vision 2014: identity authentication and credentialing in practice
DESCRIPTION
Understand how clients today are leveraging best-in-class identity authentication in tandem with the issuance and management of online user access credentials.TRANSCRIPT
© 2014 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.
Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in
any form or manner without the prior written permission of Experian. Experian Public.
Identity authentication and credentialing in practice
Peter McDonald Symantec
Keir Breitenfeld Experian
#vision2014
Ken Pruett Experian
2 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Introductions
Position:
► Robust authentication linked to ongoing credentialed identity management both mitigates risk and improves customer experience
Purpose:
► Understand how clients today are leveraging best-in-class identity authentication and the issuance and management of online user access credentials
► Consider identity proofing and credentialing options and decision criteria
► Discuss where you are in the process
Introductions and session goals
3 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
By 2020
80% of digital access will be shaped by new mobile and non-PC architectures, up from 5% today
60% of all digital identities interacting with enterprises will come from external identity providers through a competitive marketplace, up from <10% today
80% of enterprises will allow unrestricted access to non-critical assets, up from <5% today, reducing spending on IAM by 25%
Overall IAM product and pricing will drop by 40% relative to today in real terms
70% of all businesses will use Attribute-based Access Control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today
Identity analytics and intelligence (IAI) tools will deliver direct business value* in 60% of enterprises, up from <5% today
Why this session matters?
Source: Gartner, 2013
4 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Trends, drivers and decision criteria
Experian identity proofing overview
Symantec credentialing overview
Market adoption and trending
Use cases
Lessons learned
Agenda
5 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Cloud Mobile
Social Information
Key trends to consider Gartner’s nexus of forces
Source: Decision Point for Selecting Authentication Credentials and Factors. Gartner.12 September 2013
6 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
What authentication methods, credentials and factors should organizations use to provide the appropriate level of identity assurance for resource access?
Assessing options in the market
Source: Decision Point for Selecting Authentication Credentials and Factors. Gartner.12 September 2013
Identity proofing
Assessing depth of
relationship
Client platform
Application interoperability
Adaptive access
Constraints
7 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
User experience and expectation
Compliance
NSTIC / federated identities / IAM / IDaaS
Cost reduction and resource constraints
Fraud prevention and detection – current and emerging channels
Big Data analytics – authentication and identity/transaction monitoring
Mobile device adoption and binding
Identity authentication and credentialing Market and business drivers
8 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Customers access mobile and online services via a step up authentication with less risk and interoperable credentials
Often ambiguous or shifting compliance requirements demand evolutionary services
Multiple industries directionally migrating toward federated identities – embed higher-trust user authentication methods within identity services
Reduce costly authentication fails and desperate processes
Counter PII constraints and decline and username/password compromise
Offer federated identities with ongoing and more effective identity risk assessment
Leverage mobile environment for risk mitigation multi-factor authentication
Identity authentication and credentialing Value propositions
9 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Sample authentication decision flow
10 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Experian’s expertise in information and data analytics provides companies with insight to manage fraud and compliance challenges across the customer life cycle, from prospecting and acquisition to customer management and collections
Experian fraud and identity solutions What we do
Fraud loss mitigation
Compliance
Customer experience
Cost control
11 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Data
Demographic data aggregation and verification via Experian Precise Match architecture
Consumer credit oriented information related to demographics, risk conditions, and account information
Identity transaction information and link analysis beyond basic identity element verification and validation
Detail
Consumer-centric summary and detailed results that portray the level of authentication achieved
Identity and identity element validation and verification
Link analysis and velocity checks
Related identity information appends and insight
Knowledge-based authentication questions and grading via Knowledge IQ
Analytics
Scores designed to segment first and third party identity fraud risk
Risk attributes for use in sophisticated decisioning and custom model builds
Market and client specific models oriented toward unique addressable markets and process points
Set-up and Decisioning
Flexibly designed object-oriented strategies that incorporate detailed results, scores, risk attributes, and knowledge-based authentication performance
Real-time or batch processing
XML/Web services or Web User Interface access options
Precise IDSM Foundations
Progressive and flexibly designed authentication across the customer life cycle
12 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Precise IDSM Meeting client and industry challenges
Compliance Identity element validation and
verification
Tailored compliance oriented
decisioning strategies
Identity risk scores and attributes,
identity transaction checks,
knowledge based authentication
Pointed and progressive use of
various capabilities to mitigate
risk unique to a client market or
application
Risk-based
authentication
Evolutionary platform that
aggregates additional assets and
delivers innovative services over
time
Device intelligence and risk
assessment, positive and
negative data assets, client data
Emerging data
and technology
integration
Adjust service configuration and
strategies as fraud threats,
compliance requirements, and
applications change
Detailed reporting and
consultative resources
Performance
management and
tuning
13 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Identity authentication Panoramic view
Consumer or
client initiated
acquisition or
account
transaction
Precise IDSM
authentication
Platform
PII data
verification
Identity
transactions
and link
analysis
Analytics
Knowledge-
based
authentication
Decisioning
Ancillary data /
services
Device
PII
Social
TXN
Account
Biometric
Credential
Consortium data
Identity,
device and
account data
Identity proofing
results and/or
decision
Identity,
device and
account data
Identity,
device and
account data
Consumer and client confirmation of fraud activity
Client fraud alert triggers
Consumer alert
14 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Symantec Leader in online trust and cloud authentication
Online Trust
Cloud identity mgmt • User devices • PKI authentication • Two-Factor (VIP)
Authentication • Norton Secure Login Identity
Symantec cloud identity customers
• Federal • State • Healthcare • Financial Services
Largest big data security analytics
• 1.5 billion security events • Lower online fraud processing
100 million URLs and 3.6 billion files every six hours
Trusted name Symantec protects the world’s
people and information 50+ million customers Leader in securing and
managing information and identities
Trusted cloud identity and
authentication leader
Cloud authentication • 4 billion daily authentications • 650 million daily impressions • #1 SSL provider • 93% top 100 banks • 90% top 50 retailers
15 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
USAA
Pin access
Embedded Symantec Two-Factor (VIP) Authentication
Charles Schwab
Charles Schwab Branded Token
Symantec Two-Factor (VIP) Authentication
Preventing fraud in finance Customer specific authentication user experiences
16 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
E*TRADE
Digital security ID
Symantec Two-Factor (VIP) Authentication
Others
Better user experience with push authentication
Preventing fraud in finance Customer specific authentication user experiences
17 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Symantec Validation and ID Protection (VIP) Intelligence within authentication
Evaluate…
Do we know this device?
Is it still the same device?
Is this device trustworthy?
Is it acting as expected?
…and respond
Device ID
Device fingerprint
Device reputation
User behavior
Actionable risk score
Low risk: Grant access without an
additional challenge
High risk: Challenge user via Out-Of-
Band authentication process
18 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Average person has five unique passwords
► Passwords alone are poor
Breaches in consumer sites are password trolling exercises
Greater adoption of two-factor and other advanced authentication
► HSBC to launch OTP hard or soft token
► LinkedIn, Evernote, Twitter
Mobile device becoming the authentication device
► Smartphones are an extension of ourselves
Identity authentication and credentialing Industry research and market adoption
90% – the estimated percentage of people, worldwide,
who have mobile phones and keep them within three feet
of themselves 24-hours a day. “
” – Eric Schmidt, The New Digital Age
19 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Precise IDSM Experian ID proofing + Symantec Two-Factor (VIP) Authentication
► ID Proofing
► Two-Factor (VIP) Authentication
► User intelligence
► Device intelligence
► Certification as full solution
Implementation for advanced and step-up authentication
Identity authentication and credentialing Market adoption and trending
20 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Poll: Credentialing adoption
Does your organization
currently provide customers
with application access
credentials beyond user name
and password today?
21 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Poll: Credentialing adoption
Do you anticipate your
organization adopting or
expanding use of access
credentials over the next
12 months?
22 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Use cases to consider
23 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
1. NIST Level 3 Remote Identity Proofing using Experian Precise IDSM
2. Multiple form-factors for OTP tokens for multiple platforms (PC, workstation, and mobile)
3. Two-factor authentication with PIN, OTP and in-the-cloud validation service supporting authentication of prescribers at time of prescription approval
4. Symantec PKI for organizational digital signing of e-Prescriptions
Identity authentication and credentialing Use case – client hub – e-Prescribe
Experian Precise IDSM
(NIST 800-63-1 Level 3)
Symantec VIP OTP Authentication
Service
Symantec PKI (Cross-Certified Federal
Bridge)
Symantec VIP Token
Pharmacy
Cle
arin
gh
ou
se
e-Prescribing application
Prescriber
24 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Identity authentication and credentialing What the user sees
25 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Identity authentication and credentialing Use case – Symantec hub – Federal Agency
Symantec
IdP
application /
workflow
Password
management User registration/
login / support
Experian® API
Symantec API
RP
registration /
SAML 2.0
assertion
Relying
party
OTP token management /
validation
VIP
ID proofing
Precise ID / knowledge IQ
postal mailing
Relying party
management
User
Subscriber
directory
Name Email Password OTP serial # Transaction ID
26 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Gaining access to high value accounts
► Provide a high degree of security for key clients
► Improve customer experience for authentication and credential issuance
Utilize score and questions to provide a secure level of authentication
► Overall pass-rates close to 80%
► Strong performance when questions are answered
► Well accepted by client
● Working now to fine tune the process
Identity authentication and credentialing Use case – financial services (brokerage)
27 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Identity authentication and credentialing Use case – financial services (deposit/card)
Push notification service
User
Smartphone
VPN, VDI…
1) Displaying login page
2) Request the push auth through AJAX
3) Request push notification
4) Push notification (just trigger)
6) Return the authentication results as a 6 -character code
7) Submit ID/PWD/code
Enterprise
Push
Java script
APNS, GCM
VIP Enterprise Gateway
5) Contents download and approve/deny
User Directory
8) Verify ID/code
9) Grant access
28 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Consumer clarity – education around purpose and process of identity proofing
► PII, KBA, etc.
► Set the stage…don’t jump right in
Client engagement around:
► Process flow
► Business drivers
► API review and settings options
Identity proofing performance monitoring and adjustment
► Levels of assurance, risk-based, input element variations and change
► Question performance
► Evaluate abandons = opportunity
Multi-factor options
Identity proofing and credential binding
Support processes for identity proofing and/or credential fails
Lessons learned
29 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Home stretch…
Kool & the Gang is warming up as we speak
30 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Identity authentication with effective credentialing works across multiple industries
Adoption is expected to grow substantially over coming years
Strategies such as NSTIC will likely drive Identity as a Service via commercial opportunity for service providers and users
Options and use cases are varied – a pragmatic approach to evaluation of services is critical
Consider process points managed by your organization vs. service providers
Education is ongoing…
Conclusions Summary and a look forward
31 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Questions?
Thank you!
32 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
For additional information, please contact:
Hear the latest from Vision 2014
in the Daily Roundup:
www.experian.com/vision/blog
@ExperianVision | #vision2014
Follow us on Twitter
33 © 2014 Experian Information Solutions, Inc. All rights reserved. Experian Public.
Visit the Experian Expert Bar to learn more about
the topics and products covered in this presentation.