Category: Access Control

In the first part of this blog series, we looked at the importance of Modern Card Programs.  People expect real-time, simple yet secure services to order, manage and use payments cards at-stores and online. They expect to be in control via their smartphones; using a modern banking application as fintechs and neo banks demonstrated as the new normal for mobile banking apps. The challenge is now for traditional banks to be as modern and agile as neo banks user experience-wise. In this part we’ll continue to look at the challenges of delivering a Modern Card Program by modernizing the card issuing platform, and how these challenges can be overcome by Thales D1 with tangible benefits for developers. 

Managing payments in real time

When using a mobile banking app, real-time, mobile centricity, simplicity and maximum security are the expected standard. When it comes to card management and digital payments, customers now expect to be able to; track orders, set up alerts and spending limits, temporarily suspend and re-activate cards, pay via instalments and many more services. The application becomes a service marketplace operating in real-time. It empowers cardholders to manage everything from their smartphone – giving them even more control over their finances. All of these services are mobile and web centric, creating new challenges for developers who need not only to develop a brand new mobile front-end, but also orchestrate the entire card issuing stack with legacy systems and modern components.  

For developers, the complexity comes from both the repetition of tasks (for example: tokenization using APIs for each payment scheme), but also the need to orchestrate multiple front-end and back-end systems from the core banking infrastructure managing accounts, transactions, authorizations, risk management, and many more structural elements participating to the user’s payment experiences . Let’s not forget the regulatory constraints that come with it; PCI DSS (Payment Card Industry Data Security Standard) and GDPR (Global Data Privacy Regulation) just to name a couple.  

Card issuing platform

Adding new digital payment services into an existing card issuing stack can rapidly turn into a very complex engineering challenge; for both time and cost. Challenger banks, such as Monzo or Revolut, have set the standard for modern User Experience. They have built their card issuing stacks from ground zero, the task for them was simpler than for existing banks with legacy systems to integrated into a modern infrastructure.  

Thales D1

Thales D1 brings UX-level APIs with use cases insights and global orchestration templates that save time and costs for developers compared with the use of thousands of system level APIs provided by a handful of technology partners with no orchestration support.  

Beyond APIs and unified SDKs, Thales D1 manages the connectivity with Payment Networks to facilitate the deployment of Digital Cards, but also the deployment of innovative payments services such as 3DS, Alerts & Controls, Click-to-Pay and Pay-by-Instalments. 

The question is no longer about the need to modernize card programs. All issuers know that the demand for the modern mobile UX is unstoppable.  The question is now only how to deliver it efficiently.  It’s a complex IT project because of the mix of legacy systems and modern components. Thales D1 makes it as easy as possible and that simplicity can be summarized in 4 key words:   Simple API , better orchestration of the infrastructure, managed connectivity with payment networks and compliance-by-design.  

Want to know more?

Read our latest articles here:

The post Deploying a Modern Card Program – Card Issuing Platform appeared first on Cybersecurity Insiders.

Vacation season is officially upon us, and after Covid-19 kept most of the world grounded for the best part of two years, airports and airlines are in for one of the busiest summers on record. Thankfully, there are examples of technology use cases, like Digital ID, being implemented to save time at busy airports.

Use of Digital ID

The concept of Digital ID is one that has grown exponentially in recent years. Whether it’s ID cardshealth cards, passports or driving licenses  – we’ve long relied on various forms of physical ID to prove our identity. Just think back to the last time you flew; how many documents did you need? How many times did you have to show them?

So, how would this work in an airport scenario?

Before arriving at the airport for travel, the passenger would download the relevant airline app. From there they would upload the relevant travel documents; creating a secure digitized credential that is accepted by the local country’s travel security authority.

When passing through airport checks, the passenger would then simply open the app, and present an auto generated QR code. This process would streamline the ID verification process, allowing travelers to move through security lines faster; also easing pressure on airport staff.

American Airlines Takes Off with Mobile ID

Mobile ID has taken off this summer, with American Airlines announcing that they are working with Thales’ trusted mobile identification technology to eliminate the need for passengers to show physical IDs with the creation of a TSA-approved mobile digital ID.

The Airside Digital Identity App allows users to create a secure and encrypted digitalized version of government-issued identification (driver’s license or passport) which airline passengers can then store their ID on their smartphone and present it at the required checkpoints.

Commenting on the announcement this week, Tony Lo Brutto, Vice President, Thales Identity and Biometric Solutions North America said:

“Thales trusted mobile digital identity technology provides an immediate way for all citizens across certain states to use their physical driver’s license or U.S. passports to create a TSA-approved mobile digital credential for travel. It provides authorities, such as the TSA, with the opportunity to securely and conveniently verify IDs; simplifying the process to allow travelers to get through security lines faster. It has never been easier to verify identity or access services – both online and in the ‘real world’. This pilot perfectly complements our worldwide “Fly to Gate” references, highlighting Thales expertise in enabling both security and convenience to travelers with digital solutions.’

The Future of Air Travel

This example of Digital ID is just one example of how leveraging state of the art technology can revolutionize the airport experience.

Whether it’s through a combination of; facial recognition, multimodal biometric checking or automation – the technology is there to make the airport operations more; streamlined, efficient and secure both for staff and travelers.

Keep an eye on the blog as we continue to explore how technology can improve the airport experience.

Want to know more?

Read our latest articles:

The post Why Digital ID Should be On the Vacation Checklist appeared first on Cybersecurity Insiders.

Digital ID in use

Imagine you’re a French national going to study abroad in Greece for one semester, and all the logistics involved in setting up home there temporarily. All these logistics often require various touch points where you will have to prove your identity; usually with various means (passport, proof of address, education, income etc.) When you arrive at the Greek university, you just need to open your wallet and present a digitalised version of your diploma for the university officer to check your eligibility. Simply scan a QR code to create a secure communication channel from which encrypted data can be exchanged. This information has already been validated and proven by a trusted authority. The same process would apply to prove your identity  to easily allow you to swiftly set up a Greek bank account, sign a rental contract  – or even prove age on a student night out. Not only it becomes easy to share official documents but those documents are protected and your data is encrypted at all time, and is only available to the right person. So, let’s explore digital IDs…

Journey from hypothetical to reality 

This hypothetical scenario is not one ripped from the science fiction pages, or the result of a futurist prediction. There has been an acceleration towards digital identity recently, meaning that digital IDs are not just used by so called ‘tech-savvy digital natives’, but the wider population. The Covid-19 pandemic, and associated lockdowns served as a major catalyst for this.  

It’s fair to say then, that the concept of digital identification is already well established, and using a smartphone to board a plane, store bankcards or prove vaccination status has become second nature to many of us. But the experience is often clunky, with many forms to fill in, and is not as secure as it could be.  

In fact, a major survey conducted into EU ID by Thales revealed that 45% of Europeans are currently relying on insecure, unofficial, ‘DIY’ (do it yourself) scans and photos of their cards and documents to help prove their identity and entitlements.  

Countdown to European Digital ID 

While the concept of digital identification is already well established, the development of internationally accepted electronic identity (eID) systems has been piecemeal and inconsistent. 

If we look at the EU as an example: only 14% of key public services across all EU Member States allow cross-border authentication with eID; according to the European Commission there is a need to improve acceptance of the scheme and user experience. These roadblocks certainly don’t help in building a strong level of consumer trust.  

However, this is set to change with the introduction of the latest legislation on European Digital Identity – eIDAS2. In short, eIDAS2 means that by September 2023, each EU Member State must make a digital ‘wallet’ available to every citizen and business who wants one. In tandem, service providers in both public and private sector organisations; such as banks and telcos; will have to accept it as proof of certain personal attributes. From providing electronic signatures to paying fines or accessing health services, EU citizens will be able to use the eIDAS wallet, in every Member State; generating millions of authentications every day.  

Thales’s research found that the wallet is set to be welcomed with open arms. Two out of three Europeans citizens are looking forward to the arrival of an EU-backed Digital ID Wallet for storing their ID card, driving license and other official documents and signed attestations on a smartphone. 

Digital ID becoming mainstream 

This acceleration towards Digital ID isn’t just taking place in  the EU – just earlier this year the UK government proposed legislation to secure digital identity, even creating the Office for Digital Identities and Attributes.  

With just under a year away until eIDAS2 comes into force, it will be interesting to see how the conversation, debate and appetite for digital IDs continues to evolve.  

In the countdown towards the eIDAS2, keep checking back on the DIS blog where we’ll be discussing the following topics:  

  • Generational and regional attitudes to the wallet  
  • What Citizens want from a wallet  
  • Challenges and hurdles to overcome to build a streamlined, secure and efficient wallet 

For further reading, visit:  

The post Digital ID – Day in the life of a digital citizen after eIDAS2 appeared first on Cybersecurity Insiders.

Imagine you’re a French national going to study abroad in Greece for one semester, and all the logistics involved in setting up home there temporarily. All these logistics often require various touch points where you will have to prove your identity; usually with various means (passport, proof of address, education, income etc.) When you arrive at the Greek university, you just need to open your wallet and present a digitalised version of your diploma for the university officer to check your eligibility. Simply scan a QR code to create a secure communication channel from which encrypted data can be exchanged. This information has already been validated and proven by a trusted authority. The same process would apply to prove your identity  to easily allow you to swiftly set up a Greek bank account, sign a rental contract  – or even prove age on a student night out. Not only it becomes easy to share official documents but those documents are protected and your data is encrypted at all time, and is only available to the right person. So, let’s explore digital IDs…

Journey from hypothetical to reality 

This hypothetical scenario is not one ripped from the science fiction pages, or the result of a futurist prediction. There has been an acceleration towards digital identity recently, meaning that digital IDs are not just used by so called ‘tech-savvy digital natives’, but the wider population. The Covid-19 pandemic, and associated lockdowns served as a major catalyst for this.  

It’s fair to say then, that the concept of digital identification is already well established, and using a smartphone to board a plane, store bankcards or prove vaccination status has become second nature to many of us. But the experience is often clunky, with many forms to fill in, and is not as secure as it could be.  

In fact, a major survey conducted into EU ID by Thales revealed that 45% of Europeans are currently relying on insecure, unofficial, ‘DIY’ (do it yourself) scans and photos of their cards and documents to help prove their identity and entitlements.  

Countdown to European Digital ID 

While the concept of digital identification is already well established, the development of internationally accepted electronic identity (eID) systems has been piecemeal and inconsistent. 

If we look at the EU as an example: only 14% of key public services across all EU Member States allow cross-border authentication with eID; according to the European Commission there is a need to improve acceptance of the scheme and user experience. These roadblocks certainly don’t help in building a strong level of consumer trust.  

However, this is set to change with the introduction of the latest legislation on European Digital Identity – eIDAS2. In short, eIDAS2 means that by September 2023, each EU Member State must make a digital ‘wallet’ available to every citizen and business who wants one. In tandem, service providers in both public and private sector organisations; such as banks and telcos; will have to accept it as proof of certain personal attributes. From providing electronic signatures to paying fines or accessing health services, EU citizens will be able to use the eIDAS wallet, in every Member State; generating millions of authentications every day.  

Thales’s research found that the wallet is set to be welcomed with open arms. Two out of three Europeans citizens are looking forward to the arrival of an EU-backed Digital ID Wallet for storing their ID card, driving license and other official documents and signed attestations on a smartphone. 

Digital ID becoming mainstream 

This acceleration towards Digital ID isn’t just taking place in  the EU – just earlier this year the UK government proposed legislation to secure digital identity, even creating the Office for Digital Identities and Attributes.  

With just under a year away until eIDAS2 comes into force, it will be interesting to see how the conversation, debate and appetite for digital IDs continues to evolve.  

In the countdown towards the eIDAS2, keep checking back on the DIS blog where we’ll be discussing the following topics:  

  • Generational and regional attitudes to the wallet  
  • What Citizens want from a wallet  
  • Challenges and hurdles to overcome to build a streamlined, secure and efficient wallet 

For further reading, visit:  

The post Digital ID – Day in the life of a digital citizen after eIDAS2 appeared first on Cybersecurity Insiders.

This summer should be the summer of travel. It’s hard to think of an industry more severely impacted by the Covid-19 pandemic. And after two years of lockdowns, restrictions and additional complications, passengers are now looking to take advantage of seamless international travel again.

However, if you’ve been paying attention to the headlines of late – then it’s clear to see it’s not been the glorious return to the skies as initially hoped. Long queues, strikes and cancelled flights have dominated headlines – on an almost daily basis.

In our previous blog we discussed how Digital ID technology has the potential to greatly improve the efficiency, security – and ultimately customer journey at the airport with the announcement that  American airlines recently launched their own Mobile ID scheme.

In this blog, we’re going to look at the other technological innovations that can revolutionize the airport experience.

Entering the paper-free era

Passports, check-in information, boarding passes, visas, proof of vaccinations – depending on where you’re travelling to it can feel like a never-ending list of documents that you need to have to hand at the airport, which can cause frustration to even the most seasoned of travellers.

Not only is there a multitude of documents to keep track of, there are five key checkpoints at an airport; check-in, bag drop, security border control and security at the gate. All requiring some form of ID or documentation – it’s no wonder customers can become flustered.

However, digital ID and biometric technology is starting to take off as we enter the era of the paper-free passenger….

Biometrics unlocking the future of travel

None of us are strangers to biometrics now, and it’s even being used in certain touch points in airports already. Biometrics is one of the most secure means of ID, so imagine if it could be used to create a unique ID, allowing passage through check-in, bag drop, border control and security at the gate.

From check-in to take off

Solutions such as Fly to Gate are designed specifically to improve and streamline the passenger experience – while satisfying robust security protocols. Digital ID and facial biometrics can be harnessed to do just that – all the while removing the need for passengers to show a ticket or ID at every checkpoint.

So, how would it work in practice? In theory, everything can be done before you even step foot in an airport. You’d start by opening your digital ID wallet to create a Digital Travel Credential, which is then stored on your device. When checking in with your chosen airline you’d then be asked to share your biometrics. This information, combined with the Digital Travel Credential, means you can then be identified at all the touchless self-service apps within the terminal once you arrive.

The technology works in real-time – with the token erased once the flight has taken off, ensuring absolute data privacy.

Through automated biometric and document verification technologies, the process is simplified for both passengers, airports, and airlines, increasing efficiency, and providing integrated security too.

All of this can create a complete self-service experience for passengers, which reduces processing times, including biometrics saving 30% in boarding times.

The post Biometrics: The Future of Airport Technology appeared first on Cybersecurity Insiders.

Crime, law and order, and forensic science-based shows have long been a popular staple on our television screens – Crime Scene Investigation (CSI), Bones, Dexter, Sherlock – just to name a few. And the popularity of the genre has only increased in recent years thanks to the rise of True Crime podcasts.

According to Psychology Today, one of the reasons for the growing popularity is because “Crime entertainment is like working a puzzle that also gives you a rush of excitement every time you put the last piece in. For the sake of curiosity, these series are often presented in a play-by-play mystery format, where the viewer is solving the case alongside the detectives.”

One of the key players in any crime scene investigation drama is the forensic detective or scientist. Sherlock Holmes, D.B.Russell, Dexter Morgan, Ella Lopez and Temperence Bones – all fan favourites, and as viewers, we enjoy watching them use a combination of logic and modern science to crack the case.

While these characters are fictional, many of the techniques are very real – and there’s some amazing forensic technology out there that helps real-life investigations.

Reliable Mobile Biometric Identification

We often see our favourite detectives out on location, tracking down suspects, interviewing witnesses or on the hunt for evidence. In these scenarios, where developments can happen in the blink of an eye, it’s vital to have reliable and accurate information at hand.

Mobile identification solutions provide invaluable information to those in the field, giving them access to data such as positive identity verification, benefits verification, arrest records, restraining orders, and wants and warrants.

This secure software should be able to leverage a law enforcement agency’s existing equipment for a complete end-to-end solution.

Automated Biometric ID Systems

On our favourite T.V crime dramas, the case often moves at a rapid pace; new evidence is processed, ID checks are carried out almost instantaneously.

In real life, forensic examiners also need to find answers fast. To do so,they have to take hundreds, thousands or even millions of records into consideration when processing a case. And with hundreds of case files to process daily, they need a multi-biometric tool to find answers quickly and efficiently.

There are systems available that are able to capture, search, and store NIST-compliant fingerprints, palm prints, latents, faces, and irises at 500 or 1000 ppi. These systems use comprehensive, powerful tools to analyse and enhance quality of prints, increasing probability of hits. Such high-performance systems support large database capacity while maintaining high throughput and fast response time.

Automating the Analysis, Comparison, Evaluation and Verification (ACE-V)

Forensic investigators often have to juggle multiple cases at once, with hundreds of prints to analyse, compare, and evaluate. Until now, navigating the ACE-V methodology has been a painstaking process involving many manual steps, and time-consuming documentation. The technology now exists to streamline the entire process – replicating the fast nature of crime scene investigation that you’d witness on CSI.

This technology enables forensic departments to manage cases with consistency and efficiency, organising by case and record notes, evidence and annotations.

Enabling Identification of Individuals

We’ve all seen it on multiple crime dramas, where a suspect is caught, and is brought in for a mugshot or presented as part of a line-up, to be identified by an eyewitness. Technology also helps to keep track of these.

The CMS system is Thales’s latest generation of mugshot and booking records management solution supporting agencies in their investigation operations. Our CMS technology is secure and easy to use and is a modern approach that ensures fast and accurate identification of individuals.

CMS combines four essential modules in one unique solution to provide the best support for to investigators and forensic examiners. These are booking management, mug book management, line-up management and face search.

Meeting FBI Standards for Palm Scanning

Palm scanners are often used in cases of biometric identification, where the scanner is used to determine the identity of an individual. Palm scanners are used mainly for law enforcement applications, for example in prisons, police stations and refugee camps.

The comprehensive data that palm scanners collect, including 10-prints, rolls, half-palms, thenar (ball of palm), full finger (distal, medial and proximal) and fingertip impressions, meet FBI standards and provide a wide range of information required by authorities.

Next time you settle in for your favourite crime scene drama, take a closer look at the technology involved in solving the crime and see how many you can spot!

Our team are at the International Association for Identification Conference to showcase these ground breaking technologies between July 31 – August 6. Come down and visit us on stand 401.

The post The Forensic Technology Behind Your Favourite T.V Detectives appeared first on Cybersecurity Insiders.

In our Digital First blog series we have extolled the virtues of Modern Card Programs, and why they’re such an important part of any digital first banking offering. We’ve also discussed the challenges of building such a program. 

In the final part of our series – we’re focusing on perhaps the challenge that this all hinges on… the mobile banking app! 

Challenge #3: The complexity of delivering a modern mobile banking app 

When a banking app is designed well, it’s simple. Simple to navigate and use – whether that’s to order a card, manage it or use it to pay at-stores and online. 

We all are familiar with the “Physical first, digital later” model for payment cards – when ordering an EMV payment card would take days to arrive via a paper application or a trip to the bank branch. Only when in possession of such physical cards, could cardholders on-board those details into their digital wallet, such as Apple Pay, to pay at-stores using NFC tap-to-pay, or in-app merchants applications accepting such payments. 

The future is the other way around: Digital First, physical later. In a matter of seconds, cardholders receive a new virtual card right in their mobile app which can then be pushed into digital wallets.  Cardholders can also order the physical version of their virtual card. The banking app can also let the user set new card parameters, spending limits per card, temporarily suspend the card for online purchases, foreign expenses, etc. – everything is under the control of the user, right from the screen of his/her smartphone. 

However, for developers the modern bank app is a tremendous challenge far beyond a modern mobile front-end. Where does the complexity reside? Among many words to answer, one comes out strongly: orchestration.  

Banking mobile apps are the tip of the iceberg for developers launching a modern card issuance platform.  Below sea level are huge and complex infrastructure systems that need to be orchestrated to support real time services delivered via the mobile app.  We call this IT infrastructure the card issuing stack, integrating multiple front-end and back-end systems that control the cardholder’s cards life cycle, accounts and transactions, claims and settlements. 

It’s not just as simple as developing a normal mobile app. For example, a card creation request requires multiple core banking infrastructure systems that have not been designed for real time. All data exchanges are sensitive and must be secure under PCI DSS rules. A massive amount of data must be orchestrated to ultimately deliver the experience the customer wants.   

Thales D1 picks the challenges and solves them for developers 

In order to deliver a Modern Card Program, a modern card issuing platform need to be deployed, integrating core banking legacy systems (account management, transactions management, claims and settlement among multiple component) with modern, new and cloud-based component to deliver real-time issuance, a modern mobile and web UX and PCI DSS compliance. 

Developers could choose a hard route using a handful of partners with thousands of system level APIs, managing all the orchestration of the card issuing stack internally, as well as all regulations rules.  With Thales D1, we offer to manage all orchestration and compliance challenges via unified SDK, with simple APIs that are use-case ready in a template design approach.  The net result is time and pain savings, and significant cost reductions. 

No card issuer should focus on re-inventing what Thales D1 will bring them “out-of-the box”.  Issuers focus on launching new services to their cardholders. Thales takes care behind the scene to build those services and operate them flawlessly. All in record times and cost effectively 

The post Deploying a Modern Card Program: Part Three appeared first on Cybersecurity Insiders.

The banking industry has undergone a huge transformation in recent years and continues to transform as we head into the realm of real-time, digital first (and physical later) banking and payment. Characterized by the need to do things more cost-effectively, sustainably, faster, and with user experience at its core – modern card program strategies are revolutionizing the sector and embracing these changes will be vital for a bank’s survival.  

To set some context, here is just a short recap of the challenges and changes currently facing the banking sector: 

Online branches growth in popularity:

Can you remember the last time you visited a bank branch in person? If not, then you’re not alone – under the lead of agile fintechs and neo banks, the capabilities of banking apps have improved so much that there are very few reasons for customers to visit in person. In fact a survey from KMPG found that one in five UK consumers haven’t visited a bank branch since before the Covid-19 pandemic – a trend we will likely see continue.  

Fintechs are challenging the status quo:

Recent years have seen digital-first challenger brands give consumers greater choice and flexibility – revolutionizing personal banking. Not burdened by decades of legacy tech to contend with – these brands have managed to quickly design products and solutions that have user experience solely front of mind, and traditional institutions are forced to do the same.  Real-time, quick services, simple yet secure is what is in the DNA of such neo stakeholders in the financial sector. 

Boom in contactless payments:

Recent data that shows that in 2020 the number of people in the UK who registered for mobile payments grew by three quarters to over 17 million. And in December 2021, contactless payments reached its highest recorded level, accounting for 69% of all debit card transactions, and 56% of all credit card transactions – a trend that is expected to continue to rise.  

A Modern Card program and strategy is about unifying and improving the customer’s banking and payment journey with real-time digital card issuance and complete control of all their payment credentials. This blog series will explore why a Modern Card Program is an essential part of this and will address the challenges of bringing it fruition.   

 

Challenge #1: Managing connectivity with payment schemes to successfully deploy EMV tokenization and associated card services   

The growing demand for mobile, user-centric services for card issuance is front of mind for all card issuers, processors, and wallet providers. As we’ve already discussed – the banking sector has been transformed – driven by customer expectation to be in control 24/7, via their smartphones or a modern web interface. People want to order their physical, digital or virtual card instantly, via their mobile app and/or the web, then use it to pay at stores and online.  Cardholders want to be in control of their card’s settings. These services are no longer a nice to have – but an expectation.  

However, when it comes to traditional banks that have been issuing EMV cards for years, the core banking infrastructure in place is often not optimized to support real time services, nor to deliver a rich mobile experience. Beyond tokenization for digital wallets, launching new services such as virtual card issuance and secure display, 3DS, Click-to-pay or pay-by-instalments can be extremely challenging.  

Card issuers can find plenty of technology partners to implement new mobile-centric card services. For digital card for instance, major Payment Schemes provide access to their EMV Tokenization services. However, beyond APIs, managing connectivity with such network services is a real project on its own.  Frequent API updates and rapid innovation rollouts require a very close relationship with payment networks: a relationship that goes beyond the usual scope of work for developers.  

Success for such modern card programs relies heavily on the deployment of modern card issuing platforms, implementing a brand new mobile and web front end but also orchestrating the entire core banking systems involved in the card issuing stack and the card life cycle management (systems managing accounts, transactions, claims and settlement, among many more). 

EMV tokenization alone represent the lion share of such modern card programs services and require deep use case knowledge that can only be acquired by developing a close relationship with the token service providers.  Thales D1 has a unique role of the EMV tokenization market with a preferred partnership with leading payment networks, removing the complexity for developer to re-invent uses cases from scratch, using system APIs with no orchestration across the card payment stack 

By somewhat “tokenizing their relationship” with token services, provided via Thales and the D1 platform, developers can focus on rolling out innovative services for their cardholders while Thales deliver the tool to execute development in record time and cost. 

The post Deploying a Modern Bank Card Program: Part One appeared first on Cybersecurity Insiders.

Imagine you’re a French national going to study abroad in Greece for one semester, and all the logistics involved in setting up home there temporarily. All these logistics often require various touch points where you will have to prove your identity – usually with various means (passport, proof of address, education, income etc.) 

When you arrive at the Greek university, you just need to open your wallet and present a digitalised version of your diploma for the university officer to check your eligibility by simply scanning a QR code to create a secure communication channel from which encrypted data can be exchanged. This information has already been validated and proven by a trusted authority. The same process would apply to prove your identity  to easily allow you to swiftly set up a Greek bank account, sign a rental contract  – or even prove age on a student night out. Not only it becomes easy to share official documents but those documents are protected and your data is encrypted at all time, and is only available to the right person. 

Journey from hypothetical to reality 

This hypothetical scenario is not one ripped from the science fiction pages, or the result of a futurist prediction. There has been an acceleration towards digital identity recently, meaning that digital IDs are not just used by so called ‘tech-savvy digital natives’, but the wider population. The Covid-19 pandemic, and associated lockdowns served as a major catalyst for this.  

It’s fair to say then, that the concept of digital identification is already well established, and using a smartphone to board a plane, store bankcards or prove vaccination status has become second nature to many of us. But the experience is often clunky, with many forms to fill in, and is not as secure as it could be.  

In fact, a major survey conducted into EU ID by Thales revealed that 45% of Europeans are currently relying on insecure, unofficial, ‘DIY’ (do it yourself) scans and photos of their cards and documents to help prove their identity and entitlements.  

Countdown to European digital identification 

While the concept of digital identification is already well established, the development of internationally accepted electronic identity (eID) systems has been piecemeal and inconsistent. 

If we look at the EU as an example – only 14% of key public services across all EU Member States allow cross-border authentication with eID and, according to the European Commission there is a need to improve acceptance of the scheme and user experience. These roadblocks certainly don’t help in building a strong level of consumer trust.  

However, this is set to change with the introduction of the latest legislation on European Digital Identity – eIDAS2. In short, eIDAS2 means that by September 2023, each EU Member State must make a digital ‘wallet’ available to every citizen and business who wants one. In tandem, service providers in both public and private sector organisations, such as banks and telcos, will have to accept it as proof of certain personal attributes. From providing electronic signatures to paying fines or accessing health services, EU citizens will be able to use the eIDAS wallet, in every Member State, and generating millions of authentications every day.  

Thales’s research found that the wallet is set to be welcomed with open arms. Two out of three Europeans citizens are looking forward to the arrival of an EU-backed Digital ID Wallet for storing their ID card, driving license and other official documents and signed attestations on a smartphone. 

Digital ID becoming mainstream 

This acceleration towards Digital ID isn’t just taking place in  the EU – just earlier this year the UK government proposed legislation to secure digital identity, even creating the Office for Digital Identities and Attributes.  

With just under a year away until eIDAS2 comes into force, it will be interesting to see how the conversation, debate and appetite for digital IDs continues to evolve.  

In the countdown towards the eIDAS2, keep checking back on the DIS blog where we’ll be discussing the following topics:  

  • Generational and regional attitudes to the wallet  
  • What Citizens want from a wallet  
  • Challenges and hurdles to overcome to build a streamlined, secure and efficient wallet 
For further reading please visit:  

The post Day in the life of a digital citizen after eIDAS2 appeared first on Cybersecurity Insiders.

In the past decade, the banking sector has undergone a massive transformation – putting speed, security, environmental considerations and user experience at its core. This blog post will be looking at how Digital PIN – a modern way to set, deliver or recover an EMV Card PIN code – is part of the modern card program strategy   

The PIN Code as a Card Verification Method for EMV Payment Cards 

The 4 digit PIN Code is a technology that has come to be part of everyday life and was introduced as a Card Verification Method (CVM) in the EMV standard to perform user authentication.  

PIN code verification can be performed online or offline.  The EMV standards allows two additional forms of CVM:  signature and “nothing” for low-amount contactless payments. 

What is a Digital PIN vs Current EMV card PIN code as we know it? 

Currently, when a customer registers for a new EMV card, it will typically be shipped to them in the post. This will be followed by another letter containing the 4-digit pin number that’s been assigned to them.  

Digital PIN refers to a new “digital delivery and management” mechanism: instead of a PIN code being sent in the post, it is delivered via an app (or secure SMS) enabling customers to use their card with seconds of it arriving.  

This virtual PIN delivery looks set to replace paper mailing delivery.  Users can create their preferred 4 digit PIN code right from the app.  Later on they can recover their PIN code when lost, or change the current code for a new one. All these happen instantaneously and give the user more ‘real-time’ control than ever. But that’s not the only way users are gaining more control over their banking. 

Modern card issuance  

A new approach to the payment card lifecycle is becoming more common. It puts the user in control to order, manage and use banking cards, right from the bank’s mobile app 

The PIN code delivery method using a paper mailer was appropriate in a physical first, digital later era when getting a new card took a few days. Switching to a digital PIN delivery solution meets three crucial new trends: 

  • First, digital delivery is instantaneous and therefore more in-line with consumer expectations.  Cards can be activated and used right away, leading to higher transaction rates.  The customer controls both card issuance and PIN management 24/7 from their app. 
  • Second, digital delivery for the PIN code is more environmentally-friendly as it cuts the need for paper mailers.  Given the billions of EMV payment cards delivered worldwide every year, this is a significant environmental win as you can see in this Infographic. 
  • Third, as we move to the people are using more digital cards. The rise of digital wallets and online payments is changing the proportion of physical/digital cards that each individual cardholders uses every day and consequently the need for a digital PIN delivery.    

Mobile banking

This is part of the new, global card experience.  Fintechs have led the way and demonstrated the look and feel of modern mobile banking apps; now the entire market is following suit. Digital PIN delivery is no longer “nice to have”, but critical to the modern card user experience. 

As we are now heading into a digital first, physical later approach to payment credentials, Thales helps financial services players implement modern card programmes with the Thales D1 issuing platform.  This brings simple, UX level APIs that orchestrate the entire issuing stack. It manages both the mobile front end to implement features such as Digital PIN but also orchestrate all the core banking infrastructure to build the three following use cases:   

  1. Set a preferred PIN code 
  1. Securely display the PIN code in the app in accordance to PCI DSS regulations  
  1. Allow fast PIN code recovery in-app  

The bank mobile app is going through a revolution and Digital PIN is a visible part of it.   

The post Digital PIN – The Next Step in Digital First Banking appeared first on Cybersecurity Insiders.