Blog article
See all stories »

What is holding back commercial eID services?

The recent article[1] about the UK governments attempts to facilitate eID for government services being handed to the private sector made me think what is holding the eID market back?

With mobile phone and integration of connected devices technologies improving the security and user experience for digital services.  The use of biometric sensors in devices require companies to relying on and to trust the device and the associated biometric infrastructure.  This is becoming an ‘implicit’ trust framework, with no 3rd party liability no the manufacturer of the biometric device.  The FIDO (Fast ID Online) alliance has created a framework to exploit the biometric sensors in devices to unlock eID credentials.   However, this framework does not create an effective commercial value chain. 

This is the issue that hampered NFC mobile payment deployment with multiple technical solutions but no workable commercial model.  That was before the NFC card tokenisation commercial model was defined, created and deployed initially by ‘ApplePay’.  This model created an effective commercial relationship as the ‘token provider’ is paid for providing the service either each time a payment is made by consumer or the token is created.  The international card schemes were key stakeholders that define, enforce and facilitate the commercial model between card issuer and merchant acquirers for mobile NFC payments. 

The need to improve how people prove their identity electronically is increasing as more services move to a digital first approach.  This presents an opportunity for organisations to create these eID services coupled with Secure Customer Authentication (SCA) PSD2 compliance requirements.  However, SCA is unlikely to create a commercial model as each payment account owner is likely to rely on their own eID solutions that may use biometrics or other authentication methods. 

The questions are who creates the commercial relationships for eID services and who manages the technology standards?  These roles are fulfilled by the card payment schemes for the NFC ‘tokenisation’ in the mobile NFC ecosystem as well as manging its operation.

To date the biometric service available in the mass market, appear not to easily map on to a business value chain model for eID services.  Technologies, such as voice or facial recognition work now but no organisations are managing the commercial relationships and technology standards.  I see this as a potential role for the card schemes in the future.  

 

[1] https://www.computerweekly.com/news/252453631/Digital-identity-market-welcomes-plan-to-hand-Govuk-Verify-to-private-sector

 

a member-uploaded image
4858
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Comments: (1)

Maximiliaan Van De Poll
Maximiliaan Van De Poll - Cybernetica - Tallinn 11 February, 2019, 11:35Be the first to give this comment the thumbs up 0 likes

Interesting article, Anthony. I think part of the difficulty here is actually having to rely on a third party provider or manufacturer. There are evaluating bodies that will certifty technologies to the highest level, which financial institutions can and do trust. The right technology doesn't have to rely on the security of the mobile device, but for now, it does rule out biometrics. 

Anthony Pickup

Anthony Pickup

Consultant

MYRECS LTD

Member since

23 May 2014

Location

Manchester

Blog posts

13

Comments

10

This post is from a series of posts in the group:

Biometrics

Biometrics are the new weapons of war against online fraud and supporting financial services with biometric authentication and their KYC (Know Your Customer) procedures. ​ There are many different areas where biometrics are being deployed. For example in digital identity; an alternative to user names and passwords; protecting against ID theft; account takeovers and multiple accounts. ​ Mobile biometric authentication is helping to verify new and returning customers at the point of log-ins, payments and digital on-boarding.


See all