Debating under the header ‘Mobile Identity Solutions: Developments & Innovations’, a panel of mobile industry experts at Mobile World Congress today explored the key challenges facing the drive and adoption of mobile identity and authentication technologies worldwide.
Consensus on this complicated topic unsurprisingly was scarce. However, several panelists did agree on one factor: simplicity and consumer trust will be the most influential drivers of change.
Payfone’s Rodger Desai said that, “Every cool thing you can do on your phone relies on consumers trusting that when they interact with these things that they’re safe.”
Mobile wallets, he said, are a key example of this – a pertinent point given that Samsung has used MWC to unveil its Samsung Pay service. But as these payment systems are rolled out, “the front doors are very weak,” Desai said. “If we don’t get that right as an industry it will erode consumer trust.”
These points were echoed and expanded on by Telenor’s Sven Størmer Thaulow. He argued that the debate about mobile identity and authentication solutions must not just be focused on the US and EMA markets, given the significance of the rising tide of mobile users taking up the technology for the first time in the developing world.
“Quite a few people in the next one billion to use the internet will be illiterate; they won’t know what a password is. The authentication service that cracks simplicity and gains the trust of end-users will be the one that wins. Delivering simplicity and value is key.”
Another issue debated by the panel was the security efficacy of a password and phone number combination, commonly combined in two-factor authentication solutions.
Stacy Stubblefield, Telesign co-founder, argued the case for two-factor, saying “We believe the mobile phone number is the best identifier online.”
She added that, to stop fraudsters, users should make sure they have a phone number tied to every account: “A user name and password being used doesn’t mean that that person is the correct user. When you tie a number to the account you can verify that that person is the correct person and a real person, not just a bot.”
Other panelists expressed some skepticism about two-factor. Desai said: “The challenge is that there are a tremendous amount of signals in the network. You need to use intelligence. You can have a token for an individual but then you can look at the signals to find out if the right person is behind that signal.”
As ever, one of the only points of agreement was that no technology is hack-proof. “A fraudster can port a landline onto a prepaid SIM card,” said Desai, proving that a call claiming to be from a certain number is not always 100% trustworthy.
Beyond the attempt to implement technologies that have more resistance to tampering or spoofing, though, Stubblefield still argued that two-factor authentication has a key role to play in raising the threshold of complexity for fraudsters to combat.
If you turn on two-factor, she said, you are far less of a target because you are more protected than the masses. “Fraud is a business – you want to get as much money as possible and leave as quickly as you can,” she added, saying that raising the complexity even slightly can be enough to deter criminal attacks of this kind.
But while a global standard for authentication could one day be achievable, the panel suggested, a global standard for personal, electronic identity seems much farther off.
With ID cards and electronic identity services in place across some countries but strongly resisted in others, any kind of global system of user identification will not be quickly achieved.
Nonetheless, the concept does provide an opportunity for the mobile industry, panelist Chris Ferguson of the UK Cabinet Office said. He argued that “It is going to be industry and government that drive interoperability” in terms of arriving at electronic identity solutions that meet consumer demands and operate within privacy frameworks.
“A standards based approach could take years,” he added. “We’re keen on trying to push for a market approach.”