© ValidSoft 2013 © ValidSoft 2013

The Future of Secure, Mobile Authentication

November 2013 – Opus Research, Voice Biometrics Conference

Daniel Thornhill, Product Manager

Proprietary and Confidential information 1

© ValidSoft 2013

Who is ValidSoft?

Proprietary and Confidential information 2

§  Member of Elephant Talk Communications Corp. (NYSE MKT: ETAK) that is an international provider of business software and services to the telecommunications and financial services industry;

§  Protecting all channels through telecommunications;

§  Provider of Context-aware Voice Biometrics through In-band and Out-of-band delivery channels;

© ValidSoft 2013

Mobile Wallets: What does it mean?

Proprietary and Confidential information 3

© ValidSoft 2013

Migration to Mobile – Changing the Security Landscape

Proprietary and Confidential information 4

44% of mobile customers

avoid mobile banking due to security

$721bn Value of mobile

payment transactions

in 2017

450 million

Global mobile payments

users by 2017

A GROWING MARKET FACING KEY CHALLENGES

© ValidSoft 2013

Some Mobile Consumer Concerns

Proprietary and Confidential information 5

•  Consumers’ Mobile Banking Security Concerns, 2011

Other please specify - 1% Combination of above - 3%

Malware on my phone - 3%

Losing my phone or having it stolen – 13%

Someone could see my bank account information on my phone – 15%

Someone intercepting my calls or data – 20%

Hackers gaining access to my phone remotely – 44%

June 2012, n=962 Base: All consumer with mobile phones who listed security as a primary reason for not mobile banking. ©2012 Javelin Strategy & Research.

© ValidSoft 2013

•  Traditional security models compromised:

•  2005 - Tokens by MitM attack

•  2007 - Certificates by MitB attack

•  2009 - OOB by SIM Swap/CFU

•  Traditional security models intended for other channels rather than the mobile platform (Branch, Card Readers, 2FA @ ATM designed for other channels) - Mobile requires a new approach;

•  Securing enrolment and App activation;

•  Managing rollout and cost, without compromise;

•  Not versatile or dynamic;

•  Managing False-negatives/False-positives;

•  Mobile means mobility and a security models needs to support this paradigm shift

The Problems We See

Proprietary and Confidential information 6

© ValidSoft 2013

•  Designed specifically for smart-phone;

•  Built to leverage the always-on, high-definition data channel;

•  Greatly reduces traditional Equal Error Rates

In-band Mobile Authentication

Proprietary and Confidential information 7

© ValidSoft 2013

•  No phone call; no cost

•  Natural, low-friction authentication = ease-of-use

•  High-definition voice; can use 24kHz and above

•  LTE will improve results over 3G

•  Introduces context: device profiling

The Advantages of In-band Voice

Proprietary and Confidential information 8

© ValidSoft 2013

Frustration vs. Fraud; The Equal Error Rate

Proprietary and Confidential information 9

•  Traditional voice biometric solutions are binary in their decisions;

•  Lower fraud equals higher frustration;

•  Thresholds are normally set to the right of the EER; fraud prevention takes precedence over consumer convenience;

•  The EER exists because traditional biometric solutions are based on biometrics in isolation;

•  The data channel lowers it;

•  Grey Zone Logic and Contingency processing removes it

Frustration Fraud

© ValidSoft 2013

•  An area where the biometric result is non-deterministic;

•  Not a pass, not a fail;

•  Grey results dynamically trigger contingency processing;

•  Contingency processing introduces other factors or other channels;

•  Provides intelligence on context not previously available

Grey Zone Logic

Proprietary and Confidential information 10

© ValidSoft 2013

•  Repeat Phrase

•  Out-of-Band Voice Biometric

•  Out-of-Band Digit Challenge

•  Out-of-Band Challenge/Response

•  In-band Challenge Response

Dynamic Contingency Processing

Proprietary and Confidential information 11

First attempt to move out of the Grey Zone

Detect and trigger if data signal poor but environment good

Detect and trigger if background noise excessive and data signal poor

Detect and trigger if background noise excessive and data signal poor

Detect and trigger if background noise excessive but data signal strong

© ValidSoft 2013

Removing the Equal Error Rate

Proprietary and Confidential information 12

Traditional Equal Error Rate Dynamic Contingency Processing

© ValidSoft 2013

Multi-channel Applicability

Proprietary and Confidential information 13

© ValidSoft 2013

Questions

Proprietary and Confidential information 14

?