Identity Management Institutelaunches the metaverse security center and certified metaverse security consultant (CMSC)™ certification

Identity Management Institutelaunches the metaverse security center and certified metaverse security consultant (CMSC)™ certification

With the growing adoption of the blockchain technology to develop the next generation of Web3 Internet and decentralised applications, Identity Management Institute has launched the Metaverse Security Center to increase awareness of metaverse security risks and Web3 security best practices through the Certified Metaverse Security Consultant (CMSC) training and certification program.

With the blockchain technology at its core, Metaverse is an advanced Web3 version of the current Internet which offers an immersive digital space to further transition our physical life into the cyberspace and reshape our way of life from finance, education, business, gaming, and entertainment to new ways for digital property ownership and payment with the use of NFT and crypto.

Ownership and self-custody are key characteristics of Web3 where power and control are returned to the users in contrast to today’s centralized Web2 applications. The new Internet is expected to offer portability, ownership, and transparency with the highest level of encryption and greater level of responsibility in private key custody, identity management, and security.

Veridos launches new security features for transparent windows on ID cards and passport data pages

Veridos launches new security features for transparent windows on ID cards and passport data pages

Veridos, the global provider of integrated identity solutions, is set to unveil its innovative new security features specifically targeting the transparent window areas on ID documents: Amber ID, Diamond ID and Spectre ID.

While the trend in recent years has been to use transparent elements on polycarbonate ID documents, Veridos aims to further enhance these security features by adding more complexity. The goal is to produce documents that are easy to verify and at the same time difficult to duplicate. With the aim of protecting ID documents against counterfeiting, Amber ID, Diamond ID and Spectre ID are the latest in a long list of new techniques and technologies developed by Veridos in the field of document security.

Amber ID appears as a metallic, optically variable window with a positive-brilliant photo of the document owner. When backlit, the window with the motif becomes almost transparent, while in front light it looks like a golden metal leaf that turns green depending on the viewing angle. As the pigments are integrated and not printed, it is the ideal solution for a brilliant personalsation in a transparent window.

The Diamond ID feature helps to unambiguously verify questionable documents. It is fully transparent in day light, while it glows brilliant white under UV light in synergies with laser engraving, thanks to special smart colour technology developed in collaboration with C.S.T (Crime Science Technology).

Spectre ID, on the other hand, is a further development of Veridos’ well-known Magic ID feature, which sets static images in motion. When the card is tilted, the images appear to move. Thanks to Spectre ID, this effect can now also be applied to the transparent window areas of cards and data pages in combination with the repeated holder’s image.

As the latest generation of transparent security elements, the new functions embody an evolution for ID documents. A modular system makes it possible to combine these functions. This also applies to Veridos’ “Look ID” feature, the transparent stripe, spanning the entire data page, which is used in the current passport of Latvia for example.

Thanks to the variety of options for securing transparent windows and the built-in technologies, document forgery becomes more difficult and it’s detection more easy. Furthermore, Veridos’ use of polycarbonate ensures complete fusion of the plastic layers in each card, making it very difficult to manipulate materials or security attributes without leaving visible traces.

“With our new security features, we are armed with a whole range of countermeasures to address the threat of counterfeit identity documents,” explains Andreas Kuba, Global Vice President Identity Documents at Veridos. “In that way, we are helping to limit identity theft and also responding to the market demand for innovative security features for transparent elements of polycarbonate ID cards and passport data pages. In addition to pioneering new technologies for forgery-proof documents, we are focusing on their quick and easy implementation.”

Amber ID

Amber ID appears as a metallic POI window with a positive-brilliant photo of the document owner. ​

The Diamond ID feature helps to unambiguously verify questionable documents.

(Images: Veridos)

IN Groupe introduces Photometrix™ offline cardholder portrait verification, a solution already implemented for Togo healthcare program

IN Groupe introduces Photometrix™ offline cardholder portrait verification, a solution already implemented for Togo healthcare program

IN Groupe is proud to launch Photometrix™, a Surys branded solution, that allows verifying offline the portrait printed on a card with a simple smartphone. The solution, adopted in Togo, sets up an example for all countries needing to add security to their healthcare card program while allowing scalability and ease of use.

The Covid crisis has led many governments worldwide to reorganise their healthcare systems in order to reinforce their services to their citizens. However, these programs may be subject to ID fraud, leading healthcare departments to look for a secure, yet budget efficient, solution. IN Groupe is now announcing a new deployment of Photometrix™, a Surys branded solution, which significantly increases the security level of healthcare cards, while keeping issuance and infrastructure costs under control.

Governments need a trusted identity system for their healthcare needs: they not only have to ensure beneficiaries receive the healthcare services they are entitled to, but also to reduce fraud that could occur from misusing healthcare cards. In most cases, governments build upon an existing health beneficiaries database, including photos, and issue plastic cards without chips.

The solution consists in adding on each card a 2D-barcode printed around the picture. Personalisation phase remains unchanged as Photometrix™ code can be printed with any commercial card printer without requiring additional hardware investment. Then, verifying that a printed photo has not been tampered with is made easy as it can be performed offline with any smartphone: the phone will just need a camera to read the picture and its 2D barcode and will be able to verify offline that the photo has not been altered thanks to a dedicated application. There is no need to read or store any additional data making the system GDPR compliant per se. As it does not require extra personalisation equipment, the Photometrix™ solution is easy to implement, cost-effective and scalable.

In a world evolving towards phygital, the combination of physical and digital environments, Photometrix™ is also adapted to dematerialised cards. Issuing a virtual healthcare card, including a photo and a 2D barcode, can be completed along the same rails as traditional card issuance.

Verification is executed in the same manner, reading the portrait surrounded by the 2D barcode with a smartphone running a dedicated app offline.

In Togo, the INAM (National Healthcare Insurance Institute), in charge of the healthcare insurance program was originally created to organise health insurance of public employees in Togo, with the goal to broaden coverage to the entire population while extending security.

From October 2021, a law has been voted in order to extend this first healthcare coverage experience to all residents in Togo. In parallel, a new state agency was created with the aim to identify the whole population. INAM will have access to this resource from early 2023.

INAM has selected our Photometrix™ solution to implement this national program, which ensures that the healthcare card that was issued by INAM and is not a forged one, that the card holder is the right person and that there is no ID substitution in order to deliver health services and benefits.

This solution is suitable to Togo as it is not limited to a physical secure card, it also provides a digital version of Healthcare ID card and a smartphone app. The smartphone performs an offline control, what is fundamental due to lack of infrastructure in some Togolese regions and allows health stakeholders equipped with a dedicated smartphone to check the validity of rights. Digital ID is also a key factor as it will allow putting in place a robust system to maintain individuals’ benefits up-to-date and keeping alive a sustainable national program.

Mr. Winga, Head of Affiliation & Collection Department INAM Togo, declares: “As our mission is to provide access to a trusted healthcare solution to a large number of beneficiaries, we need to ensure that we detect attempts of fraud and ensure no one receives our services illegally while updating those rights. The Photometrix™ technology allows us to achieve this goal, while keeping our costs under control, as we personalize cards on standard equipment and portrait security can be verified with any smartphone.”

The Photometrix™ solution, along with all parts of IN Groupe offer for governments, businesses and professionals, will be presented on IN Groupe booth 5.2 D 035 during Trustech, a global event for innovative payments and identification solutions, taking place in Paris, Porte de Versailles, on November 29 – December 1st, 2022.

Photometrix benefits from the world leading expertise of Surys, the leading brand in optical technology, providing anti-counterfeiting solutions. Surys technologies ensure that identity documents, banknotes and fiduciary documents are easy to authenticate and hard to counterfeit and already adopted by over 130 countries alongside renowned major corporations.

Veridos and INCM deliver next generation of modern ePassports to Latvia

Veridos and INCM deliver next generation of modern ePassports to Latvia

Veridos, a leading global provider of identity solutions, will deliver 1.25 million latest-generation ePassports to Latvia in cooperation with the Portuguese state printer INCM. In addition to the documents, the order from the Office of Citizenship and Migration Affairs (OCMA) also includes a central personalization system, as well as service and maintenance over a five-year period.

This latest project extends a long-standing partnership between Latvia and Veridos, dating back to 1991. The bid to deliver 1.25 million electronic passports submitted by Veridos, the joint German venture between Giesecke+Devrient and the Bundesdruckerei, and INCM, the Portuguese Mint and Official Printing Office, beat the competition on both quality and price. Thanks to the use of CLIP-ID color personalization on polycarbonate data pages, the passports boast exceptionally high color fidelity and simplify visual verification. Latvia is the latest in a growing number of countries to use Veridos’ ultra-modern technology to enable its citizens to travel comfortably and securely.

Awarding the contract to the lead company Veridos and its partner INCM will enable technologically-advanced Latvia to benefit from the highest security standards and innovation levels in the field of electronic ID documents. The country is thus following the international trend of using color photos on polycarbonate pages. Veridos has once again opted for a solution from IAI for the personalization equipment used on site. This unique color solution has been successfully deployed in other regions.

“Latvia and Veridos have a close and long-standing partnership, so we are very pleased that we will be able to continue to work together in the future and provide real added value to citizens via our solutions,” says Marc-Julian Siewert, CEO of Veridos. “We are proud to have such a technologically advanced country as a partner. This partnership also demonstrates that our products are truly state-of-the-art and competitively priced.” ​

(Image: Youril)

Veridos recalls the great importance of legal identities for everyone

Veridos recalls the great importance of legal identities for everyone

The world’s population has now reached the landmark figure of eight billion people, according to the United Nations. However, one billion people still have no legal identity and are thus excluded from social participation and the opportunities of the modern world. With this having serious implications for those individuals, Veridos is committed to supporting the UN’s Sustainable Development Goal (SDG) of giving all people a legal identity by 2030.

The world population has reached a milestone. As the UN announced, there are now eight billion people living on our planet. On this occasion, Veridos, a leading global provider of integrated identity solutions, points out that, according to World Bank estimates, around one billion people do not yet have a legal identity. About 237 million children under the age of five do not have a birth certificate.

“A legal identity is the prerequisite for modern life in a connected world. Only a legal identity enables to uphold fundamental rights and participate in social, political and financial life,” explains Marc-Julian Siewert, CEO at Veridos. “We firmly believe that a legal identity is a human right. That’s why we are striving to develop both secure and innovative identity technologies that enable governments to guarantee this right to their citizens.”

Official identity documents, such as passports and birth certificates, do not only establish a sense of belonging for individuals, but they also guarantee them access to social benefits and services such as healthcare, education, humanitarian aid and financial support. They also enable them to exercise fundamental rights such as the right to vote or inherit.

Internationally recognized documents enable people to travel across borders for business and tourism. But they also allow them to receive medical care abroad or pursue specialised or technical education in foreign countries. Finally, identities give citizens secure access to important services for economic growth, such as setting up a bank account.

States and provinces also benefit from proof of identity, as it contributes to dynamic economic development. For example, the registration of all citizens of a country ensures tax revenue and distribution of state support measures. If all people have access to economic participation and education, states can tap the full economic and innovative potential of the population for the benefit of society as a whole.

For these reasons, Veridos supports the UN Sustainable Development Goal 16.9, which calls on all countries to provide all citizens with a legal identity by 2030. Veridos is a member of the United Nations Global Compact, a worldwide pact between the UN and companies for the social and ecological shaping of globalisation.

“There have never been that many people living on our planet as today. Therefore it is important to guarantee everyone the chance to participate in all aspects of life from a young age and have access to economic and social opportunities,” Siewert emphasises. “At Veridos, we are committed to this goal. We are convinced that developing new technologies for the ID sector and supporting a constant global exchange of knowledge on this essential topic, will contribute to make the United Nations’ vision a reality.”​

Photo: Marc-Julian Siewert, CEO at Veridos (Source: Veridos)

Okta unveils workforce identity cloud innovations to power enterprise security, productivity and agility

Okta unveils workforce identity cloud innovations to power enterprise security, productivity and agility

Okta, the leading independent identity provider,  introduced new innovations for Okta Workforce Identity Cloud, strengthening its single control plane for managing identity across all enterprise resources and users. New innovations include anti-phishing factors across user types and resources, and unified access management, governance, and privileged capabilities through a user-friendly solution end users and IT professionals love.

Enterprise workforces today are made up of employees, contractors, and business partners leveraging technologies across on-premise, cloud, and hybrid environments to meet their goals. In a complex and rapidly changing technology ecosystem, identity remains critical connective tissue between the ecosystem of people and the technologies they need to do their best work. Phishing in particular continues to be one of the most pressing problems, with more than 60% of social engineering-driven data breaches attributed to credential abuse, according to Verizon’s 2022 Data Breach Investigations Report. As the enterprise becomes more heterogeneous, enterprises need a unified identity approach to protect employees, third-parties, and critical infrastructure from rising identity-based threats.

Sagnik Nandy, President and Chief Development Officer, Workforce Identity at Okta said: “Okta makes it easy to both protect enterprises and deliver an amazing experience for every user connecting from any device or location.”

“This requires an identity foundation that not only enables interoperability across today’s broad ecosystem of technology, but offers the simplicity and comprehensiveness to keep workforces agile and IT productive, regardless of the tech stack or use case. Workforce Identity Cloud unifies the identity market’s previously siloed legacy solutions into a cohesive and holistic offering that makes identity a growth driver for enterprises.”

“Kyndryl designs, builds, manages, and modernizes the mission-critical technology systems the world depends on every day,” said Cory Musselman, Chief Information Security Officer at Kyndryl. “To power this work, we need our teams moving fast and our systems secure. Okta’s unified identity solution is a big part of how we make access and governance simple and secure across our IT estate and global employees. Being able to get our arms around all our people and resources keeps Kyndryl’s business accelerating forward”.

Anti-phishing Authentication and Threat Response for All Who Interact with Your Enterprise

Numerous high-profile cybersecurity breaches have shown that today’s enterprise is under attack, and its people are the primary target, including contractors, partners, and vendors. Okta is introducing new, easy-to-use security features for Workforce Identity Cloud, offering protection against credential-focused phishing for any user across any device at scale. Workforce Identity Cloud’s independence and neutrality enables customers to extend anti-phishing to the entire ecosystem of workforce users, who are accessing an enterprise’s resources through heterogeneous endpoints and operating systems.

Enterprises can combat phishing and third-party vulnerabilities with new security features such as:

  • Advanced Phishing-Resistant Access Capabilities for FastPass: Provides phishing resistance for all managed devices, and phishing resistance for unmanaged devices across MacOS, Windows, and Android operating systems.
  • WebAuthn Allow List: Helps enterprises to lock down WebAuthn enrollment to only hardware keys issued by a specific organization to prevent phishing attempts.
  • Passkey Management: Prevents users from enrolling with a multi-device FIDO credential such as passkeys, pre-empting any potential risks of unmanaged and unsecured devices accessing sensitive applications.
  • New Enhanced Security Checks for Unmanaged Devices: Gives security teams deeper insight into the devices attempting to access their applications and data, enabling their organizations’ zero trust security initiatives across their entire workforce and supply chain.

The latest anti-phishing features are further supported by new security use cases for Okta’s no-code automation tool, Workflows. Enterprises can leverage Workflows to orchestrate security responses and enable additional security actions as a precaution after a security event, such as a blocked phishing attempt. Workflows is specifically designed to automate identity actions, with new use cases offering users a simpler way to solve identity and security-based automation challenges, and mitigate the risks of third-party organizations, users, and devices.

Workflows users can create new security automation responses with the following features:

  • Security Templates: Empowers teams to take proactive measures such as identifying changes in user behaviour that create a risk to the organisation, continuously monitoring and improving the organization’s security posture, or fully automating security policy enforcement at the identity layer.
  • Connector Builder: Simplifies the building of new connectors without code using Workflows’ no-code designer. Technology vendors can use Connector Builder to create connectors for their customers, and admins can also easily connect custom tools.

Comprehensive Governance Controls to Manage User Access for Only When They Need It

Okta Identity Governance simplifies the process of requesting and granting access to resources by meeting end users where they are. Okta Identity Governance is built on Okta’s cloud-native technology and integrated across Workforce Identity Cloud to improve an organization’s security and compliance posture, while still being easy to use for IT teams and end users. New event-based certifications take advantage of Okta’s unified approach to identity governance and access management, enabling sharing of signals across the platform for contextualized governance capabilities across an organization’s broad workforce, ultimately keeping businesses secure and compliant.

Integrated Privileged Access to Keep Every Resource Secure Without Slowing Innovation

Okta Privileged Access builds off the infrastructure access capabilities of Okta Advanced Server Access by adding the hardened security and compliance layer required for privileged admin access. Okta Privileged Access will enable customers to secure highly-privileged credentials for admin and root accounts using Okta’s vaulting service that automatically rotates passwords and provides individual accountability for access to shared accounts. Okta customers can also use Okta Privileged Access to manage privileged access requests and approvals for infrastructure managed by Okta, as well as generate privileged entitlement reports to satisfy audit and compliance requirements. Okta Privileged Access gives admins the necessary tools to bolster security for privileged resources, monitor and record privileged access, and run detailed compliance reports for auditors.

Key new capabilities of Okta Privileged Access include:

  • Credential Vaulting: Provides credential vaulting and rotation for Local User Accounts and human-managed shared secrets, and will provide just-in-time (JIT) access request and approval workflows for human, machine, and application users alike, eliminating the need for unnecessary standing permissions.
  • Privileged Governance and Compliance: Generates privileged access reports and added session management capabilities, creating an audit trail to detect and prevent unwanted behavior, and to aid in proving compliance.
  • Modern Infrastructure Access Management: Offers passwordless access management using ephemeral certificate-based authorization for modern infrastructure including Kubernetes, Linux, and Windows servers.

Consolidating Identity Management into a Single Control Plane

Workforce Identity Cloud unifies Okta Identity Governance and Okta Privileged Access with Okta’s core Identity and Access Management (IAM) technology to deliver holistic visibility and control of all identities. Combining these components puts power and control in the hands of IT without compromising on security or user experience for the rest of the business. The unified solution delivers a newfound agility for workforces who no longer have to navigate multiple end-user experiences and improves IT efficiency by not requiring them to integrate siloed identity systems.

Okta’s unified identity platform approach enables enterprises to:

  • Automate Processes Across IAM, Okta Identity Governance, and Okta Privileged Access: Integrates multiple identity solutions into a single platform with low time to value and without using code or APIs.
  • End Identity Silos: Drives better security and compliance outcomes by eliminating identity silos to provide end-to-end governance and access management.
  • Streamline Management of Enterprise Identities: Enhances management of access and entitlements across every resource, and for any user with any level of privilege.
Organisations struggle to attain PKI maturity as the digital security landscape evolves, Entrust global PKI and IoT trends study 2022 finds

Organisations struggle to attain PKI maturity as the digital security landscape evolves, Entrust global PKI and IoT trends study 2022 finds

Public key infrastructure (PKI) remains the cornerstone of nearly every IT security environment, but even as the technology matures, new use cases, and rising compliance mandates are adding new challenges to infosec professionals charged with managing PKI implementations. This is a key theme that comes out of the 2022 Global PKI and IoT Trends Study, conducted by the Ponemon Institute, and sponsored by Entrust, a global leader in trusted payments, identities and digital infrastructure. 

The study found that while the top use cases for PKI are still of the traditional variety, such as TLS/SSL, securing VPN and private networks, and digital signing, it’s the regulatory landscape and newer use cases – such as cloud-based services and IoT – that are driving the adoption of PKI. As a case in point, IT security teams report rising demand for PKI driven by the regulatory environment – ranked by 31% of respondents from 24% the previous year– and BYOD and internal device management, which more than doubled from 11% in 2021 to 24% in 2022.

And yet, organizations continue to struggle with applying the resources needed to effectively manage their PKI implementations, with 64% of respondents citing insufficient resources, lack of skills, and no clear ownership as the top three challenges to enabling applications to use PKI – rising from 51% in last year’s survey. Highlighting the need for resources, nearly half (48%) identified a ‘lack of visibility of the application that will depend on PKI’, rising from 34% in 2021. Similarly, another jump came with 35% of respondents identifying requirements being too fragmented or inconsistent, up from 28% in 2021.

Challenges and opportunities 

When it comes to existing PKI implementations, the top challenge continued to be the ability to support new applications – cited by 41% this year – as well as lack of visibility into the security capabilities of existing PKI at 29%. The fact that organizations might not have the right technology in place to secure these new use cases or might not know if their PKI is capable of it, is concerning though perhaps not surprising, considering only 38% of organizations said they have a PKI specialist on staff.

“The top three challenges in deploying and managing PKI have remained fairly consistent over the years of conducting this research,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “But looking at some of the trends over time, it paints a picture of a landscape that continues to recognise the importance of PKI, but constantly evolving use cases and compliance requirements means that organizations find themselves running to stand still. The lack of skilled and experienced staff to help alleviate this pressure is clearly being increasingly felt, as is the lack of clear ownership across stubbornly siloed business structures for many.”

New enterprise applications driving change and uncertainty

As organizations plan the evolution of their PKI, new applications such as IoT devices and external mandates and standards continue to drive the most change and uncertainty, but change drivers are diversifying. For example: 

  • IoT was the top ranked change driver, cited by 33% of respondents. But this total is a drop from 41% in 2021 and 52% in 2020
  • Similarly, external mandates and standards were cited as a top change driver by 30% of respondents that said external mandates and standards will drive change, but this is down from 37% in 2021 and 49% in 2020

Enterprise applications are the rising PKI change agent. While ranked fifth, enterprise applications were cited by 23% of respondents in the 2022 survey – representing a steady increase from 11% of respondents in 2020 and 17% in 2021. 

The role of IoT

With IoT highlighted as a primary trend and the top agent for change, it’s not surprising that scalability to millions of managed certificates continues to be the most important PKI capability for IoT employments. While scalability is ranked as the most important capability, it has decreased in importance from 53% of respondents in 2018 to 39% of respondents in 2020. The ability to sign firmware for IoT devices has increased from 27% of respondents in 2021 to 33% in 2022 – highlighting the critical need to ensure security and trust in these connected devices. 

The question then becomes how PKI will be used to support IoT device credentialing. According to those surveyed, in the next two years, an average of 44% of IoT devices in use will rely primarily on digital certificates for identification and authentication. Just over a third (35%) of respondents believe that as the IoT continues to grow, supporting PKI deployments for IoT device credentialing will be a combination of cloud-based and enterprise-based – again, down from 42% in 2021.

“What we’re seeing is that securing cloud applications and IoT are top of mind for organizations – these are things that have significantly changed the digital security landscape by moving security outside the four walls of an organizations,” said Samantha Mabey, Product Marketing Director of PKI & IoT, at Entrust. “But when we see that new applications like IoT are also the top areas expecting the most change and uncertainty, this suggests that while they might be thinking about it, organizations haven’t quite figured that area out just yet. Very much related but arguably more important, the number two area expecting change and uncertainty is external mandates and standards. Not just IoT, but cybersecurity in general, is being evaluated at all levels across the globe, and those mandates can be difficult to navigate, especially without the right skills and resources internally to do so. This will only continue to become challenging with future threats like post quantum, where the transition will be very involved and take several years.” 

Open source tool labs enable organisations everywhere to automatically detect and standardise legal forms

Open source tool labs enable organisations everywhere to automatically detect and standardise legal forms

J.P. Morgan has successfully tested the new machine learning tool and is currently evaluating its integration in its data pipeline.

In line with its commitment to advancing the availability of open, accurate, and relevant entity identification data around the world, the Global Legal Entity Identifier Foundation (GLEIF) has collaborated with Sociovestix Labs to create a machine learning tool that recognises an entity’s specific legal form and automates the assignment of its corresponding Entity Legal Form (ELF) code. The ‘Entity Legal Forms (ELF) Code List’ is based on the ISO standard 20275 ‘Financial Services – Entity Legal Forms (ELF)’ and assigns a unique alpha-numeric code of four characters to each entity legal form.

An entity’s legal form is a crucial component when verifying and screening organisational identity. The wide variety of entity legal forms that exist within and between jurisdictions, however, has made it difficult for large organizations to capture legal form as structured data. The new tool, trained on GLEIF’s Legal Entity Identifier (LEI) database of over two million records, will allow banks, investment firms, corporations, governments, and other large organizations to retrospectively analyse their master data, extract the legal form from the unstructured text of the legal name and uniformly apply an ELF code to each entity type, according to the ISO 20275 standard.

Tier-one global bank, J.P. Morgan, has successfully tested the new tool and is currently evaluating its integration in its data pipeline.

The tool delivers a range of benefits to both the organisation and the broader global marketplace. These include:

  • Automating the standardisation of unstructured data (entity legal form as part of the organisation’s name), fostering greater data quality.
  • Overcoming legal form data classification problems stemming from, for example, language variations and abbreviation inconsistencies and promoting greater insight and transparency into the global marketplace.
  • Presenting the legal form of an entity in a machine-readable format which can be utilised by AI tools and in other digitised business processes and applications.
  • Bypassing the risks and limitations associated with manual engagement with data, including time, inefficiency, human error, and high administrative costs.

By creating richer data sets with improved categorisation of legal entities, the new tool promotes greater insight and transparency into the global marketplace and works in tandem with the LEI to create a globally consistent data set.

Stephan Wolf, CEO, GLEIF, comments: “GLEIF is providing the open-source data library to enable other organizations to integrate this ISO standard into their data without deploying costly and inefficient manual processes. This will help to improve data quality on a broad scale by enabling the swift adoption of the universal Entity Legal Form codes. Through this initiative, we have both improved the quality of LEI data and produced a highly trained machine learning tool which we can now make freely available as a public good.”

Prof. Dr. Damian Borth is Co-founder of Sociovestix Labs and a director of the Institute of Computer Science at the University of St.Gallen, where he holds a full professorship in Artificial Intelligence and Machine Learning (AIML). He adds: “The automatic identification of the legal form of a company and its linkage to ELF codes is fundamental to many successive tasks in the industry. The released Python library “Legal Entity Name Understanding” does this by encapsulating the global knowledge of 175 jurisdictions into one unique open source tool – free to use for everybody who appreciates data quality.”

Sameena Shah, AI Research Executive and Client Onboarding Chief Transformation Officer at J.P. Morgan, comments: “J.P. Morgan already utilises the entity relationship data in the LEI database to improve our detection of umbrella structures in funds. We’re excited to engage further with GLEIF and evaluate the new tool for automated ELF code detection. We applaud GLEIF’s commitment to enhancing data quality and its decision to make this tool freely available to any organisation seeking to benefit from AI solutions.”

The ‘Entity Legal Forms (ELF) Code List’ contains more than 3,250 Entity Legal Form codes spanning more than 175 jurisdictions, including legal forms and types in their native language, such as limited liability companies (Ltd), Gesellschaft mit beschränkter Haftung (GmbH) or Société Anonyme (SA). GLEIF has integrated ELF codes into the standardised set of reference data on a legal entity available within the Global LEI Index, an open data set. The tool has been used to retrospectively apply these codes to LEI records where they were absent. The inclusion of ELF codes within LEI data further enhances the business card information included in each of the more than two million LEIs used globally today.

UK Government Approves Nine Entrust Solutions for G-Cloud 13 Program, including nShield as a Service

UK Government Approves Nine Entrust Solutions for G-Cloud 13 Program, including nShield as a Service

Catalogue of Entrust products certified for the latest iteration of the government-approved digital marketplace. 

Entrust, a global leader in trusted payments, identities and digital infrastructure, has had nine of its cloud and associated support services approved for the G-Cloud Framework. This platform enables public bodies in the UK to procure commodity-based, pay-as-you-go cloud services on government-approved, short-term contracts through an online catalogue called the Digital Marketplace.

This streamlined procurement process supports the UK government’s ‘Cloud First’ policy and is a key component in the government’s ambition to operate a cloud-native digital architecture. The Entrust services that are available on the latest iteration of the framework, G-Cloud 13 are as follows:

  • Entrust nShield as a Service – cloud Hardware Security Modules
  • Public Key Infrastructure (PKI), as either:
  • Managed PKI – A bespoke & dedicated PKI without the need for in-house expertise
  • PKI as a Service (PKIaaS) – Cloud based turnkey PKI
  • SSL Certificates (through our partner Conosco)
  • Identity as a Service (IDaaS) – Identity & Access Management with a broad array of authenticators
  • Managed Certificate Hub – Certificate Lifecycle Management for public and private Certificate Authorities in your enterprise
  • Managed Root Certificate Authority – high assurance Root of Trust for your PKI
  • Managed Microsoft PKI – A managed bespoke and dedicated PKI within Azure
  • Cloud support consultancy – design, onboarding, cryptography and PKI health checks for Entrust G-Cloud services

The need to authenticate the identity of people, systems and things is challenging and growing. With the launch of G-Cloud 13, and the inclusion of these nine services from Entrust, government departments and agencies in the UK Public Sector can leverage these solutions to enable secure transactions. As an annually revised platform, G-Cloud 13 will go live on 9 November 2022 and is due to end at 23:59 on the 8 November 2023.

Specifically, the addition of nShield as a Service to this roster facilitates UK public sector organizations moving their infrastructure into the cloud while maintaining control of their data security with master keys protected in a hardware security module (HSM), as is best practice.

“The UK Government G-Cloud program is a way for public sector organisations to purchase cloud based IT solutions from approved, secure providers. Many of these organisations are looking to move as much of their infrastructure into the cloud as possible and need many of the Entrust cloud solutions to support the security requirements. With Entrust cloud solutions, we give you the capability along with the comfort that, strong controls and governance are consistently applied” said Robert Hann, Vice President of Centre of Expertise for Entrust Digital Security Solutions.

“Entrust delivers UK Public Sector organisations G-Cloud approved solutions that ensure that you have a robust, secure and scalable combination of solutions to meet your data protection requirements.”

This cloud-native framework can help customers who are seeking to reduce their on premises data centre footprint and have more flexibility by replacing big capital outlay with a more predictable and flexible subscription payment model. Furthermore, with a selection of managed and “as-a-Service” solutions from Entrust, customers who are lacking the in-house expertise to manage their identity management or data protection solutions can safely leave it to the experts at Entrust..

The Government of Seychelles launches the ‘SeyID’ Project

The Government of Seychelles launches the ‘SeyID’ Project

The SeyID platform empowers key initiatives in Seychelles for eGovernment and will be made available for applications in private sector, such as eBanking. 

The Government of Seychelles announced today the launch of the SeyID Platform, developed by WISeKey International Holding, a leading cybersecurity company. The project delivers a new Digital Identity platform, named “SeyID”, that is linked with different national initiatives covering eGovernment, eTourism and eHealth.

In 2014, WISeKey was selected by the Government of Seychelles as a partner to supply technology and expertise on Public Key Infrastructures (PKI), Digital Signatures and its usage in electronic transactions. PKI and all the derived applications for authentication, digital signatures and encryption are indisputably the most secure technologies to ensure the protection of personal identities and documents. The Government of Seychelles has been praised internationally for all its efforts in eGovernment and innovation technologies; in 2012 it was recognized by the United Nations with an Information Communications Technology for eGovernment award, and since then it has been considered a benchmark in the region.

With this new project, the Government of Seychelles seeks to implement new solutions and services for citizens, including new eGovernment services, to facilitate access to Digital Identity through the use of smartphones and mobile apps. The SeyID platform delivered by WISeKey will include additional Digital Identity services for the Seychellois citizens, which will complement the current National Identity Card with a virtual card stored in a mobile app. The Digital Identity project can also enable tourists to create an eTourist ID to access local digital services. Seychelles is visited annually by nearly 400,000 tourists and such services will be of great value. WISeKey is a key player in the PKI arena and offers a unique combination of know-how and geo-political neutrality. Based in Switzerland, WISeKey can ensure the independency of its trust services, allowing its customers to issue digital identities that are recognized worldwide.

The SeyID project is based on WISeKey’s WISeID platform for Digital Identity and online security. WISeID is a trusted identity service that enables access to the web and mobile applications with strong authentication techniques. WISeID supports online KYC onboarding, OTP and an innovative “hands-free” secure login based on QR-Codes which users can read using the “SeyID” mobile application without even having to type any password. Additional security services include digital signature services for documents. WISeID implements standards such as OpenID Connect and OAUTH2, that are easily integrated by customers to enhance the security of their cloud applications. WISeID can also be combined with Microsoft Active Directory, facilitating integration with corporate applications. WISeID is based on the WISeKey/OISTE Root of Trust and integrates innovative blockchain technologies to distribute the identity attributes and build federated ecosystems.

The SeyID project also integrates a cloud signature solution that enables the users to digitally sign documents and other transactions, easily and with full legal validity. This will enable a fast advance in the implementation of eGovernment and other uses for the private sector, by effectively dematerializing the processes, eliminating the need of manuscript signatures on paper.

Benjamin Choppy, the Principal Secretary of the Department of Information and Communication Technology in Seychelles said, “The e-ID platform, SeyID, is a fundamental component in the implementation of Seychelles Government Digital Economy Agenda and its coming into operation marks a key milestone achievement.”

“WISeKey is proud to have been awarded by the Government of Seychelles this project to build the National Digital Identity platform, which confirms the potential of the WISeID solution as a solid base to deliver such services,” said Carlos Moreira, Founder and CEO of WISeKey.

The SeyID platform is already delivered and in the last phases of integration with eGovernment and private companies, such as banking services. It will be opened for non-residents in 2023, aiming to propose new services for tourism and international business.

Source: Wisekey International Holding SA

Regal Gaming Technologies and Yoti take new steps to protect young people: introducing digital age verification across UK bars, pubs and service stations

Regal Gaming Technologies and Yoti take new steps to protect young people: introducing digital age verification across UK bars, pubs and service stations

Regal Gaming Technologies, a leading provider of gaming machines to the leisure and hospitality industry, has today announced that it is working with Yoti in testing a digital age verification solution to create safer and more age appropriate experiences and bring a halt to under 18 players.

By implementing digital age verification, Regal’s clients – which include some of the largest players in the UK hospitality sector – can rely on the technology to assist them in preventing young people and minors from playing 18+ gaming machines.

The combination of Regal Gaming Technologies and Yoti brings an integrated solution that helps people prove their age in two privacy-preserving ways:

  • Yoti facial age estimation – the technology accurately estimates a person’s age based on a selfie. This privacy-preserving and inclusive approach doesn’t require any personal details or ID documents, and all images are instantly deleted once someone receives their estimated age.
  • Digital ID app – individuals can use the free Yoti app to scan a QR code on the gaming machine and share a verified ‘over 18’ attribute.

Both solutions reduce the risks of fake or fraudulent ID documents being used, and relieve pressure on staff to accurately check IDs. The technology can also eliminate potential confrontation between customers and staff when checking age, and enable  play without staff interaction, creating a smoother customer experience. Alternatively, customers can choose to show a physical ID document to a member of staff.

Andrew Bell, Managing Director Finance and Commercial of Regal Gaming Technologies said: “As a business, we’re committed to providing a complete range of gaming solutions to our pub and AGC customers, and we are pleased to be partnering with Yoti to provide a market-leading age verification solution in our Digital Gaming Machines. Modern pubs are busy, fast-paced working environments and integrating Yoti’s solution into our machines to assist site staff with age verification is a great way to tackle underage gambling. It’s fast, accurate and highly efficient.”

Robin Tombs, CEO of Yoti said: “We are committed to using our tech for good, in particular how we can help protect against anyone underage accessing age restricted leisure activities or online content. We’re delighted to be working with Regal Gaming Technologies to prevent underage play and create age appropriate experiences. Our innovative age estimation technology and free Yoti app allows adults to easily prove their age in a private and secure way, only sharing the fact that they are over 18.”


UK Finance calls for urgent action as fraud continues to climb

UK Finance calls for urgent action as fraud continues to climb

This report shows that while the end of the pandemic has seen a fall in overall fraud losses, some fraud types have increased as criminals continue to adapt their methods.

UK Finance publishes its latest fraud report covering the first half of 2022.

  • Over £609.8 million was stolen by criminals through authorised and unauthorised fraud in H1 2022, down 13 per cent compared to the same period in 2021
  • UK Finance reiterates calls for cross-sector action to target the criminals responsible

UK Finance today releases its latest fraud report covering the first half of 2022. The organisation noted that the drop was partially due to H1 21 being an exceptionally high period for fraud, rather than the start of a downward trend.

A total of over £609.8 million was stolen through fraud and scams in the first half of 2022, a decline of 13 per cent compared to H1 2021. Of this total, unauthorised fraud loses were £360.8 million and authorised push payment (APP) fraud losses were £249.1 million.

The banking and finance industry prevented a further £583.9 million of unauthorised fraud from getting into the hands of criminals.

Given that much of the fraud is initiated from criminal activity taking place through online and technology platforms, UK Finance and its members have long-been calling for greater cross-sector action to tackle the problem at source and will continue working with the government on upcoming legislation in this area.

Katy Worobec, managing director of Economic Crime at UK Finance, said:

As we have warned previously, the level of fraud in the UK is such that it must be considered a national security threat. The industry is continuously focused on tackling the threat as we know criminals continue to find new ways to exploit potential victims.  However, criminal gangs simply bypass the advanced security measures banks have in place and instead directly target the customer, usually outside the confines of the banking system. This is why it is key that other sectors work with us to fight fraud as it remains a persistent threat to businesses, consumers and the growth of the economy not to mention the reputation of the UK as a place to do business.

Unauthorised fraud: the account holder themselves does not provide authorisation and the transaction is carried out by a criminal (for example, the victim’s card details are used without their knowledge or consent).

  • Unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £360.8 million in H1 2022, a decrease of nine per cent compared to H1 2021.
  • Victims of unauthorised payment card fraud are legally protected against losses. Industry analysis shows customers are refunded in excess of 98 per cent of all confirmed cases.

Authorised push payment (APP) fraud: the customer is tricked into authorising a payment to an account controlled by a criminal.

In H1 2022, APP fraud losses continued to be driven by the abuse of online platforms used by criminals to scam their victims. These include investment scams advertised on search engines and social media, romance scams committed via online dating platforms and purchase scams promoted through auction websites. Criminals used scam phone calls, text messages and emails, as well as fake websites and social media posts, to trick people into handing over personal details and passwords. They subsequently used this information to convince people into authorising a payment.

There were 95,219 incidents of APP scams in H1 2022 with gross losses of £249.1 million, down 17 per cent compared to H1 2021. This total includes:

  • £90.5 million lost to impersonation scams (impersonation: police/bank staff and impersonation: other), whereby criminals impersonate a range of organisations to trick people into giving away their personal and financial information. This was the largest category of APP losses.
  • £61.2 million lost to investment scams, the second largest category of APP losses.
  • 53,782 cases of purchase scams, which means this was the most common type of scam – accounting for 56 per cent of all cases

While the overall decrease of APP fraud, the amount returned to customer has increased, rising by 11 per cent to £140.1 million in the first half of 2022.

UK Finance also collects data on cases assessed under the APP voluntary code. As a subset of the total amount refunded above, £117.2 million of losses were returned to victims under the APP code, accounting for 60 per cent of losses in these cases.

iProov and Microblink partner to offer a comprehensive identity verification solution

iProov and Microblink partner to offer a comprehensive identity verification solution

iProov, the world leader in face biometric verification and authentication technology, and Microblink, a global leader in AI-powered computer vision software, announced today a partnership to provide a premier biometric- and document-based identity verification solution to organizations worldwide.

Combining Microblink’s expertise in AI-powered identity document scanning with iProov’s best-in-class biometric face verification, organizations can fully onboard new customers in an easy-to-use process without compromising fraud protection.

“As consumer demand for digital identity services grows exponentially, organizations must stay a step ahead of the evolving and sophisticated threats to online verification systems,” said Joe Palmer, chief product & innovation officer at iProov. “Together, iProov and Microblink provide an integrated solution that protects organizations against online fraud, while safeguarding consumers’ digital identity.”

iProov’s patented face biometric verification and authentication technology is used by organizations globally to confirm that an online user is the right person, a real person, and that they are authenticating right now. Its Genuine Presence Assurance and Liveness Assurance technologies deliver an effortless user experience with the highest levels of security to help prevent fraud, identity theft, and other cybercrime during online onboarding, authentication, and identity recovery.

“We believe that an increasing number of industries are looking for fully automated identity verification solutions that provide the best combination of user experience and fraud protection,” said Hartley Thompson, chief operating officer at Microblink. “Microblink’s partnership with iProov is a powerful offering to meet those needs.”

BlinkID is Microblink’s AI-driven software solution that enables seamless scanning and data extraction of identity documents. With the ability to scan document types from 138 countries – including driver’s licenses, passports, and other government-issued IDs – Microblink’s solution serves a number of industries and companies looking to evolve their identity verification process.

iProov and Microblink first offered a holistic solution for Ignition-Innovation’s digital identity service, TruMeID, in Trinidad & Tobago.

Mitek helps businesses fight cyberfraud with new biometrics tech

Mitek helps businesses fight cyberfraud with new biometrics tech

Mitek’s new MiPass provides consumers the highest level of identity security available today.

No one likes passwords. An average person has more than 100 passwords to manage, often making it difficult and frustrating to complete even the simplest online transactions. Enter MiPass from Mitek, a passwordless identity authentication solution that allows a person to access digital accounts effortlessly and securely using two features that are uniquely theirs: voice and face.

  • How: To access a digital account using MiPass, a person simply uses a smartphone to take a quick selfie and then record a phrase.
  • Why: Combining the two is a significant security improvement beyond the face recognition-only systems many use today. Authenticating digital identities with MiPass reduces the risks associated with on-device stored biometrics, which can be easily compromised, shared between people or overwritten with a simple passcode.

“MiPass provides the highest level of digital security available today,” said Mitek CTO Steve Ritter. “MiPass combines voice and face recognition using sophisticated liveness detection technology to defend against digital and deepfake attacks in real time.”

Hassle-free and secure account access helps both companies and their customers

Experts estimate that more than 80% of hacking breaches involve the use of stolen passwords or credentials, fraud that can cost a large company as much as $1 million a year. By moving to a more secure, passwordless approach to digital account authentication, companies can both increase customer loyalty and reduce their own risk from identity theft and account takeover attacks.

Because MiPass algorithms have been developed and tested against balanced and representative data sets, to avoid bias, MiPass can accurately authenticate customers regardless of race, ethnicity, age or gender.

According to recent research by YouGov, 74% of people say they want their bank to adopt the latest technology to keep their account safe. As many as 44% of adults ages 18-34 say they would like their bank to adopt newer, modern technologies to make it easier to log in to accounts.

“Companies care about their customers’ trust and security more than anything,” said Mitek Head of Product Chris Briggs. “Mitek understands this. That’s why we focus all our attention on bringing products to market that enable trusted online access. People are most loyal to companies that offer both convenience and security. That’s where MiPass excels.”

MiPass demo is available now

A developer-friendly software development kit (SDK) makes MiPass easy to embed into a wide variety of customer use cases, such as simple account information updates, password resets, device rebinding and high-risk financial transactions.

Learn more about MiPass and Mitek’s passwordless approach to hassle-free secure digital access.

Cryptomathic joins Cloud Signature Consortium as Executive Member

Cryptomathic joins Cloud Signature Consortium as Executive Member

Remote e-signature specialist, Cryptomathic, today announced that it has joined the Cloud Signature Consortium (CSC), a global group of industry, government and academic organisations committed to driving the standardisation and interoperability of secure and compliant digital signatures in the cloud, as an Executive Member.

The introduction of the European Union’s Regulation on Identification and Trust Services (eIDAS) identified a clear need for a global standard to ensure interoperability between all stakeholders in the digital signature community. The Cloud Signature Consortium was formed to answer this need by developing common protocols to bring secure digital signature services to cloud-based applications for billions of users across web and mobile.

As an Executive Member, Cryptomathic will integrate Signer, its remote Qualified Electronic Signature solution, with the CSC’s latest API protocol. This integration will foster greater interoperability between Signer and the third-party providers and solutions required to enable secure and compliant digital signature processes in the cloud. Once complete, users of CSC-certified applications will be able to take advantage of the key features of the Signer solution with greater ease. This includes its What You See Is What You Sign functionality, which provides strong non-repudiation and addresses long term validation signature profiles for XML or PDF documents, and its high-assurance level, underpinned by its Common Criteria certification under the eIDAS protection profile 419241-2 for remote Qualified Electronic Signatures.

As an industry leader, Cryptomathic will also take an active role in the further development of the CSC API – a powerful yet flexible API specification for cloud-based trust services – as part of its commitment to support the advancement of technical excellence, security and interoperability for trusted e-signatures worldwide.

Guillaume Forget, Managing Director, Cryptomathic GmbH, comments: “As a pioneer of remote e-signing, Cryptomathic has a vital role to play in the development of an interoperable, digital signature ecosystem, operating at the highest standard of security possible. We have actively participated in industry standardization for several decades, including our roles in the European Committee for Standardization (CEN) and the European Telecommunications Standards Institute (ETSI), and we are passionate about continuing to grow our contribution to the industry. As a member of the Cloud Signature Consortium, we look forward to collaborating with members to continue to build on its work to date and bring secure, cloud-based digital solutions to billions of users worldwide.”

Viky Manaila, President of the Cloud Signature Consortium comments: “We would like to welcome Cryptomathic as an Executive Member of the Cloud Signature Consortium. As the Consortium was founded following the introduction of eIDAS in Europe, Cryptomathic will bring valuable industry knowledge to the group as one of standard’s original architects, which will play a key role in the future of our open standard.”

Cryptomathic is an industry leader in e-signature technology and assists multiple trust service providers and banks to enable their customers to sign documents and transactions at the highest assurance level.

NatWest and Vodeno create strategic partnership

NatWest and Vodeno create strategic partnership

NatWest Group plc and the Vodeno Group enter into a strategic partnership to create Banking-as-a-Service business. 

NatWest Group has entered into a strategic partnership with the Vodeno Group (comprising of Vodeno Limited and its subsidiaries) which will see the creation of a Banking-as-a-Service (“BaaS”) business in the UK. This strategic partnership will enable businesses to embed financial services products such as payments, deposits, point-of-sale credit and merchant cash advances directly in their ecosystem by leveraging the Vodeno Group’s BaaS technology, and NatWest Group’s banking technology and UK banking licenses.

Vodeno Group is a European BaaS provider which combines the Poland-based Vodeno Sp Z.o.o (“Vodeno TechCo”), a software company providing its API-based technology platform and the Belgium-based Aion Bank, which has a banking license covering a range of banking products, including loans, deposits and access to EEA payment systems. Vodeno Group is majority owned by Warburg Pincus.

Under the terms of the agreements, a new UK based entity will combine the Vodeno Group’s technological and operational capabilities and its cloud platform with NatWest Group’s banking technology and expertise, building on NatWest Group’s position as a leading supporter of UK business. Through its business banking app Mettle, NatWest Group has built a standalone core banking and payments capability, Vodeno’s Group’s platform will provide a channel for delivering these capabilities to BaaS clients in the UK.

The new UK entity will be 82% majority owned and consolidated by National Westminster Bank Plc, with Vodeno TechCo holding the remaining minority interest. NatWest Group will additionally take a minority interest (initially a 9.9% holding, increasing to 18% subject to certain conditions and approvals being met) in Vodeno Limited, which owns 100% of Vodeno TechCo and Aion Bank.

NatWest Group Chief Executive Alison Rose said:

“As a leading supporter of UK business, we are committed to investing in digital transformation to provide a simpler and better banking experience for our customers. By entering into this strategic partnership with Vodeno Group we will be able to meet the evolving needs of our business customers as they look to embed financial products in their own propositions and journeys.”

“This strategic partnership presents a strong potential source of fee income in a growing market, and an opportunity to deliver sustainable growth by building deeper relationships with our corporate customers. It also complements our existing investment in the development of business banking technology within our Mettle business.”

Wojciech Sobieraj, CEO of Vodeno Sp Z.o.o added:

“Consumers require high quality and accessible banking products that are end-to-end digital, and Banking-as-a-Service is making this possible. Our fully API-based platform offers a comprehensive suite of BaaS products that enable brands to ‘embed’ financial services directly into their ecosystems to create seamless customer journeys. We are excited to combine our technology with NatWest Group to offer the next generation of financial services.”

Completion of the arrangements is subject to satisfying various conditions, including licensing, servicing and other documentation, and obtaining regulatory approvals (including the UK Financial Conduct Authority and National Bank of Belgium / European Central Bank).

NatWest is committed to make in total i) a capped commitment of c.£115m, to enable the establishment of the new UK entity; and ii) a €58m investment in Vodeno Group to acquire an 18% minority stake, investment in each case subject to certain conditions and approvals being met.

72% of Consumers Worldwide Prefer Face Verification for Secure Online Services

72% of Consumers Worldwide Prefer Face Verification for Secure Online Services

iProov Survey Reveals Strong Demand for Digital Identity Services and Identity Theft Protection.

How do consumers want to access secure services online? With face verification. That’s the key finding from a report by iProov, the world leader in biometric verification and authentication technology, which surveyed 16,000 people in eight countries to assess their attitudes to online security and digital identity.

Seventy-two percent of respondents in Australia, Canada, Germany, Italy, Mexico, Spain, the UK, and the U.S. said they would prefer to use face verification for secure online transactions. Sixty-four percent said they either already use face authentication for accessing their mobile banking app or would do so if it was available, while 55% said that they already use biometrics to unlock their mobile devices.

The appetite for more online services was even more pronounced, with 80% saying they would like to see driver’s license renewals, passport renewals and other government services supported digitally. But awareness of the risk of cybercrime was also high, with 86% saying they were worried about identity theft.

The five key findings from the survey:

Face verification is preferred for online security by almost three-quarters of consumers worldwide

  • Seventy-two percent of respondents said that they would prefer to use face verification for secure transactions online.
  • Sixty-four percent said they either already use face authentication for accessing their mobile banking app or would do so if it was available, while 55% said that they already use biometrics to unlock their mobile devices.
  • This roundly dispels the myth that consumers don’t like face biometrics – the security and convenience clearly appeal to people in all regions of the world.

The vast majority of consumers want additional secure services online and they welcome ID checks

  • Eighty percent said they wanted to see more government services offered online, with driver’s license renewals, vehicle tax renewals, passport renewals, voter registration, and filing of tax returns on the most wanted list.
  • These services all require stringent online identity verification, which underlines the need for face biometric verification and liveness detection.
  • Eighty-four percent said they expected online payments to be verified over a certain value threshold, with Spain and Italy having the lowest thresholds.

Identity theft is a concern for nearly 9 out of 10 consumers – protection is critical

  • Eighty-six percent of respondents said that they were worried about identity theft, with 37% saying they had been a victim or knew someone who had. Americans were most likely to have suffered directly.
  • Forty-nine percent hadn’t been directly affected by identity theft but were still worried about it.
  • Consumers care greatly about identity theft and organisations must reassure their customers with appropriate online security measures.

Ninety percent of global consumers might consider using a single secure digital identity

  • There is huge consumer demand for single secure digital identity services, when the concept is explained. Ninety percent of respondents said they already use one or might consider doing so.
  • Banks, governments, credit card firms, and Google were most trusted to deliver digital identity services.
  • However, the survey also discovered that only half of consumers understood what the term “digital identity” meant. For governments and other organizations delivering digital identity services, consumer education on purpose and benefits will be key.

Passwords have to go: a third of consumers had requested a password reminder in the past 24 hours

  • Thirty-two percent of respondents said they had been forced to request a password reminder either that day or the previous day, with 55% saying they had done so during the previous week.
  • This represents not only a huge level of unnecessary online customer frustration but it’s also lost business; 32% also said that they abandon online transactions at least once a month due to password frustration.

“This research highlights that consumers want the security and reassurance of online face verification, as well as the convenience that it delivers,” said Andrew Bud, Founder and CEO of iProov. “Consumers care deeply about identity theft, and face verification provides the best possible protection against it, enabling organizations to deliver secure services online with an effortless user experience. A simple face scan can unlock access to every kind of service online, replacing hideously outdated passwords.”

iProov’s patented face biometric verification and authentication technology is used by organizations globally to confirm that an online user is the right person, a real person, and that they are authenticating right now. Its Genuine Presence Assurance and Liveness Assurance technologies deliver an effortless user experience with the highest levels of security to help prevent fraud, identity theft, and other cybercrime during online onboarding, authentication, and identity recovery.

BNY Mellon transforms cross-border payment transactions between Egypt and China

BNY Mellon transforms cross-border payment transactions between Egypt and China

A cross-border transaction between Egypt and China had previously taken over two days. 

BNY Mellon has announced it has successfully facilitated the first-of-its-kind, fully-transparent payment transaction between Egypt and China. Previously, low-value international payments experienced limited cost transparency and uncertainty over settlement timelines. Leveraging the new SWIFT Go service, BNY Mellon acted as an intermediary for a payment between QNB AlAhli Egypt, the remitting bank, and Shanghai Pudong Development Bank, the beneficiary bank. Delivery of funds to the beneficiary and confirmation to the originating bank were achieved in less than three hours. A cross-border transaction between Egypt and China had previously taken over two days.

Businesses and consumers around the world have faced challenges when making smaller international payments, which include limited transparency over costs and uncertainty over when the funds will be delivered. In July 2021, BNY Mellon announced it was the first US bank to support SWIFT Go, a new service that allows financial institutions to facilitate efficient and reliable cross-border payments between consumers or small- and medium-sized companies.

“We’re thrilled to introduce cost-effective solutions for a better payment experience,” said Isabel Schmidt, Co-Head of Global Payments Products at BNY Mellon. “Thanks to this collaboration, our clients in the region will see a wide range of benefits, including faster speeds, more predictable fees, and greater security.”

“QNB AlAhli is pleased to be the first bank in Egypt to participate in this innovative initiative to introduce a better cross-border payment experience for our clients,” said Mohamed Bedeir, CEO of QNB AlAhli. “With this successful collaboration, we are not only facilitating and enhancing the payment industry, but also supporting financial inclusion.”

The payment from Egypt to China is the latest milestone in BNY Mellon’s commitment to streamline and transform global payments. In May 2021, BNY Mellon launched the first-of-its-kind real-time electronic bill (e-bill) and payment solution. BNY Mellon was also the first bank to provide Request for Payment (RFP) messaging capabilities.

Secure Identity Alliance Awarded Qualified ITU-T Reference Organisation Status

Secure Identity Alliance Awarded Qualified ITU-T Reference Organisation Status

Landmark qualification enables the ITU-T to normatively reference OSIA specifications

Secure Identity Alliance (SIA), the global non-profit association representing actors and organisations active across the digital identity ecosystem, today announced that it has been qualified under Procedure A.5 by the International Telecommunication Union’s Standardisation Division (ITU-T).

The qualification enables the ITU-T to normatively reference OSIA specifications. A digital public good, OSIA is an open standard set of interfaces (APIs) that enables seamless connectivity between building blocks of the identity management ecosystem – independent of technology, solution
architecture or vendor.

Following a rigorous assessment process conducted by ITU-T Study Group 17, the ITU’s standardisation expert group for security, SIA successfully qualified under Recommendation ITU-T A.5 having fulfilled several key criteria. These included an open membership/participation model and IPR Policy, a comprehensive change management process and the maturity of the OSIA specifications.

Matt Cole, Chairman of the SIA, said: “Our mission is to unlock the full power of identity so that people, economy, and society thrive. In 2019 we launched the OSIA initiative to develop a framework of open standards for the interoperability of identity systems. The ITU-T qualification is a testament of the good work we have done over the last few years and represents a stepping stone in the continued collaboration with ITU-T SG-17 .”

Prof. Heung Youl Youm, Chairman of ITU-T Study Group 17, said: “ITU SG17 is happy to have approved the qualification of SIA under ITU-T A.5 in its SG17 Closing Plenary on Friday 2nd September 2022. We look forward to the next steps of this collaboration.”



Privacy, Security, and Choice Drive Canadians’ Desire for Digital ID

Privacy, Security, and Choice Drive Canadians’ Desire for Digital ID

Canadians need to feel safe and in control when they engage in the digital economy. Core to that safety are privacy, security and choice in how they share personal information online. According to the third annual national survey undertaken by the Digital ID and Authentication Council of Canada (DIACC), a staggering 91 per cent of Canadian respondents are calling for control over their personal data collected by provincial and federal governments.

Additionally, 86 per cent of respondents want control over personal data collected by private organisations, and 80 per cent want a secure and unified digital ID ecosystem.

“A trusted pan-Canadian digital identity framework is essential to digital economic prosperity,” said DIACC president Joni Brennan. “While there is some progress on recognising the importance of digital ID, Canada is still at a stage where more work must be done on the policy side to ensure a truly digital economy.”

Unlocking an inclusive digital economy is an opportunity for the government to rebuild much-needed trust among Canadians, enhance privacy, and demonstrate that citizens’ rights are a top priority. According to the Edelman 2021 Canadian Trust Barometer, only 53 per cent of Canadians trust government organisations – a drastic decline of six points since only the previous year.

DIACC’s research reflects this lack of trust. “A trusted digital ID framework needs to be designed with people at the centre. All Canadians need to be able to choose if and how they want to use their digital ID credentials. Digital ID is not intended to replace existing physical ID methods, but as an optional supplemental tool,” Brennan said.

Establishing a trusted digital ID will allow people and organisations the choice to verify themselves online securely, while protecting personal information with no user traceability. It offers a decentralised, privacy-enhancing solution for both the private and public sectors.

The DIACC applauds the federal government for including digital identity as a priority in Treasury Board President Mona Fortier’s  mandate letter. The need to invest in digital ID was also referenced twice in the House of Commons Finance Committee’s 2021 pre-budget recommendation as critical to supporting Canada’s Digital Government Strategy in secure service delivery.

“It’s encouraging to see recognition of the critical role that digital identity plays in enabling Canada’s economy; however, we need to see a real commitment to action if we are going to reap the benefits of Digital ID and Digital Trust in meaningful economic growth,” said Dave Nikolejsin, the DIACC’s Board Chair, referring to the DIACC’s Pan-Canadian Trust Framework (PCTF).

The PCTF is a publicly available set of tools, shared principles, and guidelines to help organisations operate in a digital ecosystem. It includes processes like Notice and Consent, Authentication, Verification, Privacy, Credentials, and Infrastructures – both technologically and operationally.

Most importantly, the PCTF is citizen-centric. It is designed to keep users safe.

“This is an opportunity for industry and government leaders to come together and build a strong partnership. We have the fundamentals, we have the expertise, and we have the framework. Now, we need mutual investment across sectors to put the PCTF into action,” said Franklin Garrigues, VP External Ecosystems at TD Bank, DIACC Board Vice-Chair.

Nearly two-thirds of survey respondents are calling for governments to collaborate with the private sector to develop a pan-Canadian digital ID. On top of this, three quarters want the government to move quickly.

Privacy. Security. Choice.

DIACC is committed to developing research and tools to enable secure, robust, and scalable Canadian digital identity (digital ID) solutions and services. With digital advancements happening at a surefire rate, DIACC prioritizes privacy, security, and, most importantly, choice of use at the forefront of all digital ID initiatives.

To achieve real growth and sustainability, Canadians need transparency in governance. They need a digital ID they can own and choose to use. A digitally and economically prosperous Canada depends on it.