesses and standards bodies (most notably the FIDO Alliance). Everyone agreed that today’s identity infrastructure is far too static and leverages things such as date of birth and mother’s maiden name. This type of information is commonly referred to as ‘know your customer’ (KYC). Because it’s often easily compromised, the consensus is that reliance on it needs to evolve.
For this particular reason Filip Verley (Airbnb) stated that his organisation has built a parallel trust infrastructure alongside the legacy bank/telco KYC solutions, and it is clear many others will follow this path. From the discussion it is evident that collaboration is fundamental to building a fully interoperable identity management solution that can be scaled and rolled out globally. This would require standards, and one of the leading candidate for said standards is FIDO.
We were informed FIDO is now going mainstream with native support in the latest operating systems for Windows 10 computers and Android mobile phones. This will help in the drive to move away from passwords and remove friction by requiring fewer steps to log into websites. Hopefully, this marks the beginning of true identity management solutions rather than the complex, fragmented set of user account management systems that we typically see today. Regulations such as GDPR in the European Union (EU) may accelerate such initiatives due to high breach penalties.
Blockchain to the rescue?
Unsurprisingly, blockchain was very visible on the agenda and in discussions on how it can support digital identity. One of the benefits is that it can be used to create an interoperable network where data can be easily shared around the world – so any hacks would be isolated to individuals rather than to the overall network. One immediate use case for banks is in simplifying their KYC implementation by avoiding multiple customer data instances caused by the legacy departmental or application silo approach.
There is no evidence that the early use cases for blockchain in the payments ecosystem are trying to replace the four party model for credit and debit card payments, but the same banks and processors that participate there could start to leverage blockchain for many of their back office infrastructure. This certainly might help with some of the more stringent data privacy regulations.
Check back in for part two of my blog, slated to post tomorrow. In it, I discuss open banking and secure remote commerce. In the meantime, you can also check out Thales eSecurity’s financial services page or follow us on Twitter, LinkedIn and Facebook.
*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales eSecurity authored by Ian Hermon. Read the original post at: https://blog.thalesesecurity.com/2018/11/01/money20-20-usa-part-i-revolution-or-evolution/