While quantum computing is still very much in its early stages, it’s important that companies are already thinking about this evolving technology – and more importantly implementing and stress testing much needed solutions suitable for a post-quantum world.

In this blog series we have already discussed the evolving threat that is quantum computing, the need for Post Quantum Cryptography, and how security standards are evolving. In this final instalment we’ll be looking at the examples of PQC already in development.

Thales is actively engaged in research and development (R&D) efforts in the field of post-quantum cryptography. Recognising the potential impact of quantum computing on current cryptographic systems, our team is dedicated to developing and advancing secure solutions that can withstand the power of quantum computers.

One of our key objectives is to identity and evaluate the most suitable post-quantum algorithms for different applications and scenarios. This involves thorough analysis and testing to determine the algorithms’ effectiveness against quantum attacks while considering their performance characteristics and compatibility with existing cryptographic infrastructure.

We’re actively collaborating with academic institutions, research organizations, and industry partners to foster innovation and exchange knowledge in the field of post-quantum cryptography.

Some examples of projects, research and initiatives that we are currently involved in include:

Piloting the first successful Post-Quantum phone call

Post quantum threats hold significant implications for situations involving highly sensitive information, such as the exchange of classified data during encrypted phone calls. To address these concerns, Thales helped developed a proof of concept to evaluate the scalability and effectiveness of its quantum-protected mobile solutions.

In this pilot our team successfully experimented end-to-end encrypted phone calls, tested to be resilient in the Post Quantum era.

The pilot was performed with the Thales ‘Cryptosmart’ secure mobile app and 5G SIM cards installed in today’s commercial smartphones, testing a mobile-to-mobile call, voice/data encryption, and user authentication.

Any data exchanged during the call is set to be resistant to Post Quantum attacks thanks to a hybrid cryptography approach, combining pre-quantum and post-quantum defence mechanisms.

PQC Signature Tokens

Thales has been working on PQC Signature Tokens, a revolutionary smart card that incorporates a quantum-resistant digital signature algorithm. This feature can provide organizations with a powerful tool to ensure the integrity and authentication of their data files.

The smart card can securely store the private keys necessary for generating digital signatures. When a user wants to sign a data file, the token utilizes the private key to internally process and create a signature based on the file’s digest. This ensures that the signature is unique to the file and cannot be tampered with or replicated.

To enable verification of the signature, the PQC Signature Token also includes associated public keys. These public keys are certified by a trusted certification authority, allowing recipients of the signed files to check the signature’s validity. By verifying the authenticity and integrity of the file through the certified public keys, organizations can have confidence in the legitimacy of the data.

The certificates associated with the public keys can either be stored within the token itself or accessed from a server in the cloud. This flexibility provides convenience and scalability for organizations, allowing them to manage and distribute the necessary certificates according to their specific requirements.

The TDIS PQC Signature Token represent a significant advancement in data security, particularly in the face of quantum computing threats. With its integration of quantum-resistant algorithm and secure key management, this smart card empowers organizations to protect their data files, maintain data integrity, and establish trust in digital transactions.

We are already involved in two internationally funded projects with the TDIS signature token:

Securing Medical Data with Moore4Medical

Moore4Medical creates connected health products, including connected mattresses – designed to use real-time data and IOT to monitor patient health data and ultimately improve patient outcomes.

However, health data is sensitive and can cause harm if it ends up in the wrong hands – creating security and privacy issues. There is a need for a technical solution that are secure by default, ensuring a true end-to-end data security of the patient data.

We’re collaborating on this EU-funded project to create a quantum resistant e-Passport for sensitive medical sensor data, which will provide enhanced identity and authentication of patients, achieving the necessary performance and functionality levels while guaranteeing security and long privacy protection for this sensitive data.

Securing the Future of Electric Power and Energy Storage with ELECTRON

ELECTRON aims at delivering a new generation EPES platform, capable of empowering the resilience of energy systems against cyber, privacy, and data attacks.

EPES platforms refer to a combination of technologies and infrastructure used for generating, distributing, and storing electrical power. EPES systems are designed to enhance the efficiency, reliability, and sustainability of power delivery and energy management.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme and has the following four task forces:

  1. Shielding the EU borders: Addressing and Mitigating Cyberattacks and Data Leaking in Ukraine
  2. Looking ahead: Providing a Resilient Electric Vehicle Ecosystem
  3. Protecting the Renewables Energy Chain from Cyberattacks and Data Leaking
  4. Proactive Islanding Meets Efficient Threat Detection: Addressing & Mitigating Cyberattacks in the Romanian Energy Chain.

We’re working on the second task help improve privacy and security by adding digital signatures and an auditing mechanism ensure that information come from trusted sources and protect against attacks.

To achieve this, we use a system called TDIS Quantum Cryptography OS to help make the system resistant to attacks from quantum computers. Our team will select the best algorithms for creating signatures on smart tokens. We’ll then show how these algorithms work on smart tokens and EPES systems. We’ll also keep improving the system’s performance and make it compatible with existing methods.

These are just a summary of some of the projects we’re working on in this field. The arrival of quantum computing poses an unprecedented challenge for the global cybersecurity community. Building defences against future threats may seem daunting, but it is an urgent task we must tackle head-on. While the post-quantum era is still a few years away, the increasing prevalence of quantum computing demands immediate action. By actively engaging in pilot programs and trials, Thales and its customers are proactively practicing crypto agility, preparing ourselves for the imminent arrival of this game-changing technology.

Explore similar topics:

Preparing Digital Identity for the Post-Quantum Era

The post Getting your organisation post-quantum ready appeared first on Cybersecurity Insiders.

In our previous blog we discussed the emerging technology that is quantum computing, the benefits it brings, but also the risks it can pose to digital identities.

In this next blog we’ll be taking a closer look at Post Quantum Cryptography, and the measures being taken by the industry to secure digital identities in the post quantum era.

Why is this so important? 

Quantum computing poses several risks to digital identities due to its ability to break certain cryptographic algorithms that currently underpin secure communication and digital identity systems. Some of the risks include:

  • Compromising Digital Certificates: Quantum computers could break commonly used encryption and signature methods like RSA and Elliptic Curve Cryptography. These methods are important for secure communications and digital seals. Digital certificates help verify the identity and integrity of digital identities in applications like secure web browsing. Quantum computers can undermine the security of these certificates and allow attackers to create fake ones, pretend to be legitimate entities, and carry out malicious activities.
  • Decrypting Past Interceptions: Quantum computers can potentially decrypt encrypted data that was intercepted in the past. If an attacker stores encrypted communication until a quantum computer is available, they could use quantum algorithms to decrypt the information. This puts previously intercepted data at risk of being exposed.
  • Identity Theft and Fraud: Quantum computing can enable attackers to break the encryption protecting personal information like passwords and credit card numbers. This could lead to identity theft, fraud, and unauthorized access to personal accounts or systems.

Several industry standards are currently being developed and evaluated for post-quantum cryptography. Although the field is still evolving, these are some of the major organizations and initiatives that are actively contributing to the development of industry standards for post-quantum cryptography. Their efforts aim to provide new guidelines, new algorithms, and updated protocols that will ensure the security of digital systems and communications in the presence of powerful quantum computers.

NIST Post-Quantum Cryptography Standardization: The US National Institute of Standards and Technology (NIST) is leading the standardization process for post-quantum cryptography. NIST initiated a project in 2016 to evaluate and select quantum-resistant cryptographic algorithms. Multiple rounds of evaluations and public feedback have been conducted. NSIT has selected four algorithms it will standardize as a result of the Post-Quantum Cryptography (PQC) Standardization Process: CRYSTALS–KYBER, along with three digital signature schemes: CRYSTALS–Dilithium, FALCON, and SPHINCS+.

Internet Engineering Task Force (IETF): The IETF is actively working on standards related to post-quantum cryptography. The Quantum-Safe Cryptography Working Group within the IETF focuses on developing specifications for quantum-resistant cryptographic algorithms and protocols, as well as providing guidance on transitioning to post-quantum cryptography.

European Telecommunications Standards Institute (ETSI): ETSI is also involved in the standardization efforts for post-quantum cryptography. Their Quantum-Safe Cryptography Technical Committee is working on developing standards and guidelines to ensure the security of cryptographic systems against quantum attacks.

International Organization for Standardization (ISO): ISO has established a working group, ISO/IEC JTC 1/SC 27/WG 2, dedicated to the standardization of quantum-resistant cryptographic algorithms. The working group is responsible for developing and maintaining international standards in the field of information security, including post-quantum cryptography.

In part three, we’ll be taking a closer look at the industry examples of post quantum cryptography already in action.

For further reading, please check out the following:

The post Preparing Digital Identity for the Post-Quantum Era appeared first on Cybersecurity Insiders.

Mobile Network Operators (MNOs) are under huge pressure from enterprises and consumers to deliver fast and efficient services – but meeting these expectations in the face of exploding data demands is not an easy task.

Fortunately, automation has emerged as a potential game-changer, holding the key for MNOs to meet end user demands and maintain a competitive edge.

In this blog, we explore four ways MNOs can harness the power of automation to not only deliver standout experiences, but to achieve their own growth and profitability objectives:

  • Scaling 5G: Network upgrades require significant investments from MNOs, so they need to identify efficiencies at every single stage – from network/service planning, to deployment, maintenance and operations. The application of automation at every single stage will be critical to make sure 5G can scale in a timely, reliable and cost-effective manner.
  • Tackling complexity: Networks, services and ecosystems are getting complicated. Indeed, MNOs are grappling with multiple technology generations and spectrum bands, at the same time as implementing new core architectures that embrace cloud, edge and virtualisation. Networks increasingly decoupling software from hardware is also adding additional complexity to operations and maintenance. Simplifying processes should therefore be a key focus area for automation to improve service offerings and delivery.
  • Supporting sustainability and security: Sustainability and security have long been top priorities for MNOs, and suppliers have already been responding to this through the use of automation. Product updates ranging from network sleep to energy efficient user management, threat mitigation and detection, feature rollout support to guard against threats. Innovation must continue in this space to accelerate progress towards these goals – helping to both protect confidential information and reduce our impact on the planet.
  • Increasing spectrum: The intersection of spectrum and networks represents a complex network dynamic with plenty of room for automated support, including multi-band operations, antenna and cell parameter optimisation and spectrum-aware radio planning – all alongside traditional self-optimising network (SON) functions. This should therefore be a key focus area for MNOs looking to drive efficiencies.

Despite the huge potential of network automation, internal issues are proving to be some of the most significant obstacles to adoption. Some of the biggest challenges include a lack of automation expertise, automation project ownership and administration, and an inherent bias against automated processes. It’s therefore crucial to garner C-level support to drive these initiatives forward and reap the benefits.

By embracing automation, MNOs will position themselves for success in the fast-changing telecommunications industry, ensuring they deliver exceptional experiences and stay ahead of the competition.

Find out more about why mobile network automation matters in the latest report by GSMA Intelligence: https://www.thalesgroup.com/sites/default/files/database/document/2023-02/tel-global-mobile-trends-2023.pdf

The post How mobile network automation will drive success for operators appeared first on Cybersecurity Insiders.

Have you ever found yourself in a situation where making a payment became an awkward ordeal? Perhaps you’ve caused a hold up at the tube barriers while waiting for your mobile device to recognise your fingerprint, or maybe you’ve drawn a blank on your PIN number at the supermarket checkout.

This predicament is a familiar one. However, the payments world is in a state of constant evolution, striving to make the experience faster and more seamless.

One of the biggest advances in recent times is the launch of Thales Biometric Payment Cards. These physical cards integrate a built-in fingerprint scanner that replaces the need for PINs during transactions – resulting in an experience better than traditional cards and existing contactless options.

Biometric payment cards are finally getting the attention they deserve and hitting the mainstream, thanks to their ability to address genuine, real-world problems. Here are five ways our cards are transforming how we make payments…

  • Seamless transactions without PINs: We have enough to think about when making a purchase – from our account balances, through to the necessity of the purchase, and even the whereabouts of our belongings at that moment in time. Biometric payment cards can free us up from entering our PIN, or signing for the purchase, so we can better focus on our surroundings. They also save us valuable time so we can quickly get on with our days.
  • Battery efficiency: A distinctive feature of our biometric cards is that they have no battery. Instead, they draw energy from the payment terminal to verify the cardholder and will only start a transaction when they know there’s enough energy to properly run the biometric authentication. This capability significantly minimises the likelihood of payment failures, ensuring reliability in each transaction.
  • Pay any amount: Experiencing payment rejections can be discomforting. Often, this happens when we have simply exceeded transaction limits, or when we have maximised the allowed number of contactless payments, and the need for further verification is triggered. Biometric payment cards circumvent this through heightened compliance and security measures, enabling users to make payments of any amount, as frequently as needed, while upholding complete safety.
  • Reduced risk of fraud: The contactless limit is frequently being raised – which is great news when you want to make a fast, fuss-free payment. However, this capability can become a problem in the scenario of a card being lost and someone else takes it on a spending spree. Biometric payment cards eliminate this risk and provide a strong safeguard against unauthorised expenditure.
  • Intuitive ease of use: There are so many different types of card readers out there now that it’s not always obvious to consumers where to place the card – on the top of the machine, to the side, or underneath. However, Thales’ biometric payment cards can work in almost any position because they measure the power of the POS terminal before starting a transaction. This means that authentication can be carried out even if the user shows some hesitation.

With these cutting-edge cards having undeniable advantages, an important question arises: Why haven’t they already achieved widespread adoption? The answer lies in the historical cost barriers faced by banks.

However, as transaction volumes surge, economies of scale come into play which are starting to significantly reduce costs for banks. Secondly, the banks are realizing the gains of an enhanced user experience in enrolment, payment and performance to drive customer service efficiencies. The simplified integration of biometric cards into a bank’s existing infrastructure also cuts many of the fixed costs associated with offering these cards on a wide scale to customers.

Biometric payment cards are also reaching a tipping point due to heightened demand for personalized payment solutions. A myriad of sophisticated design options such as colored-edge cards, metallic inks and rPVC all contribute to making these cards stand out from the crowd even more. And personalization extends beyond aesthetics to encompass practicality; languages are configured directly in the card making it easy for an issuer to customize the user experience.

Customers using these cards will also attest to the fact you don’t have to be tech-savvy to use them. They make life easier, not more difficult.

The final word

Biometric payment cards are the future, and we’re proud to be leading the market with product innovation. For consumers, these cards remove any limitation or concern with contactless payments. Meanwhile, for banks, It’s clear that these cards hold the potential to reshape the payments landscape on both individual and institutional fronts.

Find out more about the new Thales Biometric Payment Card here: https://www.thalesgroup.com/en/markets/digital-identity-and-security/banking-payment/cards/emv-biometric-card

 

 

 

 

The post Why it’s time for biometric payment cards to hit the mainstream appeared first on Cybersecurity Insiders.

Have you ever found yourself in a situation where making a payment became an awkward ordeal? Perhaps you’ve caused a hold up at the tube barriers while waiting for your mobile device to recognise your fingerprint, or maybe you’ve drawn a blank on your PIN number at the supermarket checkout.

This predicament is a familiar one. However, the payments world is in a state of constant evolution, striving to make the experience faster and more seamless.

One of the biggest advances in recent times is the launch of Thales Biometric Payment Cards. These physical cards integrate a built-in fingerprint scanner that replaces the need for PINs during transactions – resulting in an experience better than traditional cards and existing contactless options.

Biometric payment cards are finally getting the attention they deserve and hitting the mainstream, thanks to their ability to address genuine, real-world problems. Here are five ways our cards are transforming how we make payments…

  • Seamless transactions without PINs: We have enough to think about when making a purchase – from our account balances, through to the necessity of the purchase, and even the whereabouts of our belongings at that moment in time. Biometric payment cards can free us up from entering our PIN, or signing for the purchase, so we can better focus on our surroundings. They also save us valuable time so we can quickly get on with our days.
  • Battery efficiency: A distinctive feature of our biometric cards is that they have no battery. Instead, they draw energy from the payment terminal to verify the cardholder and will only start a transaction when they know there’s enough energy to properly run the biometric authentication. This capability significantly minimises the likelihood of payment failures, ensuring reliability in each transaction.
  • Pay any amount: Experiencing payment rejections can be discomforting. Often, this happens when we have simply exceeded transaction limits, or when we have maximised the allowed number of contactless payments, and the need for further verification is triggered. Biometric payment cards circumvent this through heightened compliance and security measures, enabling users to make payments of any amount, as frequently as needed, while upholding complete safety.
  • Reduced risk of fraud: The contactless limit is frequently being raised – which is great news when you want to make a fast, fuss-free payment. However, this capability can become a problem in the scenario of a card being lost and someone else takes it on a spending spree. Biometric payment cards eliminate this risk and provide a strong safeguard against unauthorised expenditure.
  • Intuitive ease of use: There are so many different types of card readers out there now that it’s not always obvious to consumers where to place the card – on the top of the machine, to the side, or underneath. However, Thales’ biometric payment cards can work in almost any position because they measure the power of the POS terminal before starting a transaction. This means that authentication can be carried out even if the user shows some hesitation.

With these cutting-edge cards having undeniable advantages, an important question arises: Why haven’t they already achieved widespread adoption? The answer lies in the historical cost barriers faced by banks.

However, as transaction volumes surge, economies of scale come into play which are starting to significantly reduce costs for banks. Secondly, the banks are realizing the gains of an enhanced user experience in enrolment, payment and performance to drive customer service efficiencies. The simplified integration of biometric cards into a bank’s existing infrastructure also cuts many of the fixed costs associated with offering these cards on a wide scale to customers.

Biometric payment cards are also reaching a tipping point due to heightened demand for personalized payment solutions. A myriad of sophisticated design options such as colored-edge cards, metallic inks and rPVC all contribute to making these cards stand out from the crowd even more. And personalization extends beyond aesthetics to encompass practicality; languages are configured directly in the card making it easy for an issuer to customize the user experience.

Customers using these cards will also attest to the fact you don’t have to be tech-savvy to use them. They make life easier, not more difficult.

The final word

Biometric payment cards are the future, and we’re proud to be leading the market with product innovation. For consumers, these cards remove any limitation or concern with contactless payments. Meanwhile, for banks, It’s clear that these cards hold the potential to reshape the payments landscape on both individual and institutional fronts.

Find out more about the new Thales Biometric Payment Card here: https://www.thalesgroup.com/en/markets/digital-identity-and-security/banking-payment/cards/emv-biometric-card

 

 

 

 

The post Why it’s time for biometric payment cards to hit the mainstream appeared first on Cybersecurity Insiders.

Welcome to Paris, a city that’s famous for its food, fashion and art. We’re lucky enough to have our head office here, so our team have lots of opportunity to soak up the culture and get inspired.

Next week, on the 28th – 30th November, our home city will welcome energy professionals from around the world to Enlit Europe as they come together to meet and make progress towards a greener, decarbonised world.

In the spirit of sharing the magic of Paris, here are some must-see attractions for visitors to the event:

  • The Louvre: This is one of Paris’ most striking buildings. The modern glass pyramid stands in stark contrast to the historical surroundings, making this one of the most photographed spots in the city. Inside, immerse yourself in some of the world’s most iconic paintings and sculptures – but don’t forget to book in advance to guarantee entry.
  • The Orangerie Museum: Visit The Orangerie to view the iconic ‘Water Lilies’ by Claude Monet. The famous collection of artwork is displayed across a series of rooms and guests are asked to remain silent – providing a tranquil escape from the urban buzz. Other artists on display include Henri Matisse, Pablo Picasso and Henri Rousseau.
  • The Eiffel Tower: Paris wouldn’t be Paris without the iconic silhouette of the Eiffel Tower. You’ll catch glimpses of the tower when strolling around the city, but it’s well worth a visit to enjoy the panoramic views from the top.
  • The Seine River: The Seine River runs through the centre of Paris, and you can’t go wrong with a gentle walk or boat trip to soak up the city. You’ll enjoy some of the city’s most beautiful architecture, passing landmarks including The Notre-Dame and the Orsay Museum.
  • Montmartre: The neighbourhood of Montmartre is known for its artistic history and bohemian atmosphere. Be sure to climb the steps to the Basilique du Sacré-Cœur for a breathtaking view of the city, and wander through the area’s narrow streets filled with artists’ studios and cafes. Don’t forget to visit Place du Tertre, where local artists display their work in an open-air square.

Finally, if you’re attending Enlit Europe at Paris Porte de Versaille, you will be able to find us at the GSMA stand 7.2.E162 or in meeting room 7.3MR08. Come and talk to us about how our advanced technologies and innovation around the Internet of Things are shaping the future.

Find out more here: https://www.enlit.world/directory/thales-2/

The post Top five things to do in Paris appeared first on Cybersecurity Insiders.

The world is in a climate emergency, and it’s never been more important for industries to accelerate solutions that will support the energy transition. Enlit Europe, taking place from the 28th – 30th November, will bring together 12,000 energy professionals to find new ways to deliver clean, affordable and reliable energy for everyone.

So, as representatives from utilities, network operators, vendors, consultants, start-ups and system integrators gather in Paris, what innovations should we be looking out for?

GSMA’s Global Trends Report shares insight into the latest technological developments that will drive greater energy efficiency…..

  • Sustainability built into technology road maps: A significant change in telecoms network buyers’ priorities is the growing imperative to build sustainability into the technology roadmap. Energy and the climate used to be confined to the realms of CSR, but evidence over the last three years suggests these factors have steadily risen up the agenda. This has culminated in energy efficiency being their top priority, with more than 80% rating it as important or extremely important to their planned upgrades.
  • Enterprise sectors driving Internet of Things (IoT) growth: Nearly two thirds (63%) of enterprises are deploying IoT as part of their wider digital transformation efforts, according to the research. Indeed, IoT will reach 37 billion connections by 2030, with the enterprise sector driving significant growth. This includes connections that will support a more sustainable future including smart cities (0.7 bn), smart utilities (1.8 bn) and smart buildings (6.8 bn).
  • 5G bringing energy efficiencies: Three quarters (75%) of operators believe 5G is more energy efficient over the long term. This is notable as the network accounts for around 90% of electricity use for an average operator. Lowering energy use overall is the challenge, and that depends on retiring 2G/3G networks, behavioural change and moving to renewables.
  • Potential for open networks to drive further gains: The rise of open architecture networks, including open RAN, has garnered much attention. Besides reducing the market power of traditional vendors energy implications are also in play. However, it is too early to make firm conclusions on the overall energy efficiency of open RAN compared to traditional mobile network architectures. More proof points are needed.
  • Measuring progress: While climate and energy issues have garnered significant attention, the ESG movement is broader, incorporating social and governance reforms in terms of how companies operate. In the telecoms sector, this could, for example, include requirements for suppliers to have sustainable procurement practices, or a certain threshold for gender composition at the executive/board level.

Connect with Thales at Enlit Europe

With European operators more exposed to the energy crisis, Enlit Europe will be a good opportunity for industry leaders to stay up to date with the latest innovations, and make progress towards decarbonised and digitalised energy systems.

If you’re attending, we’ll be showcasing our IoT Connectivity & Security solution based on the latest GSMA standards: IoT eSIM (SGP.32) and IoT SAFE. In this demo you’ll see a smart meter that is capable of reporting power consumption to an IoT platform via different cellular networks, dynamically selected.

After establishing a secure channel using IoT Safe technology, the eSIM monitors events such as power on, network loss, country change to the Thales TAC server that initiates a cellular profile download, swap or delete from any SM-DP+ (Subscription Manager Data Preparation) on the market. This allows a real-time data report and ensures localisation, resilience, mobility and lifecycle management with a high level of security.

Join us at meeting room 7.3MR08 or at the GSMA booth 7.2 M18. Register for free here

The post Trends to watch at Enlit Europe appeared first on Cybersecurity Insiders.

There are many scenarios where we might need to prove our age – from ordering an alcoholic drink in a bar, to applying for a job, buying medication, or accessing age restricted content online. And while most people currently use physical documents (such as a passport or a driving license) to verify their age, we are now moving into a new era of age verification. ‘Digital identities’ and digital wallets have emerged as safe, secure and convenient solutions when it comes to verifying identities.

It’s important to note that standard physical IDs remain important. These highly secure documents are crucial as foundational forms of identification – however, digital wallets will increasingly complement these and help more people access services safely and efficiently.

The growth of digital forms of identification is expected to be huge. In fact, the number of people using digital IDs is set to hit 6.5 billion by 2026 – an increase of more than 50% from 2022. This rate of adoption is being supported by the fact that this technology is advancing at pace, with digital IDs now holding far more advanced capabilities than simply holding essential documents….

They can share information on a need-to-know basis only

One of the biggest advantages of digital IDs in age verification is that you can prove your identity without revealing all your personal information. While digital IDs can hold vast quantities of data, they can also pinpoint the specific data that is needed in an given situation.

This could mean, for example, that if you are buying alcohol in a supermarket or entering a nightclub, you could confirm that you are over the legal age without sharing full documentation. This is a huge boost for privacy as people will no longer have to share personal details (such as their full name or their address) that are not relevant to the purchase or activity. With digital wallets, we will be able to disclose information on a far more selective basis.

In addition to this, the service provider will not be able to obtain a copy of customer’s ID document, helping to further reduce access and potential security risks.

They provide multi-layer security mechanisms

Consumers are rightly concerned over the access, use, and security of their personal information, and some may feel hesitant about the privacy of their identity once it is in a digital form. However, there are multiple, robust layers of security in place to protect individual data, including encryption and multi-factor authentication. This means digital IDs are incredibly secure and users are protected from identity theft.

Another innovation that has helped to make digital IDs even safer is biometrics. Here, a fingerprint or facial recognition is used to verify the user, making it far more secure than a password which could be guessed or hacked.

Biometric authentication also helps to increase convenience. When verifying your age, you no longer need to remember a complicated password, but can access essential documents with ease. This is particularly helpful when you in a situation where you want to quickly verify your age and carry on with your day.

They’re user-centric

There’s a common misconception that you need to be tech-savvy to use digital IDs, however this is not the case. The idea behind digital IDs is to support faster, more efficient transactions, so they have been designed to be as accessible and easy-to-use as possible.

Once your digital wallet has been pre-loaded with your age credentials, you can quickly share this information when needed with a face or fingerprint scan. This will then launch a QR code from the digital wallet that can be scanned to verify that you are above the desired age threshold.

They’re a robust online verification method

Until recently, online age verification has not been particularly foolproof. People could easily enter false date of births to access certain websites or services, and human error could also lead people to input or read information incorrectly.

Digital IDs, however, provide a trusted means to accurately ensure users meet the required age limits. This will help online retailers or services providers where people need to prove their age, but may not want to provide full access to their identity.

The final word

When it comes to age verification, digital IDs could make transactions in the real-world far more streamlined – particularly for people who carry a phone but do not routinely carry physical forms of ID. With an increasing number of services now available online, Digital IDs will also be an enable of robust age verification for restricted services. This will ultimately make life better for customers and increase sales for businesses.

It’s important to note that digital IDs will only complement physical IDs, and not replace them entirely. However, they carry clear advantages for both security and convenience, and will undoubtedly take us into an exciting new era of age verification.

Learn more here: https://www.thalesgroup.com/en/markets/digital-identity-and-security/digital-id

The post A new era of age verification appeared first on Cybersecurity Insiders.

It’s International Fraud Awareness Week – a dedicated time to raise awareness of fraud. In an increasingly digital world, protecting our personal information is more important than ever, which is why we’re taking a moment to talk more about the steps we can all take to safeguard our digital identities…

A digital identity is a digital representation of our identity information, such as our name and age. They work just as a physical identity would – just in a digital version, with encrypted data and digitally signed attribute to ensure the document is genuine and authentic.

Such digital credentials are crucial to establish trust between individuals and online service providers – helping to verify the identities of people and things, onboard them to new services, grant access, share data and validate transactions.

And while they enable us to enjoy everything that the online (and real!) world has to offer, we also need to remember that fraudsters are continually trying to find new ways to compromise our identity – and unless we’re careful we can leave breadcrumbs across the internet.

For this year’s International Fraud Awareness Week, we’re sharing some small things you can do to keep your credentials and online personas secure….

  1. Monitor for compromises: On this blog we speak frequently about the importance of setting two-factor (2FA) and multi-factor authentication (MFA), which is where users are required to verify themselves using more than just a password. But it’s important to also remain vigilant for notifications indicating unauthorised access. This week is a good time to shut down inactive email accounts and unsubscribe from company communications which may distract from important notifications.
  2. Rely on trusted services: As digital interactions become increasingly prevalent and with the rise of data breaches and scams online, we may find ourselves more and more uncomfortable sharing sensitive information such as ID scans. It is more important than ever for us to exercise our due diligence when engaging with companies and online platforms, ensuring that they take all necessary precautions to safeguard our personal information.
  3. Avoid storing ID document scans on your phone: Storing scans of your official ID documents (such as screen shots or pdf copies of your passport or driver’s license) on your devices can create significant privacy and security risks. If your device is lost, stolen, or hacked, then these DIY scans containing all your personal information are vulnerable
  4. Remember the cybersecurity basics: Updating your device’s operating system whenever prompted to, staying vigilant to phishing and avoiding public WiFi without a Virtual Private Network (VPN) will all help to keep your personal information safe. Remind yourself of the cybersecurity basics here.

These relatively simply measure will go a long way to enhance online identity protection and keep our personal information safe and secure.

 

The post International Fraud Awareness Week: Safeguarding Digital Identities appeared first on Cybersecurity Insiders.

If you work in the banking or payments industry, then no doubt you would have heard about the new Proposed Services Directive… also known as PSD3.

But what does the new proposed regulation mean? How does it differ from PSD2? When does it come into force?

We’ve summarised all you need to know below.

What is PSD3?

PSD3 is a proposed set of rules that will regulate electronic payments and the banking system in Europe. This includes non-bank payment service providers (PSPs).

It amends and updates the existing PSD2 framework –with the aim of addressing new challenges and opportunities in the digital payments landscape.

What impact will it have?

PSD2 was a major new piece of legislation so it was inevitable that incremental updates would be required, particularly in the fast-paced banking and finance industry. Industry players continue to innovate at an incredible pace – with recent years seeing strong growth in digital payments and open banking.

And while PSD2 brought about changes and digitization, it also revealed gaps in legislation due to various developments in the market.

PSD3 aims to address these gaps, prevent fraud, and encourage innovation. Financial institutions, banks, and payment processors are advised to proactively explore ways to adapt their systems to meet the requirements of PSD3 once it becomes law in the EU.

Some of the key revisions in PSD3 are designed to:

  • Promote fair competition: PSD3 aims to create a level playing field between banks and non-banks. It enables non-bank payment service providers to access all EU payment systems while ensuring appropriate safeguards and securing their rights to a bank account.
  • Advance Open Banking: PSD3 focuses on improving the functionality of open banking. It aims to remove remaining obstacles to the provision of open banking services, giving customers more control over their payment data and facilitating the entry of innovative services into the market.
  • Enhancing cash availability: PSD3 addresses the availability of cash in shops and ATMs. It will allow retailers to offer cash services to customers without requiring a purchase and provides clearer guidelines for independent ATM operators.
  • Improving consumer rights: PSD3 seeks to improve consumer rights, particularly in situations where their funds are temporarily blocked. It also enhances transparency on account statements and provides clearer information regarding ATM charges.
  • Streamlining Regulation and Enforcement: PSD3 strengthens harmonization and enforcement by enacting most payment rules through directly applicable regulations. It reinforces provisions on implementation and penalties, ensuring a consistent and effective regulatory framework.

What’s the timeline?

The exact timeline for implementing PSD3 is not yet known, but finalized versions may be available by late 2024.

Once approved, member states will have two years to incorporate the new standard into national legislation. Companies will then have an additional two years to comply with the regulations. This gives businesses within the European Economic Area (EEA) enough time to adapt their systems and operations.

The final word

PSD3 represents the evolution of payment services in Europe and aims to tackle emerging challenges and leverage opportunities in the digital payments landscape.

Through consultation and stakeholder input, the European Commission intends to create a strong framework that protects users, fosters innovation, and ensures secure electronic payments.

The finance industry will need to adapt to these regulatory changes to remain competitive and compliant in the evolving payments ecosystem.

Please contact us if you want to discuss how PSD3 will impact you.

The post PSD3: What is this new regulation and how does it impact payments in Europe? appeared first on Cybersecurity Insiders.