Evolution not revolution: Why mobile fingerprint sensors are here to stay

Around the world, we have fallen in love with our mobile devices. There are 10+ billion devices in circulation, we check them 58 times daily on average and 65% of Americans check their smartphones up to 160 times a day! We estimate that time spent unlocking using PINs and passwords equates to 41 minutes each week, or about 4 months of our lives. This is why biometrics is now firmly embedded within the mobile user experience. Over 80% of mobile devices shipped today now incorporate some form of biometric sensor, with users drawn to the convenience, functionality and security to ease the frequent locking and unlocking of devices.

Capacitive fingerprint sensors are a long-proven technology in mobile, due in no small part to its balance of high performance, cost, and reliability. But mature does not mean old. In fact, we estimate the potential annual shipment of capacitive fingerprint sensors for smartphones to be ~800 million by 2026. But beyond growth, this trusted and prolific tech is still evolving, being adopted by new use cases and enabling new mobile design trends.

Authentication, authentication, authentication

As mobile connectivity has expanded and become faster, smartphones have become our go-to device for a huge number of uses far beyond calls and messages. With hygiene now a primary concern, consumers are turning to smartphones for even more uses – from banking to shopping. This is rising too, with global mCommerce expected to grow 70% between 2020 and 2025. As the use of our devices increases and captures even more sensitive information, such as banking details and ID information, the adoption of biometrics is growing to add strong authentication without increasing friction. Passwords and PINs can be hacked and compromised, but modern fingerprint biometric technology is a lot harder to trick.

Biometrics’ value in securing payments is well documented. Juniper Research anticipates biometric authentication will secure over $3 trillion worth of mobile transactions by 2025. Global payments standards body EMVCo recently incorporated the evaluation of biometric sensors for mobile payment authentication into its scope, with our latest slim mobile sensor becoming the first of its kind to achieve approval. Recognition of biometrics by the payments industry shows its growing role as a trusted, invaluable enabler of mobile payments. 

UX is king

Despite the emergence of face and iris recognition, and under-display sensors, the importance of user experience (UX) is seeing the more traditional fingerprint sensors continuing to retain – and even grow – market share. One need only look at Google’s recent return to fingerprint after devices featuring just facial recognition. For today’s OEMs and developers, ensuring convenience and a seamless UX remain most critical to any new device. Optimized over years of innovation, active capacitive fingerprint sensors by far deliver the strongest balance between usability and security.

While undoubtedly other authentication technologies will continue to gain adoption and enhance performance through R&D, the reliability and robust security of capacitive means it is here to stay. It is also forming a key pillar of multimodality authentication, working alongside other biometric technologies or authentication methods to further improve UX and security. For example, a fingerprint is combined with face and iris recognition to enable users to unlock devices when wearing gloves or a mask. Biometrics can also offer a complementary strong authentication layer to PINs and passwords, enabling two-factor authentication without adding to the complexity. 

Evolution not revolution

While UX and security remain king, upgrades in design are still being made. In fact, the evolution of active capacitive sensors is closely supporting an iterative smartphone design movement that is adding small, value-added modifications to devices without totally ‘reinventing the wheel’.

First sensors moved from front to back, now to the side and, incorporating additional functions such as scrolling and volume control. The continued innovation of this mature, trusted technology is favoured by consumers and OEMs alike, helping realize new design trends such as folding and borderless devices. Xiaomi recently became the first to launch devices with a curved fingerprint sensor, also in its first foldable screen phone. The sensor’s innovative curved design enables a more seamless integration into the mid frame of the device and doubles as a power button.

Fingerprints is proud to have led much of the innovation that has enabled biometrics to reach mass market, and our technology now features in over 500 mobile device models by nine out of the top ten OEM brands. Fingerprint recognition was first added to smartphones less than ten years ago, and it will be a part of the mobile ecosystem for years to come. As the mobile industry continues to evolve, the value of this technology endures and continues to offer users reliability, a quality experience and unparalleled security and enables new design innovations. In tech, it is always difficult to look too far into the future, but we can be certain there’s much life left in the ‘traditional’ fingerprint sensor.

Author: Ted Hansson, SVP Business Line Mobile at Fingerprints

ARTICLE: The missing ingredient in digital certificate management

How a simple integration can safeguard trust in tomorrow’s digital economy

The world’s digital economy owes much to the enabling properties of digital certificates.

stephan-wolf

Stephan Wolf, Chief Executive Officer at the Global LEI Foundation

This latter point exposes yet another problem. Entities’ circumstances change; digital certificates do not. Should an entity rename itself, move premises or change its legal status, for example, these vital updates can not be reflected in their live certificates. Updating them effectively means starting again: legacy certificates are revoked. Updated certificates are reissued. However, this process only works in some circumstances. In case a downstream application can’t access the relevant revocation list, outdated information persists.

This, of course, assumes that the entity does what it should. In reality, a fair number of organisations will allow their active certificates to persist unchanged until their natural expiration date, and only then update their data. Whether this occurs deliberately or unwitting is, to some extent, immaterial, since the result remains the same: certificate information held about that organisation is not kept up to date in a systematic way, or at all, by the information holders. The broader implication is that certified information is in circulation when it is out of date, and that organisations may also often have multiple certificates under different names, each with varying and inconsistent information. In short, the trust system is undermined.

This ‘maintenance problem’ intensifies as entities expand their use of digital certificates across a broader range of business activities, such as approving business transactions and contracts, client onboarding, transacting within import/export and supply chain business networks, or submitting regulatory filings and reports.

In response, entities urgently need a fast and simple way to ensure the information they are obtaining through digital certificates is suitably reliable.

An elegant solution: Integrate the LEI into digital certificates

Integrating the Legal Entity Identifier (LEI) into digital certificates at the point of issuance addresses these issues head-on. The LEI is a 20-character, alpha-numeric code based on the ISO 17442 standard that connects to key reference information to enable clear and unique identification of legal entities, globally. Each LEI contains information about an entity’s ownership structure, answering the questions of ‘who is who’ and ‘who owns whom’ – crucial for those operating to mitigate risk.

If the LEI can be embedded into digital certificates, it can become the common link between them that is so urgently needed. This would allow anyone to easily tie together all certificate records associated with an entity, determine which certificates are current, and clear up variances. In this way, it can provide certainty of identity and trust in any online interaction between entities, making it easier for everyone to participate safely in the global digital marketplace. It also significantly reduces the complexity and cost, both people and technology-related, associated with due diligence and validation of customers, partners and suppliers.

In order to facilitate the use of LEIs in digital certificates, the Global LEI Foundation has been working closely with standards setting organisations such as the International Organisation for Standardization (ISO) and ETSI European Telecommunications Standards Institute in the EU. These technical standards are necessary for the certificate authority industry to consistently embed LEIs into certificates.1

Looking ahead: digital solution adoption, APIs and new use-cases for digital certificates

Global LEI Foundation research that identified KYC challenges in the financial services industry reveals that 61% of stakeholders believe that the growth of digital solutions will actually make identity verification more difficult. As entities continue to adopt digital solutions that utilise emerging technologies, such as IoT and blockchain, their use of digital certificates will increase, not least because digital certificates technology now has consolidated regulatory backing, which enables greater reliability and trust in digital identity. This will continue stimulating further demand for precisely the kind of automated verification that the LEI can enable. To cope with this level of demand, certificate handling has no choice but to become faster, and current information must be obtainable on demand via application programming interfaces (APIs). Here, the LEI could become an essential building block for the usage of digital certificates – and digital signatures – in any kind of distributed supply-chain.

Today, different digital ID systems are based on varying standards, keys and encryption and the only common link between them is the entity name, which can vary widely and change over time. Without a consistent numerical link between IDs, automated methods will always result in errors and further challenges for organisations. The LEI is perfectly poised to provide this consistent link and, by doing so, cement its position as a force for good in the digital economy as a whole.

For more information about how to simplify identification in the global digital economy with the LEI watch this video: https://www.youtube.com/watch?v=SL6gWP7IsVc

Author: Stephan Wolf, Chief Executive Officer at the Global LEI Foundation

gleif-logo

 

 

ARTICLE: Why data is the next frontier of customer trust

We have entered into a crucial moment in time where every brand is facing the challenge of refreshing their customer understanding. Every person will emerge from this current crisis with new attitudes and spending priorities. Brands therefore need to tune into this new customer sentiment and respect this changed reality.

At the same time, each industry is being transformed by the power of data, and the evidence-led approach it can support. Businesses of all sizes are racing to become more cloud- and data-driven, attracted by the agility and flexibility that becoming more digitally transformed provides. Those who unite the two worlds, to use data to serve the customer, will find it easier to move into this new era of customer trust.

Informed decision-making

While we gradually   return to a ‘new normal’ and restart the economy, businesses are cautiously deciding what their next moves should be. They will need to make sure that any communication with customers is carried out in a sensitive and understanding way, taking into account the particular needs and concerns that customers are facing.

This is where the power of data comes in. Thanks to the wealth of detail on preferences, attitudes and concerns provided by comprehensive datasets, businesses are able to act in a far more informed way. Through exceptional data-driven marketing, customers not only receive communications that are relevant to them, but the products and services they really want and the experiences that they deserve.

Investing in the customer is so important because a brand with established loyalty and trust can be highly lucrative. Brands across various industries spend millions carefully building and defending their brands, because the best brands carry a very clear signal of trustworthiness. Trust takes incredible effort to build, and as difficult as it can be to build it, it can be easily lost. Even the biggest and most well-known, global, brands are dealing with a new type of trust in their customer relationships – data trust.

Consumer concerns

Customers are increasingly aware of how their digital lives are being monetised and the ways in which their data is being captured. Many of them are highly sensitive to the ways that brands collect and manage their personal data. According to global research Acxiom conducted last year, 83% of customers want a clear link between the data that they share and the benefit that they receive. When a brand has data trust with its customers, it means that both existing and potential customers not only accept that brands are collecting data about them, but they in fact explicitly want their data to be collected.

This trust cannot be assumed or claimed – it requires brands to proactively involve their customers in a discussion about what they are doing with their data and why. Businesses also need to integrate the various technologies that they are using to capture and manage customer data. They might be using several different platforms and tools, which all create individual siloes of data. By consolidating and combining these platforms and tools, common obscurity and fragmentation issues can be reduced and. version control and updates, for example, can become much more consistent.

When it comes to customer concerns, brands walk a careful line when using their personal data. Not only must data use be transparent, but it  must improve the products, services and experiences of the customer.

A strategic asset

A well-established level of data trust with customers becomes a strategic asset for businesses. It is an invaluable tool to enable all activity and decisions to become even more customer-centric. Brands are able to make the shift from simply carrying out actions with no real focus, to doing things for and with customers. Interactions can become much more collaborative and personalised.

Getting closer to customers starts by understanding them better, and when there is data trust,  customer relationships can be extended and deepened. Related products and services can be recommended when they feel appropriate to do so, which in turn builds loyalty and creates lifetime value.

However, customer trust is a fickle thing. Brands are under immense pressure to act ethically, and a new dynamic is in play. If customers are not happy, they will speak up. By proactively demonstrating how data drives value, and governing the use of customer data responsibly, brands can create not only value for themselves but also for their customers.

Author: Nikul Amin, Director of Consulting and Analytics at Acxiom

ARTICLE: Keeping Fraudsters at Bay -Protecting Our Digital ID, Head of Strategy at Mitek, Joe Bloemendaal

In recent months, we have experienced a surge in the range of e-commerce and online offerings – from online gym classes to grocery deliveries – to help us socially distance. Because of this, we are exposing more personal information on these digital platforms than we realise – through social media, online shopping and banking and even on our professional profiles. Sadly, this increased digital presence is mirrored by a rise in fraud, too. Fraudsters are ready to use any method of phishing scams to trick our banks into accessing our savings.

Luckily, unique identifiers and usage-patterns make it possible to verify the digital identity and verify a user – making sure that they are who they claim to be when participating in any online or digital interaction. Understanding what constitutes a digital identity is the first step to keeping hackers at bay.

What is a digital identity?

A digital identity can be defined as “a body of information about an individual or organisation that exists online.” But the reality is that consumers can’t protect what they don’t understand. This confusion means many are also concerned about the level of access a digital identity exposes to potential fraudsters. Once a hacker has our personal details, how much of ‘us’ can they really access? In the US, we found that 76 percent of consumers are extremely or very concerned about the possibility of having their personal information stolen online when using digital identities; but 60 percent feel powerless to protect their identity in the digital world.

This is mainly because many trust in their old methods and devices for security control – passwords, security questions, and digital signatures. But as modern security techniques evolve, these methods are no longer able to protect us on their own.

More advanced and secure methods of identity verification mirror modern social media habits. Most of us are familiar with taking selfies. Now, technology can match that selfie to an ID document such as a driving licence, turning a social behaviour into a verifiable form of digital identification. A simple, secure process enables people to gain access to a variety of e-commerce and digital banking services, without a long and friction filled ‘in-person’ process.

But this doesn’t address who can access and be held responsible for the long-term protection of our digital ‘twin’?

Striking the balance between trust and control

Historically, governments have proven to be poor custodians of their citizens’ data, given the loss of 25 million tax records, in the not-so-distant past. Some of the world’s biggest companies are not immune either, being held responsible for countless data breaches.

As such, some believe that citizens should be responsible for their own digital identities, making them ‘self-sovereign’. The ambition is to take control of our own personal information and prevent companies from storing it every time we access new goods or services. Data controls such as GDPR and CCPA are a start – policing and regulating how companies use, control, and protect data. However, ‘self-sovereign’ identities could only become mainstream if governments relinquish their sole responsibility for issuing and storing our identity information.

Some suggest that instead of ‘self-sovereign’ identities, we’ll see some of the tech giants held responsible instead. Verifying our identities through Google and Facebook, using them to speed up registrations or access new services is common, so why not verify our digital identities too?

Or would we rather entrust our digital identities to financial companies such as Visa or Mastercard, who have been looking after our financial transactions for decades, and are now able to process disputes and stop unauthorised withdrawal of funds even faster?

It’s clear that taking good care of one’s digital identity is a fine balance between trust and control. Identity is the essence of the human being, so guardianship should be hard-earned. Both businesses and individuals have a role to play in protecting our digital twins. With the help of proven digital identity verification and cybersecurity protection technologies, we can make self-sovereign identities a reality – if that’s what the people want.

Joe Bloemendaal

Author: Joe Bloemendaal, Head of Strategy at Mitek

mitek

ARTICLE Data Use vs Privacy: A False Trade-Off? Magali Feys, Chief Strategist -, Ethical Data Use, Anonos

The concerns surfacing ahead of proposed COVID-19 tracing apps show that privacy isn’t dead: far from it. Fears of government overreach and corporate tracking (if left unaddressed) could doom the apps to failure: for the apps to be useful, experts say they need at least 60% of the population to adopt them.

Adoption rates will vary among countries depending on whether the use of tracing apps is obligatory or voluntary. In the US and EU, a greater focus on civil liberties means that people are much less likely to download an application that has any perceived risk of surveillance, regardless of whether that risk comes now or later. Trust issues will be “make or break” for COVID-19 tracing apps, and this has led to a serious discussion of just how much privacy we are willing to trade away in order to protect ourselves.

While the underlying need to make this difficult choice appears valid, it is actually a false trade-off. Yuval Noah Harari explains that “when people are given a choice between privacy and health, they will usually choose health,” a binary question that nobody wants to answer. Fortunately, technical controls that can enforce the legal and ethical rights underlying privacy are now available, which allows the choice to be reframed  from an “either/or” answer to “both”.

Privacy and Trust Issues

Interest in COVID-19 tracing apps began when governments realized that a vaccine would not be available quickly, and that ongoing lockdowns would harm the economy. Current proposals take either a “centralised” or “decentralised” approach: the former is intended to be more protective of privacy, while proponents of the latter argue that it provides  “more insight into Covid-19’s spread.” These two approaches have created a massive debate over privacy, data use, and trust.

The issue is that governments face a real and urgent problem: they need to be able to roll out COVID-19 monitoring apps to manage the spread of disease with an exit strategy in mind, but without trust, people won’t use the apps, and without widespread adoption, the apps are useless. Moving past the issue requires a realisation that everyone is framing the problem as a false, binary choice, which forces a trade-off between privacy and data use.

A New Hope: Embedded Technical Controls

As technology and law have developed, newer approaches are emerging that mitigate privacy risks in a way that enables data use. These approaches, such as GDPR-compliant Pseudonymisation and data protection by design and by default, do not degrade the accuracy of data, while providing superior privacy protection. These technical controls are embedded into the data and flow with it to provide data protection in use. Using these kinds of dynamic technical controls and a functional separation approach to data processing, it is possible to process information about people without knowing who those people are. This allows both data utility and protection of privacy while data is in use.

This risk-based approach provides numerous benefits to organisations, governments, business, and society, which means that governments can roll out COVID-19 tracing apps that ensure privacy without compromising the potential value of these tools.

Next Steps?

When moving away from traditional models of privacy and data use, it is crucial to remember that just because not all regulators are aware that new technical controls are available, it doesn’t mean that they don’t exist. When a binary choice between data utility and privacy is pushed to the forefront of the debate, new solutions can be overlooked, simply because they sit outside the traditional approaches to the issue.

All big crises provide big opportunities for significant positive change, and the next steps we need to take include the adoption of an integrated framework of data use alongside privacy protection. This kind of data use can ultimately provide more benefits to society, and we need to be ready to reap those rewards.

Author: Magali Feys, Chief Strategist -, Ethical Data Use, Anonos

Anonos Logo