know your customer: identity and its role in securing ...€¦ · know your customer: identity and...
TRANSCRIPT
An ASSA ABLOY Group brand
The Trusted Source for Secure Identity Solutions
2016 Conexxus Annual Conference May 2, 2016
Know Your Customer: Identity and its Role in Securing Transactions and Networks Kathleen Carroll, Vice President, Government Affairs HID Global, Inc.
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
About HID Global
A worldwide leader in secure identity solutions.
Top recognized brand in the access control industry worldwide.
Headquarters in Austin, Texas. More than 2,200 employees globally. More than 2 Billion RFID products sold.
2
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Opened in 2014 in Austin, Texas North American manufacturing,
assembly and test operations, distribution, and sales operations
Only industrial manufacturing facility in Texas to achieve platinum-level with the U.S. Green Building Council
Named one of the city’s best new buildings in Austin Business Journal’s 15th annual Commercial Real Estate Awards competition.
Worldwide Headquarters and North American Operations Center
3
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Broadest Portfolio of Secure Identity Solutions
4
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Global Customer Base
5
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
An Overview of the Problem
Identity Theft
Credit Card Fraud
Hacking
Compromised Credentials
The Insider Threat
Skimming
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Paying at the Pump often Pays Off for Crooks
Source: eMarketer
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Chip and PIN
Burgeoning credit card fraud and the move to chip and PIN
Better security but at what cost – Onus on retail merchants to invest in new payment terminals
– Consumers unhappy with increased transaction times associated with chip and PIN
Chip and PIN – layered security
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Multi-Factor Authentication Level One: lowest level, no identity proofing required
Level Two: single-factor authentication – identity proofing may be required before a user receives a credential – one time passwords
Level Three: requires multi-factor authentication proving possession of the proper token through the use of cryptography – something you have, something you know (PIN, Password), something you are (biometric)
Level Four: proving possession of a key through a cryptographic protocol; only hard cryptographic tokens are used.
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
The Shift to Identity on Smartphones
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
An Undeniable Shift: Astronomical Growth of Smartphones and Users
Number of smartphone users in the United States from 2010 to 2018 (in millions)*
62.6
92.8
122.0 143.9
165.3 184.2
198.5 211.5 220.0
2010 2011 2012 2013 2014* 2015* 2016* 2017* 2018*
Source: eMarketer
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
BANKING – instant payments, secure transactions
REAL ESTATE – ‘instant’ floor plans, digital signatures
MEDICINE – personalized health care monitoring, diagnosis, exams, labs, medication, consults
COMMUNICATIONS – mobile hot spots, battlefields
BUILDING ACCESS – campus, government
BUSINESS – sales, marketing
HEALTH
SHOPPING
ENTERTAINMENT
COMMUNICATION
INFORMATION
FINANCIAL
ACCESS
Smartphones as an Extension of Consumer Identity
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
HID Global’s Seos® Mobile Technology HID Global Mobile Access in smartphones used for:
ID badges Student IDs Hotel keys Homes
Digital Language is wired into the younger generation
Unrealized citizen demand for mobile driver’s licenses
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
The Regulatory Landscape Retail associations paying attention to proposed laws and
regulations – Conexxus is a great way to get involved so that you can
influence policy – especially in the evolving mobile space
Current legislation on the Hill – Breach notification bill that would apply banking security rules
to retailers – one provision that I see as particularly onerous is the requirement that any retail employee who handles credit cards (in whatever capacity) must undergo a background check
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
The Center for Identity HID Global is partnering with the Center
Advisory Board Member
Research Study – A new category of personally identifiable information (PII) –
something you do
– Practicable insights about the interrelationships among convenience, security, risk, and privacy
– Imperative especially with the advent of mobile payments
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Privacy Privacy as a brand enhancer
Privacy and technology – Step One: Familiarize yourself with the Fair Information
Practice Principles (FIPPs)
– Step Two: Adopt “privacy by design”
– Step Three: Conduct a privacy impact assessment before upgrading or deploying any new technology solution
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
3. Secure Strong standards-based
cryptography platform Citizen’s data can only be viewed by the
intended authenticating smartphone
1. Voluntary Participation is voluntary User controls sharing Requires affirmative action
by user
2. Interoperable Works with major smartphone handset
manufactures and operating systems Works in other states and provinces
4. Private No one else has access to
personal data or can track identity Verify without handing over
smartphone
5. Remote - Capable Even in remote areas, should be
securely available from citizens
6. Always Available When a smartphone is inoperable (dead
battery, etc.), it’s possible to securely access a citizen's driver’s license
Policy Principles
An ASSA ABLOY Group brand
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
www.hidglobal.com
“Physical IDs are not going away. Neither is virtualization. Exciting innovations are coming to secure identity.”
THANK YOU!