The Australia government is seeking the green light to create a digital passport for workers who can exchange their verifiable career credentials with potential employees.
In proposed plans, career documents will be turned into verifiable digital ID credentials on a platform similar to Medicare app. With $9.1 million in public funding supporting the initiative – also dubbed a digital ID platform – job seekers will be able to present or send their resume and career documents as immutable credentials.
A paper, published by Treasurer Jim Chalmers on Monday, will confirm if the government intends to put proposed plans into action and seek approval for a digital skills passport between industry, unions and tertiary institutions.
The scope of which credentials will be integrated, design and function is yet to be decided. With more people up-skilling themselves by gaining new qualifications, lining up multiple job offers or changing careers, the skills passport mimics a digital ID to help employers identify highly-skilled workers during the hiring process.
The GSA Equity Study on Remote identity Proofing makes a call for citizen participants in agreement with criticism of current methods of identity verification falling short of enabling equitable access for everyone.
The survey condemns inadequate identity-proofing technologies across government onboarding procedures when accessing these services and benefits. The GSA states that government services are failing to verify users and promote unhealthy bias in civic tech design that impacts user experiences for underserved communities. This makes it impossible for certain groups of people to access the services they need.
Whilst companies are eager to share their technologies, not all prove their worth as solutions to solve government identity-related challenges, verifying the genuine and legitimate human presence over a false entity.
While cybersecurity is a high priority for most governments nowadays, forthcoming with protecting their citizens’ data rights, citizens are still on the receiving end of disappointing attempts to verify their identities.
A open forum for all citizens’ views that hold a social security number (SSN), the survey will seek to understand how different methods to verify identities can improve this issue.
The GSA study conveys that remote identity-based verification should validate a user is who they claim to be by using readily available technologies like smart phones, blockchain and government issued digital documents to make the process secure and friction-less.
Moreover, to test performing identity proofing, participants will need to provide a ‘selfie’ photo as well as their photograph on a government-issued ID.
The survey makes clear that identity challenges including bias can affect people from diverse backgrounds.
The results and statistics from the study are expected to be published with peer-review in 2024.
As the digital landscape evolves, the ever-growing threats of deep fakes and synthetic identity fraud demand innovative solutions. Innovatrics, a global leader in biometric technology, is proud to introduce its Video Injection Attack Detection technology, a pivotal advancement in the ongoing battle against identity fraud.
According to an ID Analytics study, synthetic identity fraud constitutes a staggering 80-85% of all identity fraud, with the volume of incidents surging by 132% in 2022. Furthermore, the incidence of deepfake fraud in North America more than doubled from 2022 to Q1 2023. These alarming statistics underscore the urgent need for robust measures to protect individuals and organizations from these fraudulent activities.
“In response to this growing threat, Innovatrics’ Video Injection Attack Detection is an essential feature of our remote identity verification solution. Our state-of-the-art technology stack employs biometric face verification, comparing a user’s selfie with their ID portrait, while simultaneously ensuring liveness detection to confirm the user’s presence during the process,” explains Daniel Ferak, Innovatrics Business Unit Director. “Recognizing the rising use of video injection spoof attacks by fraudsters, Innovatrics’ advanced algorithms can now secure the camera used during identity verification, preventing video injection spoofs and man-in-the-middle attacks, “ he adds.
The client-side capture component of the Video Injection Attack Detection system not only acquires video frames but also captures crucial camera details, encrypting the data for server-side evaluation. With the capability to differentiate genuine physical cameras from fraudulent video injections, integrators, service providers and end users can enhance security during remote identity verification processes.
Innovatrics will be showcasing its Video Injection Attack Detection at the upcoming Identity Week America 2023, set to take place on October 3-4 in Washington D.C. Don’t miss this opportunity to meet the Innovatrics team at booth no. 526 and take part in their engaging presentation tackling deepfakes prevention.
Separating subscribers from regular users, Elon Musk’s premium features for Twitter, also known as X, include hiding visibility of ‘likes’ on posts and verifying real IDs.
Twitter’s ‘blue tick’ is the typical icon for subscriber accounts on the platform, which has been undergoing a highly-publicised redesign during Musk’s time as CEO.
The CEO will differentiate services further for paid and non-paid users with these new features. Users can obtain ‘blue tick’ status on a $8-per-month subscription, exclusively for X Premium subscribers.
The number of ‘likes’ accumulated on all posts will usually show on the user’s feed, unless the option to “hide likes” has been activated in the Premium tab. Once this option is activated, posts that users have liked will not duplicate on other people’s feeds, which is usually an oversight of users because of Twitter’s algorithm.
The secondary new Twitter feature complies with enabling real ID verification, that adheres to ID standards, for X Premium subscribers.
Real ID standards, that will be enforced for traditional ID types across the U.S., widely refers to government or state-issued IDs having to comply with official standards for secure ID documents.
To verify a ‘blue tick’, users will need to upload a copy of an official form of real government ID, as well as a selfie to identify themselves.
Users can see if a profile is government ID verified by clicking on the blue tick, a measure Twitter says will increase users’ trust. However real ID verification is not available in the European Union, the European Economic Area, and the United Kingdom.
After the reaction to removing blue ticks caused X to reinstate them, the social platform last month also updated its policies to allow the collection of users’ biometric data and education history.
AU10TIX, a leading identity verification provider, verifies the government IDs and claims to delete images within 72 hours after the results have been processed.
Entertainment and media platforms, like Netflix, LinkedIn and OnlyFans, will be joining the ranks of an incredible line-up at Identity Week America 2023 (3-4 October). Don’t miss out on hearing about real ID requirements to verify staff and users/subscribers on these platforms.
Speakers include:
Sarah Handler, Senior Product Manager, Netflix
Julie Madhusoodanan, Director of Engineering and Product of the Corporate Identity team, LinkedIn
From May 7, 2025, state-issued ID and licence rules will be set to change for travel within the U.S. Travellers will be urged to check if their ID is valid and compliant with REAL ID regulations at their local state department of motor vehicles.
The countdown to REAL ID enforcement, as of today, stands at 592 days. Overseen by the Department of Homeland Security, REAlL ID readiness is about establishing minimal security standards for licence issuance and production and stopping federal agencies from accepting licences and identification cards that do not meet the Act’s standards.
Since 2013, the DHS has been working on a phased enforcement plan for REAL ID to align with the circulation of secure-only driver’s licences and identification documents, which it calls a “vital component of our national security framework”.
In accordance with the enforcement schedule, a key deadline is now being determined for 2025 where travellers who hold a state-issued ID or licence must adopt REAL ID measures.
On the DHS website, it says the REAL ID Act, passed by Congress in 2005, actioned recommendations following the events of 9/11 to set standards for the issuance of recognised ID, such as driving licences.
For domestic flights within the United States, driving licences are accepted over having to present a passport, but these familiar rules to Americans will change once REAL ID requirements are enforced in 2025. This news may leave some U.S. citizens flailing. What is the process for obtaining REAL ID?
The REAL ID is still an accepted standard for domestic travel and adopted by federal agencies, which is identified by the gold star emblem in the top right-hand corner of any driving licence or identification card.
Younger generations are less likely to be aware of what REAL ID is, but surveys suggested 78% have heard of the requirements for traditional IDs.
The deadline is pushing residents to visit their local DMV, with same-day REAL ID appointments made available by the New Jersey Motor Vehicle Commission.
Patch.com reported that 34,500 appointments will be open to local residents in New Jersey, as well as 24 MVC service centers offering the same across other states.
Pre- verification has also been introduced to speed up face-to-face appointments by verifying the resident’s identity and personal information before they visit a REAL ID centre. 13 REAL centres are open in Pennsylvania.
After the deadline has passed, the DHS, TSA and federal agencies will not accept forms of traditional identification that do not comply with REAL ID. Traditional ID includes, a passport, birth certificate or social security card, for example, that can be accepted by REAL ID standards because they have advanced integrated security technologies and features.
The changes will only apply to adults flying domestically, and the necessity to travel with a passport on international flights remains unchanged.
Non-Document Verification capability, enabled by OneID® , onboards end-users nearly instantly, via data from leading UK financial institutions.
Sumsub, the leading global full-cycle verification platform, is announcing the introduction of its Non-Document Verification solution in the UK. Customers across the fintech, crypto, ecommerce, online gaming and transportation industries, among others, can now onboard their users via official bank records securely with near-instant identity verification, while staying compliant with UK regulations. Non-Document Verification is also currently available in Nigeria, Brazil, Argentina, Indonesia, Ghana, Bangladesh, India and the Netherlands.
The solution is made possible through its strategic partnership with OneID, a UK Government-certified identity provider. Users are supported by OneID during their journey, ensuring compliance with personal data regulations. Sumsub is the first global firm to offer document-free verification services as part of a holistic compliance solution across the whole user journey. The offering signifies a pioneering approach to full-cycle user verification globally, while local providers do offer document-free verification in singular markets.
Through OneID, Sumsub can offer document-free verification for 95% of the adult population. The solution will facilitate customer identity verification via data from major institutions, including Barclays, Bank of Scotland, Chase, First Direct, Halifax, HSBC, Lloyds, MBNA, Monzo, Nationwide, NatWest, RBS, Santander, Starling, TSB, Ulster, and Virgin Money.
The Non-Document Verification solution offers a number of benefits for clients, redefining the user verification landscape. OneID enables Sumsub to provide lightning-fast verification in less than five seconds – far quicker than the industry’s average onboarding time of two minutes. The process will verify users without the need for them to upload pictures of identity documents.
During the onboarding process, users firstly select their bank and are directed to its page or app within the same session window. Once logged into their bank account, here they provide consent for personal data sharing, which is required for the verification. Finally, Sumsub instantly retrieves and verifies the required data, successfully onboarding the new customer without any documents.
Document-free verification leads to low drop-off and high conversion rates due to the seamless user experience. Furthermore, Sumsub simplifies the process with a user-friendly, code-free approach, allowing customer compliance teams to effortlessly adapt to diverse regulatory and country-specific needs via its Workflow Builder and Web software development kit (SDK) integration, removing the need for in-house developers. Sumsub enables its customers’ teams to build its solution into their own user flow, while incorporating their own corporate branding into the SDK and interface for end-users.
Andrew Sever, Co-founder and CEO of Sumsub explains: “We are pleased to be providing swift onboarding solutions for UK clients. The UK is one of the first European markets in our portfolio for Non-Document Verification, and we’re confident this will take the ID verification user experience to the next level. We are replacing complex authentication procedures for UK-based clients with a unique online banking log-in eliminating identity fraud, duplicate accounts and bot-based verification attempts”.
“We are dedicated to providing a secure, efficient, and seamless onboarding experience for users while empowering businesses to meet regulatory requirements effortlessly.”
“We are delighted that Sumsub has chosen us to be their partner to provide their document-free identity solution,” says Paula Sussex, CEO of OneID. “We are proud that we enable Sumsub to promise their customers a quick and easy experience that covers around 50 million individuals in the UK”.
Tony Petrov, Chief Legal Officer at Sumsub adds: “According to UK AML regulations, document-free solutions can be utilised, provided that they incorporate additional security measures. These are essential for establishing a connection between a user and their claimed identity, which has been independently verified by an external data source”.
“We ensure that the non-document verification process is secure from fraud and misuse and we can assure that users claiming a particular identity are in fact the person with that identity due to our advanced electronic identification technology.”
We’re delighted to announce the latest professionals from the financial industry joining the stage at Identity Week Asia 2023.
Vikrant Rana, SVP and Sales Lead, Global Payments, HSBC
Andrew Black, Managing Director, Australian Payments Plus
Linden Dawson, Customer Digital Identity Product Lead, National Australia Bank
Dipu KV, President of Head Operations and Customer Service, Bajaj Allianz Life Insurance Company Ltd
Sourabh Chitrachar, Regional Vice President/ Director- Asia Technology Strategy & Operations, Liberty Mutual Insurance
Igor Janicijevic, Principal Engineer, Digital Access Foundation, National Australia Bank
Hear from industry luminaries about protecting customer identity, to preventing fraud, safeguarding workforce identity and access management security architecture.
Don’t miss this exclusive opportunity to gain valuable knowledge and perspectives that will drive success in the fast-paced world of identity and finance in APAC.
The concept of HAND, founded by CEO Will Greth, understands the takeover of AI well. While causing controversy for actors, other areas of the entertainment industry have embraced AI for the revenue opportunities and to offer a show-stopping “experience” like the ABBA Voyage.
Public figures will increasingly demand digital twins linked to their legal identity, says Will Greth. In the future, the human and digital world will be intertwined, with real talent monetising themselves by licensing their digital twin.
The first keynote presentation on Day 1 at Identity Week America will introduce the arrival of the interoperable HAND (Human & Digital) Talent ID – the first global ID registry for notable legal, virtual, and fictional talent in performing arts & sports. In this interview, Will explains the talent identity provenance automation concept to our editor, Evie Kim Sing, which created a groundbreaking talent ID framework enabling reliable verification of real individuals, virtual counterparts, and fictional entities.
AI tools are used to create the Digital Twin likeness of the person used in commerce. Rights holders can register a “first use” with HAND as a related virtual talent instance or version of their real, legal person self.
In this interview we asked:
What aspects of innovation does HAND Identity offer?
Is data protection as important for virtual identities as it is for authenticating real people?
When founding the company or since, have you considered any precautions with this concept/technology to prevent it being misused across other sectors to verify false identities and fraudsters?
What industry challenges and themes will you address in your presentation at Identity Week?
Will Greth
“All qualified HAND Talent ID records must have multiple attestations of authenticity – based on linked-data citations, often manifest / demonstrated in the form of resolvable links to authoritative sources.”
Will Greth | Keynote Presentation | Identity Week America 2023
The presentation will discuss the need for the performing arts & sports industries to have interoperable identity standards, and for neutral, trusted 3rd parties to help provide 1st class Talent identifiers that have rigorous metadata attribution.
HAND is a member of 3 Metaverse Standards Forum groups (Oversight, the Standard Register, and the Privacy, Cybersecurity, and Identity working groups, and members of C2PA.org)
Standing between e-gate lanes at Helsinki airport, Mika Hansson, a Senior Advisor at the National Police Board, who played a key role in the DTC rollout, quips his journey to Montreal for ICAO TRIP has been made easier by using the DTC.
He shared the photo of himself to LinkedIn, adding he gave a presentation about the DTC pilot in Finland. The DTC has encapsulated major strides in digitalising the travel industry.
Finland is a decisive player in the digital travel credential experimentation, currently the first country pilot testing the digital pass (digipass) at Helsinki-Vantaa airport until February. The first journey to digitally verify a passenger using the DTC took place on September, 1 2023 from Helsinki to London.
The DTC pilot project will enable passengers on Finnair flights travelling to London, Edinburgh and Manchester to pass seamlessly through border control without queuing by sliding a traditional passport in to the chip reader which extracts the DTC information to allow entry.
Mika Hansson said: “While I knew it was an interesting topic, it wasn’t until the symposium that I realised just how hot of a topic it is!”.
The passport will remain in use while another example of digitalisation is accelerated for travel. Certain EU borders will be receptive to the digipass led by Finland and in partnership with Croatia, where more DTC pilots are planned for the end of September.
To submit a valid DTC application, passengers must verify their identity in-person at either Helsinki-Vantaa or Tikkurila police station, joining up law enforcement and border controls to monitor migration.
The FIN DTC Pilot digital travel document app can be downloaded on iPhone or Android devices as pragmatic testing takes place in a real border control environment. The DTC experimentation is expected to be the first of its kind in the world.
Finnish Border Guarda will still be physically deployed to check personal data from applications 36−4 hours in advance of departure. The UK border remains controlled by local authorities and passport procedures, so the passport must be carried on any return journeys to Helsinki Airport and currently only Helsinki Airport has stepped across to deploying the DTC.
Face recognition kiosks at Helsinki Airport when you leave and return from the country compare your facial photo with the DTC required photograph. The DTC is only available to adult Finnish passengers.
The Biden Administration has demonstrated over the last few years complete jurisdiction over AI regulation.
New AI policies will be another defining feature of Biden’s premiership, developed by the DHS Artificial Intelligence Task Force, to continue their commitment to managing boundless AI innovation with the associated risks. The government has initiated a directive towards the CBP around the use of facial recognition technology.
With the CBP and government’s interaction completely by design over technologies like AI and biometrics, the latest AI warning has led to the internal hiring of CBP’s First Chief Artificial Intelligence Officer. Confirmed to be Chief Information Officer (CIO) Eric Hysen, his role will promote AI innovation and safety within the Department, along with advising the Department leadership on AI issues.
The use of AI technologies is embedded within CBP operations including for passenger security screening to advance its missions – combatting fentanyl trafficking, strengthening supply chain security, countering child sexual exploitation, and protecting critical infrastructure.
Alejandro N. Mayorkas, Secretary of Homeland Security described artificial intelligence as a powerful tool that must be harnessed “effectively and responsibly” and balanced by proper regulation that holds the CBP accountable and allows Americans to decline undergoing face scans at airports and in other situations.
He added that the department is obliged to “keep pace with this rapidly evolving technology” and do so in a way that is “transparent and respectful of the privacy, civil rights, and civil liberties of everyone we serve”.
“I am grateful that Eric Hysen, who already co-chairs our Artificial Intelligence Task Force, has agreed to serve as our Department’s first Chief AI Officer, providing the leadership and experience necessary to harness AI’s enormous potential and ensure its responsible use across DHS.”.
No airport or travel process, however machine-led with artificial intelligence, should completely eliminate manual audits.
The policy statement 139-06establishes the foundation for DHS’s use of AI with a clear set of principles not to collect, use or disseminate data used in AI activities.
The rules will mandate human reviews and thorough testing of automated biometric systems and afford the right to opt-out of face recognition for non-law enforcement uses.
The whirlwind of Identity Week America 2023 will be kicking off in two weeks with all government and industry players in attendance across two packed days discussing the intersection between policies and technology innovations in identity management.
The event is a non-negotiable date in the calendar for anyone that works for a solution provider or organisation with strict objectives to increase the amount of identity technologies deployed across useful applications – such as in travel, financial services, public sector, and healthcare.
Over 3,000+ attendees have secured their ticket to fulfil two main priorities – to indulge in quality networking experiences and hear updates from the broader identity industry.
Our stellar speaker line-up alone shows the potential for future-defining partnerships to be established on the conference floor between top performing, accredited solution providers and global organisations upholding standards for identity and access management, security and compliance.
We will be matching executives from finance institutions and travel organisations, healthcare bodies and government to improve transparency, collaboration and convergence between individual identity endeavours.
Have you booked your ticket to watch these new sessions?
Foundations of Digital Identity
Vyjayanti Desai, Program Manager, Identification And Development, The World Bank
The World Bank is an international financial institution that provides funding and loans to governments for the purpose of pursuing capital projects, creating thriving economies, and enabling digital transformation.
This session will cover:
Foundations of digital identity
A key enabler of value creation for individuals and institutions
Digital inclusion, just and equitable access for all
What constitutes a good ID?
Dino Cataldo Dell’Accio, CIO, UN Joint Staff Pension Fund
Decentralised identity, encompassing user data ownership, privacy, consent to data, will be covered in a panel discussion featuring Dino Cataldo Dell’Accio as well as the Government Blockchain Association, NEC Security Systems, and the National Security Council – The White House.
Discussing the role of blockchain technology in decentralised identity solutions.
Technologies and Standards for Decentralised Identity use.
Dino Cataldo Dell’Accio is a CIO with significant experience in governing, managing, auditing, securing, and advising on information and communications technology (ICT) systems and operations supporting national and international civil, judicial, financial, and peacekeeping functions.
Digital Identity in Financial Services
Brian Russell, SVP – Head of Enterprise Platform for Identity Management and Authentication, U. S. Bank
The integration of digital identity within the financial services has accelerated Banking-as-a-service and customers having remote control over their finances. This session will assess the landscape of architecture that authenticates and securely onboards customers and the capabilities of fraudsters to disrupt strong customer-bank relationships.
Banking as a service;
Trust and governance
Opportunities for collaboration between fintech and identity service providers;
Impact of AI on the future of digital identity in financial services.
TECH5, an innovator in biometrics and digital identity management, will demonstrate its latest technology offerings during the Identity Week America exhibition, held in Walter E. Washington Convention Center, in Downtown Washington, D.C., USA, on October 3rd and 4th, 2023.
TECH5’s technology offerings include end-user applications for biometric capture, credential issuance and identification, a multimodal ABIS, and SDKs for both contactless face and fingerprint capture. At stand No. 218, TECH5 will showcase its innovations for contactless biometric capture and liveness detection using mobile devices, Digital ID issuance and verification, and its latest technology platform for law enforcement.
TECH5 USA, Inc. is headquartered in Troy, Michigan with locations in San Diego, California; the D.C. Beltway; Austin, Texas; and Canada. TECH5’s North American team includes industry veterans who have been involved in implementing and supporting a wide variety of use cases, including some of the first biometric solutions for law enforcement in the U.S., from Los Angeles County to the state of Arizona, as well as a number of other industry firsts with the U.S. federal government and governmental agencies in Canada and Mexico. The team’s collective innovation, depth of expertise, and breadth of experience have resulted in numerous awards and over 27 patents related to biometric technology.
TECH5’s target markets include Government and Private sectors with products powering Civil ID, Digital ID, Public Safety, and Law Enforcement and Authentication solutions that deliver identity assurance for various use cases. “In the U.S., we are focusing mostly on public safety, equipping law enforcement agencies across the country with some of the fastest technologies and platforms for multi-biometric matching, as well as software tools for quick and effective investigation.” – Rahul Parthe, Co-founder, Chairman and CTO at TECH5.
All technologies presented during the conference are available for TECH5’s certified partners and customers globally.
Phishing had become unmanageable for businesses long before the emergence of Large Language Models and generative AI. Now this cyberattack technique, already responsible for over 90% of data breaches, has been supercharged by a technology that makes it near-impossible to detect. The industry can no longer contend with fraudsters the way it has for nearly two decades. The advancement of generative AI calls for something more…advanced.
To provide some sense of the scale to the problem, the average company experiences 700 social engineering attacks per year – in which an average of 57 are aimed at the CEO. In 2022, we saw a 38% increase in the global volume of cyberattacks, reaching an all-time high in Q4 2022. In the past, many phishing attacks could be easily identified through poor grammar or localization, or through unrealistic schemes. But now that generative AI tools have hit the scene, bad actors have powerful assets to make phishing attacks far more convincing and scalable. In other words, an already monumental problem is getting bigger and, thanks to generative AI, it’s getting smarter too.
Generative AI has changed the security game
When used for good, technologies like ChatGPT have the potential to save businesses valuable time, money and labor, thanks to its content creation and language processing abilities. However, we increasingly see it being misused and weaponised to make phishing scams that much harder to detect.
While generative AI tools can be used by cyber criminals in their public release version, we have already seen ‘innovations’ result in tools like FraudGPT and WormGPT, which have been created and shared on the dark web explicitly for use in cyber crime. These tools jailbreak the official service so that it can be used for purposes that go far beyond the technology’s intended use and bypass any restrictions. In this case, it used to develop business email compromise (BEC) attacks by creating highly convincing phishing emails and even phishing websites.
In the past, it was possible to detect a large proportion of phishing emails or text messages using the eye-test. But now, poor spelling and grammar that normally arouse suspicion are effectively eliminated, and even awkward phrasing ironed out to make phishing messages more convincing. Not only that, but they can be carried out in almost any language desired. This means phishing attacks can and will increase exponentially – in volume, sophistication and overall efficacy.
AI experts often talk about the singularity, where AI surpasses human intelligence and control. While this remains a hypothetical scenario, we have arguably reached this point when it comes to identifying phishing and social engineering attacks. Fuelled by advancements in generative AI, it is now inevitable that a person within an organisation will at some stage inadvertently divulge their credentials as a result.
Some will argue that businesses can fight AI with AI, adopting software that claims to identify content written by generative AI. Even ignoring the mixed results these tools provide, this is a fundamentally flawed approach. Fighting AI with AI creates another round of the same game where success relies on detecting all, or at least a significant number, of phishing attacks. This will lead to an arms race, where phishing attacks and the technology behind them will adapt and become ever more sophisticated and harder to detect in response.
Why we need to rewrite the rulebook
The problem lies in the act of trying to detect phishing emails and social engineering. No amount of training or detection software will ever be a silver bullet. Businesses, and especially leaders responsible for cyber security, need to accept that they are playing the game on fraudsters’ terms, and to begin thinking about the problem differently.
Boiling it down to its basics, the primary reason fraudsters engage in social engineering is so they can get hold of people’s credentials – in order to then take over accounts, access sensitive resources and/or perpetrate further crimes. Typically, this sort of credential attack will involve a victim being sufficiently convinced to click a link to a seemingly legitimate website, and entering their user ID and password – an approach that worked on half of surveyed enterprises in 2022.
Now the fraudster is free to use these credentials on a range of accounts and in a range of scenarios to gain access to a business’ systems and ultimately extract money or data, or both. It is only by going back to the root of the problem that businesses can begin to rewrite the rules – by making credentials un-phishable in the first place.
How do we get there?
As a reminder, 74% of all breaches are caused by human error, privilege misuse, use of stolen credentials or social engineering – the vast majority of which take advantage of knowledge-based “secrets” such as passwords. By eliminating this very weak link in the corporate security chain, we can remove the possibility of fraudsters cashing-in should they succeed in duping somebody with an email or message. The good news is that technology is now available for users to authenticate themselves through simpler, yet stronger passwordless verification methods.
Passkeys are one example of this, using cryptography coupled with on-device biometrics or PINs that people already use to unlock their phone or other devices. The result is that with just a touch of a finger or a quick facial scan, users can log into their accounts safely and seamlessly – without fear of unwittingly handing over their credentials to scammers or through spoofed websites. Passkeys as a primary authentication method bring far greater security – and usability – than passwords.
For example, at an organisation that has adopted passkeys, should an employee follow a link to a fraudulent site they would not be able to enter a password because they simply don’t have one. It is also not possible for fraudsters to instead ask for their biometrics in an attempt to capture and use it, because the associated credentials remain hidden and secure on the employee’s device.
Device-bound passkeys, such as those found on hardware security keys from companies like Yubico, Google and many other vendors, can also function as an unphishable second factor on top of enterprise Single Sign-On platforms such as those from Okta, Duo and Ping identity. These SSO platforms enable other second factor options such as one-time passcodes sent through SMS or an authentication app; such options are stronger than a password alone, but are susceptible to social engineering – as was the case in last year’s 0ktapus attack. FIDO Security Keys, on the other hand, feature device-bound passkeys that are immune to such attacks.
The industry is putting its support behind passkeys, which are built upon open standards from the FIDO Alliance and W3C WebAuthn communities, having played a major role in helping develop the standards. Google recently announced that passkeys are now available for all its users to move away from passwords and two-step verification, as has Apple. Windows 10 and 11 have long supported device-bound passkeys in Windows Hello – and passkeys from iOS or Android devices can also be used to sign into sites in Chrome or Edge on Windows.
We must not let apathy reign: Inaction is Indefensible
Many security leaders understand the impact of phishing attacks fuelled by generative AI on their business, and may already be planning to guard against this. The solution won’t be found in technology alone – in fact, one may argue that this is as much of a communication and education challenge as it is a technical one. These security leads need to convince key people in their organisation that a threat as old as the internet itself has become business critical, and the game has changed to such a degree that the old tactics are woefully outdated.
Others will continue to prioritise other IT and security imperatives – perhaps assuming that there’s little they can do to outwit well-armed attackers. But such apathy should not be tolerated as it is entirely in one’s power to block the vast majority of credential attacks.
For companies that have not yet moved to eliminate passwords and other knowledge-based credentials for user authentication, not taking action now borders on negligence as the attacks are most certainly coming, and solutions to harden one’s enterprise are readily available. To continue using passwords or moving to a more secure technology like passkeys is a choice, afterall. And this choice will have major repercussions if not met head-on very soon.
Transmute has concluded participating in the U.S. Customs and Border Protection Steel Tech Demo, offering their supply chain data management software under the Silicon Valley Innovation Program.
The CBP is conducting a first interoperability standards test focusing on pipeline oil and steel supply chain data inputted into Transmute’s verifiable data platform. The platform, pathing the way for more secure and efficient global supply chains, was showcased at Identity Week America 2022.
A series of tests are expected in due course to establish whether supply chain technologies that promise innovation across CBP’s various data operations match efficiencies with interoperability standards between existing and new systems.
Late August witnessed a transformative showcase of Transmute’s Verifiable Data Platform (VDP) for enhancing trade security, regulatory compliance, and supply chain visibility, the press release stated.
Here’s a look back at our interview with Karyl Fowler, CEO of Transmute.
Karyl Fowler, a whole year on, commented on Transmute’s Verifiable Data Platform being the “culmination of nearly 4 years of work alongside US CBP” which “reaffirms the immense impact verifiable data technologies have in modernising and securing international trade transactions from product origins to the end consumer”.
“This test demonstrates how our Verifiable Data Platform (VDP) can seamlessly interoperate with existing systems and processes to not only meet regulatory requirements in near real time but also unlock new levels of operational efficiency and unprecedented supply chain visibility.”
The open standards technology used in the demonstration presented an efficient solution to issue, manage, and present critical trade documents rather than depending on physical documents that could be easily tampered with, having a ripple effect down the operation chain. Orchestrated by turning data into immutable, verifiable credentials, self-serving data protection. Data has an added layer of protection using decentralised identity technology.
Vincent Annunziato, CBP’s Business Transformation and Innovation Director added: “Global interoperability standards will help unify the approach to transparent supply chains within both the public and private sectors, streamlining communication and improving both security and facilitation”.
This revolutionary approach to changing data into verifiable credentials not only bolsters the security of global supply chains, but also automates compliance with the US CBP’s 21st Century Customs Modernisation and ACE 2.0 interoperability standards.
The CBP is committed in the 2024 tests – pertaining to the five Silicon Valley Innovation Program projects – to global interoperability standards and will test verification capabilities at the origin of transactions and credentials. Data transparency through visible supply chains will help to prevent low productions in pipeline oil, steel, natural gas, e-commerce, and food safety.
CANACERO, the group representing steel companies that hold a tender with the CBP, expressed their enthusiasm for the outcomes of the Tech Demo, saying:
“Our collaboration with Transmute and the US CBP has shed light on the future of trade documentation and compliance. By utilising cutting-edge solutions like VDP, we are not only safeguarding our supply chain but also paving the way for increased value chain visibility.”
The India Stack – a digital public infrastructure which combines a real-time unified Payments Interface – has transformed the lives of Indian citizens and led other countries to sign up for its digital public goods.
It stands on a pedestal because it unlocks economic infrastructure such as identification, data and payments, built on open APIs and digital public goods.
One of the foundational identity platforms that India Stack is built upon is the Modular Open Source Identity Platform (MOSIP), specifically engineered for countries that lack the home resources and funding to create their own national identity initiative. Open-source architecture integrating real-time payments infrastructure, a COVID vaccination platform and Health Stack proves its interoperability with integrations that meet the demand of the future.
Over a decade, the rollout has enabled government and the private sector to build verification capabilities and digital apps to allow safe transactions, payments and identity validation, with the most common digital biometric identity in India, known as Aadhaar, credited with enabling these services.
DPI is classed as an requirement for economies trying to lift out of extreme poverty by the Bill & Melinda Gates Foundation, which describes DPI as a “digital network that enables countries to safely and efficiently deliver economic opportunities and social services to all residents”.
Identity Week America 2023 is set to return on October 3-4, promising an unparalleled opportunity to explore the cutting-edge advancements in identity management.
Hosted at the Walter E. Washington Convention Center in DC, this dynamic platform will bring together 3,000+ global leaders, innovators, and professionals from various industries to discuss, collaborate, and shape the future of identity.
Key highlights of Identity Week America 2023:
250+ Industry-Leading Speakers: Identity Week America has assembled an impressive roster of industry experts, thought leaders, and innovators who will share their knowledge and insights through keynote presentations and panel discussions.
They include: United Nations, U.S. Customs and Border Protection, The White House, U.S. Payments Forum, OBIM, FBI, U.S. Secret Service, World Economic Forum, Air Canada, IATA, Netflix, Uber, R.B.C. Royal Bank, NIST, CBS Health, Delta, NEC, BNY Mellon, Unicef, U.S. Department of Homeland Security and many more!
In-Depth Discussions: Identity Week America 2023 will delve into critical issues such as identity technology, security, and compliance. Thought-provoking discussions will help attendees navigate the evolving landscape of identity management and provide practical insights and solutions they can implement in their organisations.
Exhibition: The event’s expansive exhibition hall with 250 exhibitors will showcase cutting-edge solutions, products, and services from leading companies in the identity industry. Attendees will have the opportunity to explore the latest innovations in biometrics, cybersecurity, authentication, AI and more.
Roundtables: Identity Week America will feature interactive roundtables and hands-on sessions, allowing participants to deepen their understanding of identity-related agendas and current uses of technologies.
Startup City: Discover 100+ promising startups and innovative solutions in the identity space through our Startup City, offering a glimpse into the future of identity technology.
Identity Week America 2023 is a must-attend event for professionals seeking to stay ahead in the rapidly evolving field of identity management. Whether you are involved in government, finance, healthcare, travel, technology, or any sector requiring secure and efficient identity solutions, this platform is designed to provide you with the knowledge and connections you need to succeed.
Registration is now open! Don’t miss your chance to be a part of Identity Week America 2023. For more information and to book your free ticket, please visit our website.
Unifying their approach to transparent supply chains, the U.S. Customs and Border Protection has initiated a first interoperability standards test to bolster the standard of communication between the private sector, government agencies and key stakeholders in the supply chain, while simultaneously allowing all to have control over choosing various technologies.
As America’s primary border control law enforcement agency, the CBP is involved again in the upcoming Identity Week America 2023 and will be a particularly outspoken voice on the first day on mobile digital identities. The event schedule includes two sessions exploring how we should increase collaborative use cases for mobile trusted digital identity for identity verification within CBP’s operations.
The CBP’s latest test focused on pipeline oil and steel supply chains, however, growing global interoperability standards will help support data and system interoperability as new technologies are developed combining with existing systems. This is the case for evolving machinery and security technology across most international aviation hubs, which are now deploying biometrics and mobile apps to store the passport holder’s information.
Modernisation efforts by the CBP look to be regulating the saturated tech market in keeping with innovation across the travel industry. The test of standards will ensure a joined-up approach exists to enable global interoperability of different software systems – old and new – working efficiently with each other.
Vincent Annunziato, CBP’s Business Transformation and Innovation Division Director had this statement to say:
“Interoperability standards will help unify the approach to transparent supply chains within both the public and private sectors, streamlining communication and improving both security and facilitation”.
“Our 2023 test (on pipeline oil and steel supply chains) created the possibility for more advancements. With bipartisan support, CBP will extend its commitment to global standards by testing its ability to verify the origin of transactions and issue credentials”.
Regardless of the specific supply chain, efficiencies guided by standards will remove the need for paper and create real-time data exchanges.
The modernisation strategy, which will encompass building a global interoperability standard in one area, has joined members of the Department of Homeland Security’s Science and Technology Directorate under the Silicon Valley Innovation Program to achieve these objectives. They include mesur.io, Neoflow and Transmute.
In the Australian government’s response to the roadmap for age verification, submitted by the e-Safety Commissioner in March 2023, their judgement of “immature” technologies that present privacy, security and enforcement risks outweighed sympathy that online pornography is very much harmful to children.
A study included in the report quoted that 44% of children between 9 and 16 years are exposed to pornographic content online.
Despite calls over several years for a hardline e-safety policy, the government denied that ‘age assurance’ technologies were at a sufficient standard to be made mandatory for porn websites and social media platforms, with millions of young users, to implement. The age verification solutions market is not currently deemed ready to meet the demand however industries are tackling the development of technologies.
In other regions, faith in biometrics and age verification solutions may vary, as by contrast, standard measurements of biometrics such as NIST testing has helped certify many solution providers allowing them to reach the marketplace with high assurance of bias mitigation.
The report and government’s decision not to use “evolving” age verification technologies suggests that biometrics still present bias and anti-privacy concerns which industries should be tackling. The government puts pressure on industries to protect citizens using their services, whilst the Albanese Government and UK are far more ahead than Australia in establishing an Online Safety Bill. eSafety Commissioner will threaten to enforce an industry standard if the codes developed by industry do not provide appropriate community safeguards.
On 1 June 2023, the eSafety Commissioner agreed to five of eight drafted codes by the industry
Across all TSA facilities on 1st June 2023, The Transportation Security Administration (TSA) recorded its highest ever passenger traffic being screened in a single day using TSA’s PreCheck or CLEAR.
The agency said on this particular day in June it screened over 2 million passengers at TSA facilities across the country, but the summer of 2023 in general has been typically busy with passengers back in the flow of routine travel passed the most intense 3 years of the pandemic.
The TSA’s passenger security operation was tested on Memorial Day and the Fourth of July holiday weekends which set new records for the number of people screened. The busiest periods at security checkpoints were between 5 a.m. to 11 a.m and 3 p.m. to 5 p.m, TSA stated.
Throughout the endless year for travel, the TSA is committed to delivering passenger screening in less than 30 minutes and through TSA PreCheck screening in less than 10 minutes. In addition, the TSA has optimised the efficiency of the screening operation with the agency’s specially trained canines in explosive detection and TSA officers deployed from the agency’s National Deployment Force. At Identity Week Europe 2023, the key emphasis of improvements to security operations within travel, advocated by the European Border and Coast Guard agency Frontex, was to retain the presence of border control officers on the ground and training for personnel.
Currently the type of screening available at SEA’s checkpoints includes TSA PreCheck® screening only at Checkpoint 1 and 4 and general screening lanes at lanes 2, 3, and 5.
More than 15 million people are enrolled onto TSA PreCheck which expedites easier security screening travel procedures.
Previously, children 12 and under have been permitted to use the TSA PreCheck lane when traveling with an eligible parent or guardian on the same itinerary. Effective immediately, teenagers aged 13-17 can now accompany TSA PreCheck enrolled parents or guardians through TSA PreCheck screening when traveling on the same reservation and when the TSA PreCheck indicator appears on the teen’s boarding pass.
With $1 billion of financing behind the introduction of Unique Personal Identifiers, also called “Maisha Numbers”, allocated by the Kenyan government, national ID cards will slowly be replaced by a planned move towards digital identity.
Issued to all younger Kenyan citizens, the Maisha card will have a lifespan for various needs throughout the individual’s lifetime, serving through education, mandatory tax duties and even as a death certificate, when the ID card will expire.
Last month Kenya geared up to the transition from its current identification system by signing a MoU, or Memorandum of Understanding, that confirmed the UNDP’s support of a transformative digital identity rollout across the country, offering technical and financial support in raising funding to deliver a digital ID. Kenya will aim to close the gap of accessibility to services with enhanced digital verification.
Kenya has previously ventured into the reusable ID space before the Huduma Namba was scrapped. The rollout of Kenya’s new digital ID system will occur in three phases, starting with first-time ID applicants, those seeking duplicates, and replacements for lost IDs.
