Category: Access Control

I recently changed positions to take care of synergy for Thales DIS and to mark the occasion, I wanted to share with you my personal reflection on this subject.

What is synergy?

The term “synergy” comes from the Greek word, “synergos”, which means to work together. It refers to the interaction between two or more things whose combined efforts are greater than the sum of their own.

Synergy often has strong business connotations, especially in the post-merger phases between two companies. To explain as such, Capgemini Consulting captured in a visual the complexity of the objectives to be achieved and proposed a methodology to be implemented.

Methodology behind implementing synergy in business

However, this is not the only field of application when it comes to synergy.

Synergy in practice

  • In the arts, we often speak of alchemy:
    • just think of Paul McCartney’s melodies and the poetic lyrics of John Lennon
    • the tumultuous but productive relationship between Mexican painters Frida Kahlo and Diego Rivera
  • In politics:
    • just think of the European Union and how it brings together the different complexities and needs of 27 countries in a single political union
  • In sports:
    • the addition of individual stars is sometimes not enough to win a cup. Instead it’s the cohesion and unison of the coach and team that ultimately leads to success
  • In love:
    • some would say a child the result of a synergy

Synergy is everywhere! Since man has been man, synergy has been the basis of the success. But what do all these forms of synergies have in common?

Synergy is humanity’s weapon of mass success

6 ingredients for successful synergy

I have often said that business is first done between people, before the companies that they represent. The successful construction of a harmonious relationship between two individuals will determine the success – or failure – of the business.

Two experiences come to mind:

  • When I was a salesman at GlobeCast, I signed a contract with a new client worth several million euros for a solution that had never before been imagined, nor sold
  • Later, when in charge of the partnership with Facebook, I obtained an app developer agreement that had never been granted to anyone before

Each time, the following elements were awarded:

  1. Mutual trust and respect
  2. Active listening and passion to understand the motivation and needs of my interlocutors
  3. The desire to progress and find together (with both the client and within a team) a solution that benefits both parties
  4. Work, work and work to make it happen 
  5. Incorrigible optimism and the passion to think big. As French sociologist Edgar Morin says, “we must hope in the improbable, and work for the improbable”
  6. A little bit of luck

We must hope in the improbable, and work for the improbable
French sociologist Edgar Morin

Building a future with synergy

If synergy is at the basis of the world, it also constitutes its future. Indeed, as the European Commissioner for the Internal Market, Thierry Breton, says, “we have stepped into an era of ‘permacrisis”.

Climate change, resource scarcity, energy transition and sobriety, demographic explosion, geostrategic tensions and armed conflicts, tensions within the global subcontracting chain and labor shortages are some of the global challenges to be met for humanity by the middle of the 21st century.

However, one thing is certain: human civilization is at a turning point and our individual and collective actions in the years to come will be crucial. No actor (country, society, institution, etc.) can claim to hold all the keys alone.

Faced with these challenges, only a pooling of intelligence and energy can succeed. The world has never needed synergy so much to function.

Leading synergies at Thales

Since September 1 2022, I have been Head of Synergies Strategy and Marketing at Thales DIS.

This involves leading initiatives at the crossroads of the various Thales global business units, by creating common value propositions and testing them on target markets (Defence and Security, Aerospace, Space, etc.).

Thales DIS is resulted from, in a large part, the acquisition by Thales of Gemalto in 2019. Now fully integrated into the Thales group, Thales DIS is at the heart of a number of synergies with teams that can benefit from the know-how and leadership of Thales DIS in the areas of digital identity and data protection.

Our expertise can be broken down into five segments in which we are committed to building a leadership position:

  • Mobile Connectivity, offering solutions for mobile telephone operators and manufacturers of connected objects with SIM cards and secret provisioning platforms in remote mode
  • Banking and Payment, offering solutions to banks and financial institutions such as smart cards in their physical and digital versions, as well as secure solutions for online banking and payment security
  • Identity and Biometric services offers solutions to governments, government agencies and public services with the issuance of secure identity documents and associated services (Passports, ID cards, national registers,…)
  • Cloud Protection and Licensing offers solutions for physical and digital access and data protection, within the company or in the cloud, to a wide spectrum of companies
  • Artificial Intelligence and IOT services primarily offers solutions to the automotive, health and energy markets, with solutions for the connectivity of objects and the security of data exchanged

I’d be glad to hear your thoughts – feel free to contact me or send us a tweet at @ThalesDigiSec.

The post Why synergy management is the new soft skill in permacrisis times appeared first on Cybersecurity Insiders.

Imagine you’re a French national going to study abroad in Greece for one semester, and all the logistics involved in setting up home there temporarily. All these logistics often require various touch points where you will have to prove your identity; usually with various means (passport, proof of address, education, income etc.) When you arrive at the Greek university, you just need to open your wallet and present a digitalised version of your diploma for the university officer to check your eligibility. Simply scan a QR code to create a secure communication channel from which encrypted data can be exchanged. This information has already been validated and proven by a trusted authority. The same process would apply to prove your identity  to easily allow you to swiftly set up a Greek bank account, sign a rental contract  – or even prove age on a student night out. Not only it becomes easy to share official documents but those documents are protected and your data is encrypted at all time, and is only available to the right person. So, let’s explore digital IDs…

Journey from hypothetical to reality 

This hypothetical scenario is not one ripped from the science fiction pages, or the result of a futurist prediction. There has been an acceleration towards digital identity recently, meaning that digital IDs are not just used by so called ‘tech-savvy digital natives’, but the wider population. The Covid-19 pandemic, and associated lockdowns served as a major catalyst for this.  

It’s fair to say then, that the concept of digital identification is already well established, and using a smartphone to board a plane, store bankcards or prove vaccination status has become second nature to many of us. But the experience is often clunky, with many forms to fill in, and is not as secure as it could be.  

In fact, a major survey conducted into EU ID by Thales revealed that 45% of Europeans are currently relying on insecure, unofficial, ‘DIY’ (do it yourself) scans and photos of their cards and documents to help prove their identity and entitlements.  

Countdown to European Digital ID 

While the concept of digital identification is already well established, the development of internationally accepted electronic identity (eID) systems has been piecemeal and inconsistent. 

If we look at the EU as an example: only 14% of key public services across all EU Member States allow cross-border authentication with eID; according to the European Commission there is a need to improve acceptance of the scheme and user experience. These roadblocks certainly don’t help in building a strong level of consumer trust.  

However, this is set to change with the introduction of the latest legislation on European Digital Identity – eIDAS2. In short, eIDAS2 means that by September 2023, each EU Member State must make a digital ‘wallet’ available to every citizen and business who wants one. In tandem, service providers in both public and private sector organisations; such as banks and telcos; will have to accept it as proof of certain personal attributes. From providing electronic signatures to paying fines or accessing health services, EU citizens will be able to use the eIDAS wallet, in every Member State; generating millions of authentications every day.  

Thales’s research found that the wallet is set to be welcomed with open arms. Two out of three Europeans citizens are looking forward to the arrival of an EU-backed Digital ID Wallet for storing their ID card, driving license and other official documents and signed attestations on a smartphone. 

Digital ID becoming mainstream 

This acceleration towards Digital ID isn’t just taking place in  the EU – just earlier this year the UK government proposed legislation to secure digital identity, even creating the Office for Digital Identities and Attributes.  

With just under a year away until eIDAS2 comes into force, it will be interesting to see how the conversation, debate and appetite for digital IDs continues to evolve.  

In the countdown towards the eIDAS2, keep checking back on the DIS blog where we’ll be discussing the following topics:  

  • Generational and regional attitudes to the wallet  
  • What Citizens want from a wallet  
  • Challenges and hurdles to overcome to build a streamlined, secure and efficient wallet 

For further reading, visit:  

The post Digital ID – Day in the life of a digital citizen after eIDAS2 appeared first on Cybersecurity Insiders.

2.4 billion smartphone connections are set to use eSIMs by 2025. eSIMS were one of the hot topics at this year’s Mobile World Congress, and we’ve discussed its’ potential a great length on this blog.

Alongside the benefits for consumers, eSIMs present a huge opportunity for massive IOT deployments – providing an efficient means for IoT organisations to achieve resilient global connectivity while streamlining device manufacturing and simplifying deployments.

As this adoption continues to grow, having a clear strategy will be vital to capitalise and make best use of the new opportunities that this technology presents.

Earlier this year, Stephane Quetglas, Director of Marketing for Embedded Products here at Thales, sat down with George Malim, the managing editor of IOT Now, to discuss in greater detail. In case you missed it, you can find highlights from the interview below.

George Malim: Do you think it’s fair to blame cellular connectivity for the delayed deployment of massive IoT?

Stephane Quetglas: Cellular introduces significant differences in comparison to other connectivity technologies; that can hold back some players but in reality there is great potential. There are multiple aspects to cellular adoption and different organisations experience these in different ways. Companies that are used to Wi-Fi, for example, think it is difficult to embrace cellular connectivity because it is new to them. Others find the need to have a subscription with a mobile network operator and having to have a service contract an obstruction. Even those that are comfortable with both these aspects still need to insert a physical SIM into a device that has been manufactured elsewhere and the cost of doing this locally can make IoT use cases unviable.

A solution to this problem is roaming so a global SIM can be inserted at the place of manufacture and the device can then roam when it is deployed. Roaming works for consumers when they travel but it’s often expensive and this is a problem for IoT because the cost can be too high for a given use case.

Is cellular difficult for IoT deployments because it was designed for consumer communications?

No, in fact the technology itself is ideally suited for both IoT and consumer markets but in some new use cases such as the massive IoT market you have simpler devices. A smart water meter that you want to connect in order to remotely collect water consumption data is a far simpler device, costs less and runs for a long time, often ten years, on a battery without recharging. If you wanted to use this in the same way as a smartphone, you’d need to charge the battery every day and this is the reason why low power wide area (LPWA) networks exist and power saving technologies have been developed. Cellular connectivity plays its part here with LTE-M and NB-IoT designed specifically for IoT.

The cellular industry has also put forward embedded SIMs (eSIM) for the past ten years to bring flexibility to the marketplace. You can use an eSIM to avoid relying on roaming because it means you can change your subscription to a mobile operator network at any time. This technology is fantastic in terms of the flexibility it delivers to IoT. It was developed first for M2M applications and its most successful use case to date is in the automotive sector in terms of adoption. Another area of wide eSIM adoption is in consumer electronics with smartphones and smart watches.

The technologies used are similar but not exactly the same because the M2M eSIM has been designed to enable remote management of unattended devices while consumer applications rely on the end user to download the mobile subscription. Now, the next step for the industry is to use eSIM to specifically address massive IoT deployments.

So, what do the companies that deliver IoT services and applications really need?

If you look at the new enterprises that are introducing IoT – the IoT service providers – they need a system that is simple. Some companies have low experience of cellular technologies and are not able to invest a lot of time and money in understanding connectivity. They want to focus on their offerings and their business models, not to become cellular experts.

Flexibility is also important because companies want a choice in terms of connectivity. It could be, for example, that a company has connectivity provided by a certain mobile operator in France while, in the US, it uses another operator. From a device manufacturing process perspective, you would need to manufacture a device that is specific to France and a device that is specific to the US. You would then have to manage new product references and stock-keeping unit (SKU) numbers. That’s a challenge to achieve and it’s hard for companies to predict what volumes of which country-specific device they need. They could end up with huge demand in France but a warehouse full of devices configured for the US market. Having one SKU for all markets is far easier and cost-effective. It’s ideal to have a single SKU in order to simplify manufacturing and logistics.Ima

Companies need flexibility that allows them to pick the right connectivity and avoid roaming charges and be very lean in terms of manufacture.

This interview initially appeared in the Q2 edition of IOT Now.

Want to know more?

Or read the full interview with IoT Now where Stephane discusses the progression of eSIM adoption, and how the Thales Adaptive Connect solution allows Connectivity Service Providers to become true enablers of massive IoT deployments

The post Harnessing the Power of eSIM: How consumer eSIM technology can unlock massive IoT appeared first on Cybersecurity Insiders.

The concept of Digital ID wallets has become more mainstream in recent years, due to many factors. Whether it’s having your Covid-19 vaccination status stored on your device, your boarding passes stored on a Google Pay wallet, or proof of age – the concept of being able to easily prove who you are to access services via digital means is becoming increasingly common.

However, the Digital ID experience is often clunky, disjointed, and is not as secure as it could be. In our previous blog, Day in the Life of a Digital Citizen, we outlined just how a secure, joined up approach to Digital ID would impact the day to day lives of citizens – and how that is a step closer thanks to the forthcoming EU Identification.

This is hopefully all set to change, thanks to forthcoming regulation. Starting with a pilot phase in 2023 and implementation in 2024, all EU member states must make a Digital Identity Wallet available to every citizen who wants one. This is one of the main outcomes of the recent evolution to the eIDAS regulation for electronic identification.

With these forthcoming changes, we wanted to understand citizen’s current attitudes to Digital ID wallets, what’s important to them, and what they want to see out of a digital wallet. To this end we conducted an EU-wide consumer research survey – with some of the key findings outlined below.

What is the appetite like for a digital ID wallet?

Our research, conducted with over 1,800 EU citizens across 7 countries, found that 66% would use a Digital ID wallet. Interestingly acceptance greatly increases dependent on experience; it reaches 73% for those already using a form of Digital ID compared to 44% of those who don’t.

Do citizens have a favoured ID provider? 

In all but one of the countries surveyed, government emerges as the preferred provider of the European Digital ID Wallet. Overall, 60% of EU citizens position governments as the most legitimate to issue an EU wallet. This is closely followed by banks, at 32%. Interestingly, users of an official mobile ID are even more convinced and are 70% to favour a government initiative.

Does security trump convenience?

Despite media rhetoric to the contrary, when it comes to Digital ID wallets, security is more important than convenience. 66% of EU citizens said security is the most important factor for them. That’s not to say, however, that convenience isn’t key – it was the second most important factor, doubling in importance for those under the age of 45.

Other key takeaways from the research found that:

  • 73% of citizens already have some form of digital ID or copies of document (in pdf, jpeg format) stored on their phone
  • 67% think the wallet should be able to be used anywhere within the EU
  • Ease of access will be key, with users favouring a single wallet to access all of their documents
  • Official IDs and health related use-cases will be the biggest drivers of adoption for the wallet

In the countdown towards the eIDAS2, keep checking back on the Thales DIS blog where we’ll be discussing the following topics:

  • Generational and regional attitudes to the wallet
  • Challenges and hurdles to overcome to build a streamlined, secure and efficient wallet

For further reading, visit: 

The post What citizens want from a Digital ID Wallet appeared first on Cybersecurity Insiders.

This summer should be the summer of travel. It’s hard to think of an industry more severely impacted by the Covid-19 pandemic. And after two years of lockdowns, restrictions and additional complications, passengers are now looking to take advantage of seamless international travel again.

However, if you’ve been paying attention to the headlines of late – then it’s clear to see it’s not been the glorious return to the skies as initially hoped. Long queues, strikes and cancelled flights have dominated headlines – on an almost daily basis.

In our previous blog we discussed how Digital ID technology has the potential to greatly improve the efficiency, security – and ultimately customer journey at the airport with the announcement that  American airlines recently launched their own Mobile ID scheme.

In this blog, we’re going to look at the other technological innovations that can revolutionize the airport experience.

Entering the paper-free era

Passports, check-in information, boarding passes, visas, proof of vaccinations – depending on where you’re travelling to it can feel like a never-ending list of documents that you need to have to hand at the airport, which can cause frustration to even the most seasoned of travellers.

Not only is there a multitude of documents to keep track of, there are five key checkpoints at an airport; check-in, bag drop, security border control and security at the gate. All requiring some form of ID or documentation – it’s no wonder customers can become flustered.

However, digital ID and biometric technology is starting to take off as we enter the era of the paper-free passenger….

Biometrics unlocking the future of travel

None of us are strangers to biometrics now, and it’s even being used in certain touch points in airports already. Biometrics is one of the most secure means of ID, so imagine if it could be used to create a unique ID, allowing passage through check-in, bag drop, border control and security at the gate.

From check-in to take off

Solutions such as Fly to Gate are designed specifically to improve and streamline the passenger experience – while satisfying robust security protocols. Digital ID and facial biometrics can be harnessed to do just that – all the while removing the need for passengers to show a ticket or ID at every checkpoint.

So, how would it work in practice? In theory, everything can be done before you even step foot in an airport. You’d start by opening your digital ID wallet to create a Digital Travel Credential, which is then stored on your device. When checking in with your chosen airline you’d then be asked to share your biometrics. This information, combined with the Digital Travel Credential, means you can then be identified at all the touchless self-service apps within the terminal once you arrive.

The technology works in real-time – with the token erased once the flight has taken off, ensuring absolute data privacy.

Through automated biometric and document verification technologies, the process is simplified for both passengers, airports, and airlines, increasing efficiency, and providing integrated security too.

All of this can create a complete self-service experience for passengers, which reduces processing times, including biometrics saving 30% in boarding times.

Want to know more?

Read our latest articles:

The post Biometrics: The Future of Airport Technology appeared first on Cybersecurity Insiders.

Crime, law and order, and forensic science-based shows have long been a popular staple on our television screens; Crime Scene Investigation (CSI), Bones, Dexter, Sherlock – just to name a few. And the popularity of the genre has only increased in recent years thanks to the rise of True Crime podcasts.

According to Psychology Today, one of the reasons for the growing popularity is because “Crime entertainment is like working a puzzle that also gives you a rush of excitement every time you put the last piece in. For the sake of curiosity, these series are often presented in a play-by-play mystery format, where the viewer is solving the case alongside the detectives.”

One of the key players in any crime scene investigation drama is the forensic detective or scientist. Sherlock Holmes, D.B.Russell, Dexter Morgan, Ella Lopez and Temperence Bones – all fan favourites, and as viewers, we enjoy watching them use a combination of logic and modern science to crack the case.

While these characters are fictional, many of the techniques are very real; and there’s some amazing forensic technology out there that helps real-life investigations.

Reliable Mobile Biometric Identification

We often see our favourite detectives out on location, tracking down suspects, interviewing witnesses or on the hunt for evidence. In these scenarios, where developments can happen in the blink of an eye, it’s vital to have reliable and accurate information at hand.

Mobile identification solutions provide invaluable information to those in the field. It gives them access to data such as; positive identity verification, benefits verification, arrest records, restraining orders, and wants and warrants.

This secure software should be able to leverage a law enforcement agency’s existing equipment for a complete end-to-end solution.

Automated Biometric ID Systems

On our favourite T.V crime dramas, the case often moves at a rapid pace; new evidence is processed, ID checks are carried out almost instantaneously.

In real life, forensic examiners also need to find answers fast. To do so, they have to take hundreds, thousands or even millions of records into consideration when processing a case. And with hundreds of case files to process daily, they need a multi-biometric tool to find answers quickly and efficiently.

There are systems available that are able to capture, search, and store NIST-compliant fingerprints, palm prints, latents, faces, and irises at 500 or 1000 ppi. These systems use comprehensive, powerful tools to analyse and enhance quality of prints, increasing probability of hits. Such high-performance systems support large database capacity while maintaining high throughput and fast response time.

Automating the Analysis, Comparison, Evaluation and Verification (ACE-V)

Forensic investigators often have to juggle multiple cases at once, with hundreds of prints to analyse, compare, and evaluate. Until now, navigating the ACE-V methodology has been a painstaking process involving many manual steps, and time-consuming documentation. However, the technology now exists to streamline the entire process; replicating the fast nature of crime scene investigation that you’d witness on CSI.

This technology enables forensic departments to manage cases with consistency and efficiency, organising by case and record notes, evidence and annotations.

Enabling Identification of Individuals

We’ve all seen it on multiple crime dramas, where a suspect is caught and is brought in for a mugshot or presented as part of a line-up, to be identified by an eyewitness. Technology also helps to keep track of these.

The CMS system is Thales’s latest generation of mugshot and booking records management solution supporting agencies in their investigation operations. Our CMS technology is secure and easy to use and ensures fast and accurate identification of individuals.

CMS combines four essential modules in one unique solution to provide the best support for to investigators and forensic examiners. These are booking management, mug book management, line-up management and face search.

Meeting FBI Standards for Palm Scanning

Another example of forensic technology are palm scanners. Often used in cases of biometric identification; where the scanner is used to determine the identity of an individual; palm scanners are used mainly for law enforcement applications, for example in prisons, police stations and refugee camps.

The comprehensive data that palm scanners collect, including; 10-prints, rolls, half-palms, thenar (ball of palm), full finger (distal, medial and proximal) and fingertip impressions, meet FBI standards and provide a wide range of information required by authorities.

So, next time you settle in for your favourite crime scene drama, take a closer look at the technology involved in solving the crime and see how many you can spot!

Our team are at the International Association for Identification Conference to showcase these ground breaking technologies between July 31 – August 6. Come down and visit us on stand 401.

The post The Forensic Technology Behind Your Favourite T.V Detectives appeared first on Cybersecurity Insiders.

In our Digital First blog series we have extolled the virtues of a Modern Card Program, and why they’re such an important part of any digital first banking offering. As well as the challenges of building such a program. In the final part of our series – we’re focusing on perhaps the challenge that this all hinges on… the mobile banking app! 

Challenge #3: The complexity of delivering a modern mobile banking app 

When a banking app is designed well, it’s simple. Simple to navigate and use; whether that’s to order a card, manage it or use it to pay at-stores and online. 

We are all familiar with the “Physical first, digital later” model for payment cards – when ordering an EMV payment card would take days to arrive via a paper application or a trip to the bank branch. Only when in possession of such physical cards, could cardholders on-board those details into their digital wallet, such as Apple Pay, to pay at-stores using NFC tap-to-pay, or in-app merchants applications accepting such payments. 

Digital first, physical later

The future is the other way around, Digital first, physical later. Cardholders receive a new virtual card in their mobile app in a matter of seconds, which can then be pushed into digital wallets.  Cardholders can also order the physical version of their virtual card. The banking app can also let the user: set new card parameters; spending limits per card; temporarily suspend the card for online purchases; foreign expenses etc. Everything is under the control of the user, right from the screen of his/her smartphone. 

However, for developers the modern bank app is a tremendous challenge far beyond a modern mobile front-end. Where does the complexity reside? Among many words to answer, one comes out strongly: orchestration.  

Banking mobile apps are the tip of the iceberg for developers launching a modern card issuance platform.  Below sea level are huge and complex infrastructure systems that need to be orchestrated to support real time services delivered via the mobile app.  We call this IT infrastructure the card issuing stack, integrating multiple front-end and back-end systems that control the cardholder’s cards life cycle, accounts and transactions, claims and settlements. 

However, it’s not just as simple as developing a normal mobile app. A card creation request requires multiple core banking infrastructure systems that have not been designed for real time. All data exchanges are sensitive and must be secure under PCI DSS rules. To do so, a massive amount of data must be orchestrated to ultimately deliver the experience the customer wants.   

Thales D1 picks the challenges and solves them for developers 

To deliver a Modern Card Program, a modern card issuing platform need to be deployed, integrating core banking legacy systems (account management, transactions management, claims and settlement among multiple component) with modern, new and cloud-based component to deliver real-time issuance, a modern mobile and web UX and PCI DSS compliance. 

Developers could choose a hard route using a handful of partners with thousands of system level APIs, managing all the orchestration of the card issuing stack internally, as well as all regulations rules.  With Thales D1, we offer to manage all orchestration and compliance challenges via unified SDK, with simple APIs that are use-case ready in a template design approach.  The net result is time and pain savings, and significant cost reductions. 

No card issuer should focus on re-inventing what Thales D1 will bring them “out-of-the box”.  Instead, issuers should focus on launching new services to their cardholders. Thales takes care behind the scene to build those services and operate them flawlessly. All in record times and cost effectively 

Want to know more?

Read our latest articles here:

The post Deploying a Modern Card Program – Mobile Banking App appeared first on Cybersecurity Insiders.

The banking industry has undergone a huge transformation in recent years and continues to transform as we head into the realm of real-time, digital first (and physical later) banking and payment. Characterized by the need to do things more cost-effectively, sustainably, faster, and with user experience at its core – modern card program strategies are revolutionizing the sector and embracing these changes will be vital for a bank’s survival.  

To set some context, here is just a short recap of the challenges and changes currently facing the banking sector: 

Online branches growth in popularity:

Can you remember the last time you visited a bank branch in person? If not, then you’re not alone – under the lead of agile fintechs and neo banks, the capabilities of banking apps have improved so much that there are very few reasons for customers to visit in person. In fact a survey from KMPG found that one in five UK consumers haven’t visited a bank branch since before the Covid-19 pandemic – a trend we will likely see continue.  

Fintechs are challenging the status quo:

Recent years have seen digital-first challenger brands give consumers greater choice and flexibility – revolutionizing personal banking. Not burdened by decades of legacy tech to contend with – these brands have managed to quickly design products and solutions that have user experience solely front of mind, and traditional institutions are forced to do the same.  Real-time, quick services, simple yet secure is what is in the DNA of such neo stakeholders in the financial sector. 

Boom in contactless payments:

Recent data that shows that in 2020 the number of people in the UK who registered for mobile payments grew by three quarters to over 17 million. And in December 2021, contactless payments reached its highest recorded level, accounting for 69% of all debit card transactions, and 56% of all credit card transactions – a trend that is expected to continue to rise.  

A Modern Card program and strategy is about unifying and improving the customer’s banking and payment journey with real-time digital card issuance and complete control of all their payment credentials. This blog series will explore why a Modern Card Program is an essential part of this and will address the challenges of bringing it fruition.   

Challenge #1: Managing connectivity with payment schemes to successfully deploy EMV tokenization and associated card services   

The growing demand for mobile, user-centric services for card issuance is front of mind for all card issuers, processors, and wallet providers. As we’ve already discussed – the banking sector has been transformed – driven by customer expectation to be in control 24/7, via their smartphones or a modern web interface. People want to order their physical, digital or virtual card instantly, via their mobile app and/or the web, then use it to pay at stores and online.  Cardholders want to be in control of their card’s settings. These services are no longer a nice to have – but an expectation.  

However, when it comes to traditional banks that have been issuing EMV cards for years, the core banking infrastructure in place is often not optimized to support real time services, nor to deliver a rich mobile experience. Beyond tokenization for digital wallets, launching new services such as virtual card issuance and secure display, 3DS, Click-to-pay or pay-by-instalments can be extremely challenging.  

Card issuers can find plenty of technology partners to implement new mobile-centric card services. For digital card for instance, major Payment Schemes provide access to their EMV Tokenization services. However, beyond APIs, managing connectivity with such network services is a real project on its own.  Frequent API updates and rapid innovation rollouts require a very close relationship with payment networks: a relationship that goes beyond the usual scope of work for developers.  

Success for such modern card programs relies heavily on the deployment of modern card issuing platforms, implementing a brand new mobile and web front end but also orchestrating the entire core banking systems involved in the card issuing stack and the card life cycle management (systems managing accounts, transactions, claims and settlement, among many more). 

EMV tokenization alone represent the lion share of such modern card programs services and require deep use case knowledge that can only be acquired by developing a close relationship with the token service providers.  Thales D1 has a unique role of the EMV tokenization market with a preferred partnership with leading payment networks, removing the complexity for developer to re-invent uses cases from scratch, using system APIs with no orchestration across the card payment stack 

By somewhat “tokenizing their relationship” with token services, provided via Thales and the D1 platform, developers can focus on rolling out innovative services for their cardholders while Thales deliver the tool to execute development in record time and cost. 

Want to know more?

Read our latest articles here:

The post Deploying a Modern Card Program – Digital First Banking appeared first on Cybersecurity Insiders.

In the past decade, the banking sector has undergone a massive transformation – putting speed, security, environmental considerations and user experience at its core. This blog post will be looking at how Digital PIN – a modern way to set, deliver or recover an EMV Card PIN code – is part of the modern card program strategy   

The PIN Code as a Card Verification Method for EMV Payment Cards 

The 4 digit PIN Code is a technology that has come to be part of everyday life and was introduced as a Card Verification Method (CVM) in the EMV standard to perform user authentication.  

PIN code verification can be performed online or offline.  The EMV standards allows two additional forms of CVM:  signature and “nothing” for low-amount contactless payments. 

What is a Digital PIN vs Current EMV card PIN code as we know it? 

Currently, when a customer registers for a new EMV card, it will typically be shipped to them in the post. This will be followed by another letter containing the 4-digit pin number that’s been assigned to them.  

Digital PIN refers to a new “digital delivery and management” mechanism: instead of a PIN code being sent in the post, it is delivered via an app (or secure SMS) enabling customers to use their card with seconds of it arriving.  

This virtual PIN delivery looks set to replace paper mailing delivery.  Users can create their preferred 4 digit PIN code right from the app.  Later on they can recover their PIN code when lost, or change the current code for a new one. All these happen instantaneously and give the user more ‘real-time’ control than ever. But that’s not the only way users are gaining more control over their banking. 

Modern card issuance  

A new approach to the payment card lifecycle is becoming more common. It puts the user in control to order, manage and use banking cards, right from the bank’s mobile app 

The PIN code delivery method using a paper mailer was appropriate in a physical first, digital later era when getting a new card took a few days. Switching to a digital PIN delivery solution meets three crucial new trends: 

  • First, digital delivery is instantaneous and therefore more in-line with consumer expectations.  Cards can be activated and used right away, leading to higher transaction rates.  The customer controls both card issuance and PIN management 24/7 from their app. 
  • Second, digital delivery for the PIN code is more environmentally-friendly as it cuts the need for paper mailers.  Given the billions of EMV payment cards delivered worldwide every year, this is a significant environmental win as you can see in this Infographic. 
  • Third, as we move to the people are using more digital cards. The rise of digital wallets and online payments is changing the proportion of physical/digital cards that each individual cardholders uses every day and consequently the need for a digital PIN delivery.    

Mobile banking

This is part of the new, global card experience.  Fintechs have led the way and demonstrated the look and feel of modern mobile banking apps; now the entire market is following suit. Digital PIN delivery is no longer “nice to have”, but critical to the modern card user experience. 

As we are now heading into a digital first, physical later approach to payment credentials, Thales helps financial services players implement modern card programmes with the Thales D1 issuing platform.  This brings simple, UX level APIs that orchestrate the entire issuing stack. It manages both the mobile front end to implement features such as Digital PIN but also orchestrate all the core banking infrastructure to build the three following use cases:   

  1. Set a preferred PIN code 
  1. Securely display the PIN code in the app in accordance to PCI DSS regulations  
  1. Allow fast PIN code recovery in-app  

The bank mobile app is going through a revolution and Digital PIN is a visible part of it.   

Want to know more?

Read our latest articles here:

The post Digital PIN – The Next Step in Digital First Banking appeared first on Cybersecurity Insiders.

Six questions to Marylene Arnoux-Roetynck, eSIM Marketing Manager and Didier Benkoël-Adechy, Marketing Communications Manager at Thales, on the role of SIM and eSIM in IoT.

What is the difference between M2M (Machine-to-Machine) and IoT (Internet of Things)?

There are no hard and fast rules as to where M2M ends and IoT begins. However, we now generally treat M2M as a segment within the larger IoT market.

As the name suggests, M2M typically refers to use cases involving larger plant and equipment, in areas such as smart manufacturing and the automotive sector.

These are now being joined by a new generation of IoT deployments. In contrast to M2M, IoT is characterised by new types of connected devices, such as sensors and smart meters. And IoT deployments are typically on a much greater scale. They also emphasise the need for low power and extended battery life, space-efficient design, and the ability to operate over a longer lifecycle without human intervention.

What is the role of SIM and eSIM in IoT?

SIM and eSIM are at the heart of any IoT use case that relies on cellular connectivity.

According to a recent Ericsson Mobility Report , in 2021 the IoT comprised a total of 14.6 billion individual connections. Of these, 1.9 billion were cellular connections, representing a 13% share. By 2027, the IoT is predicted to grow to 30.2 billion connections, with cellular connections responsible for 5.5 billion. That’s an 18% share.

Moreover there’s no doubt that the additional benefits of the eSIM will prove increasingly attractive. However, the ‘traditional’ SIM is well-established and extremely popular. In many situations, it will continue to fulfil all the requirements of OEMs, IoT service providers, mobile network operators and end users. By 2026, Thales Market Intelligence predicts a near 50-50 split between SIM and eSIM in the IoT market.

Can IoT devices use the same type of SIM and eSIM as a smartphone?

In a word, no – IoT requires more robust, or ‘ruggedized’, SIM and eSIM than those employed in consumer devices. Depending on the specific use case, SIM and eSIM in IoT may need to withstand greater extremes of temperature, humidity and vibration. Also, SIM and eSIM will usually need to be adapted to longer product lifecycles and low power designs that extend battery life.

For these reasons, SIM and eSIM are also produced in industrial and automotive grades. What’s more, smaller form factors, including Thales’ ultra-compact MFFXS, are available to suit particularly space-constrained designs. Where vibration is an issue, solder options enable the SIM to be surface mounted on the PCB.

However, the terms industrial and automotive are only a guide. Specification must always be driven by the characteristics of the use case itself. It is perfectly possible that an automotive grade SIM or eSIM will be the best option for a non-automotive product.

What are the benefits of eSIM for IoT?

In the IoT ecosystem, the eSIM opens the door to added value services and enhanced flexibility. Crucially, network subscriptions can be provisioned and updated remotely over the entire device lifecycle – that’s a major benefit for massive, remote IoT deployments.

With Thales Instant Connect (TIC), eSIM connectivity can be activated automatically the first time a device is powered up in the field. There is also no longer a need to preload a subscription profile onto the SIM during manufacture. When powered up in the field, the eSIM connects automatically to the preferred local network operator. That means a single SKU can be used for multiple different markets, simplifying manufacturing and logistics. There is also much greater freedom to select different network operators in different countries and regions.

In the years ahead, we’re likely to see further advances in the services available to the eSIM. That makes adopting the eSIM a thoroughly future-proof option.

What other technology developments should we be looking out for when it comes to SIM and IoT?

The iSIM represents the next big thing. With this approach, the SIM is no longer a discrete component. Instead, the iSIM is integrated into another system chip within the product design. This delivers further space and power savings and, by cutting the total number of components, reduces assembly costs. By 2027, analysts predict that almost 20% of the eSIM market will be taken by the iSIM.

Thales is already well advanced in the development of iSIM solutions…..so watch this space!

Benefits of using SIM technology for IoT

Discover more information on IoT connectivity and security:

The post IoT Connectivity – Understanding the role of SIM and eSIM in IoT appeared first on Cybersecurity Insiders.