evolution of identity stoyan kenderov - mac 2014 conference
DESCRIPTION
Gen Y expectations of convenience and immediacy are driving mobile app developers to integrate payments as a feature of their apps and work to make it seamless to the app experience. That's great, but as more and more new technology entrants ascend into the payments field, security and fraud risks are threatening to cripple the growth of the industry. We are still relying on many pre-Internet age identity assertion techniques, many of which have been made obsolete by customer that chose to live their lives on social networks. Luckily, social data and sensors are giving us new tools to incorporate into these apps to tighten up security while at the same time catering to the expectations and tolerance of the Gen Y user - the largest demographic force to enter the market.TRANSCRIPT
The Evolution of Identity In a World of“Payment as a Feature”
“It is not the strongest, nor the most intelligent that survives. It is the one
that is most adaptable to change”
Darwin
Stoyan Kenderov, Intuit Inc.
Keynote
Business as usual?
What is changing
The scope of identity and its proxies are changing as we transact more and more of our business electronically and across borders
What has changed?The flow of knowledge amongst people and agents prior to the Internet and social networks.
We are on the verge of connected intelligence
Social networks are bringing people’s lives into the open
Mobile devices are adding more context and facilitating information activation
Lies spread fast
…and get caught fast
People are sharing activity streams online to shape their identities or earn
a benefit
Gen Y is INVESTING in their online identities
“I need your attention to feel
safe”
“I need my privacy to feel
safe”
The dichotomy of convenience vs. security in an app world
• 50+% do not use a password or PIN to lock their smartphone or tablet
• 44% who do not lock their mobile devices because “too cumbersome"
• 30% who do not lock their mobile devices “are not worried about the risk”• Only 33% percent make a point of logging into an application every time they use it.
• 66% try to leave applications perpetually logged in unless they are required by the application to log in every time
• 30% “often forget or mistype password on the small keyboard”
• 60% “wish there was an easier form of authentication for mobile applications”
Luckily the mobile phone industry has come to the rescue. Now all apps can be secured at once with our real identity….
Source: Confident Technologies
#hacked
"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints."
CCC, Germany
How secure are our challenge questions?
• What is your mother’s maiden name?
• In which city were you born
• Where did you go to school?
Its getting easier to impersonate and the bad guys are taking advantage
663,587,386 stolen records of personal information since 2005
How are we responding?
“The Best Payment System Is The One You Don’t Even Notice.”
• Trying to solve for speed and convenience and embedding payments as a feature in more and more apps
The holly grail:
#hacked
“Starbucks executives confirmed that the popular mobile payment app has been storing usernames, email addresses and passwords in clear text, which allows passwords and usernames to be extracted...”http://www.moneynews.com/Personal-Finance/Starbucks-app-hack-iOS/2014/01/17/id/547634#ixzz2vgUIqajd
“4.6 million usernames and phone numbers were exposed when Snapchat got hacked last month…”http://gigaom.com/2014/01/09/snapchat-says-sorry-for-getting-hacked-updates-app-with-phone-number-opt-out/
“Usernames, passwords, mailing addresses, e-mail addresses and phone numbers had been compromised by hackers, but no credit card information had been stolen…5.6 million people have pledged funding to 56,000 projects since its launch in 2009.”http://www.cnn.com/2014/02/15/us/kickstarter-site-hacked/
The real threat is: Password fatigue!We use the same password again and again…in 100’s of apps
How can we solve both security AND speed/convenience
Embrace the expanded notion of identity and
use it to protect customers
Individual device motion patterns as part of identity
Opt-in social data for challenge-response questions
• Who below is not a friend of yours?
• Which of the following songs do you miss hearing?
• Where did you not go in the last 7 days
Let It Go (by Frozen)All Of Me (by John Legend)Let her go (by Passenger)Team (by Lorde)
No Signboard Seafood RestaurantMellben SeafoodParadise Dynasty
126 (搵到食 ) Eating House
• Motion patterns of device in hand• Typing velocity for different bi-graphs and tri-graphs• Device fingerprinting• Using social data for a one-time “something you know”• Real-time machine learning techniques for slightest variations• Collective responsibility for fraud and privacy• Regulation that enables experimentation
A smarter toolkit
Conclusion• Gen Y is demanding convenience and payments as a feature in their applications.
• This in turn brings many new merchants into the payments market.
• Many of these merchants will not have the sophistication to deal with security and fraud.
• Our security toolkit is becoming obsolete all the time.
• The Internet is the new public record and has gradually extended the notion of identity.
• Young customers are far more willing to opt in their online identities and data in exchange for convenience and security.
• Our industry can adapt to the trend and deal with fraud while offering simplicity, convenience and security.
• We need to extend our protective umbrella of fraud prevention methods to those that need it.
• Public policy needs to evolve to allow for this innovation to occur.