2024 Identity & Payments Summit Recap: The Quantum Threat, AI’s Evolution, Securing Identities and Mobile Driver’s License Momentum
REDWOOD CITY, Calif., April 03, 2024 (GLOBE NEWSWIRE) — Today’s technological landscape is in a state of flux, pushing industries to collaborate or get left behind. With that in mind, the Secure Technology Alliance hosted its inaugural Identity & Payments Summit. The event is the first to bring trust, security and privacy to the forefront, exploring how identity, access and payments markets converge across multiple verticals in today’s hyperconnected world. The Summit, held from February 26th to the 28th in Tucson, Arizona, brought together nearly 400 leaders for collaboration, education and networking.
“Collaboration is integral to the Secure Technology Alliance’s mission. During this last year, we’ve undergone a transformation that has pushed us to think beyond siloed industry sectors, instead focusing on how the identity, payments and access ecosystems can uplift one another,” said Christina Hulka, executive director of the Alliance. “As we look toward the future of the organization and its Summit conferences, we hope to inspire leaders to think critically about the connections between various industries and work together to overcome challenges. Only then can we create a world where tomorrow’s innovations are secure by design.”
Secure identity and the fraud fight –
Identity has long been utilized as a vector for mitigating fraud risks across several industries, payments being no exception. Throughout the Identity & Payments Summit, speakers weighed the strengths and weaknesses of today’s identity ecosystem and stressed the importance of working together to find solutions.
Mastercard’s Les Mathews, executive VP of services in North America, delivered the welcome keynote, citing the tremendous problem of $43 billion in identity fraud losses in the U.S. and that 86% of global consumers are worried about it. “A trusted identity is the primary accelerator of the digital economy,” said Matthews. “Achieving digital trust requires collaboration across all sectors.” Many speakers agreed, pointing out that additional identity elements can help reduce fraud, but rolling them out at scale and making them work well are essential to success.
Another heavily discussed problem in the risk management space was card-not-present (CNP) fraud. Visa reported that seven times as much CNP fraud happens in the U.S. compared to Europe, and that CNP fraud is growing faster than payments in the e-commerce space. Promising developments commonly cited to address the issue included a new version 2.3.1.1 of EMV 3D Secure, FIDO Passkeys and, over time, the convergence of identity and payments through state-issued mobile driver’s licenses (mDLs).
Meanwhile, keynote speaker Andy Cease of Entrust pointed out another important opportunity created by combining modern and mobile identities with behavioral biometrics, which is helping open more possibilities for the unbanked. “$40 billion is paid by the unbanked population in fees every year that could otherwise be avoided if they had access to banking services,” he said. Noting that 79% of the unbanked have cell phones, Cease pointed out that mobile identities hold the promise of putting control and new options into the hands of individuals who typically can’t qualify for credit cards. Introducing centralized banking to these demographics also has the possibility of reducing fraud associated with potentially unregulated payment rails.
Quantum computing’s looming threat –
Quantum computing will have a very significant effect on the identity and payments industries in the intermediate term, and the time to begin planning for the post-quantum period is now according to a lively presentation from Infineon and IDEMIA.
Quantum’s extraordinary increase in computing power is already in development and it will be expanding exponentially over the next few years. What makes this an important issue is that quantum is extremely effective at prime number factorization, the process that is used to reverse the asymmetrical cryptography keys that underlie security for financial services, the internet, mobile, identity credentials and many others. It is predicted that sometime between 2030 and 2035 quantum computing will have progressed to the point where it can break asymmetric keys, a massive improvement by today’s standards where the same process can take hundreds or thousands of years.
While that risk may seem far down the road, it is not. For some industries, including payments, establishing standards can be a slow crawl and certain infrastructure hardware equipment has a 7-to-10-year lifecycle. The time to start preparing for the post-quantum era is now. A speaker for IDEMIA likened it to the Y2K situation. When Y2K came no major disruption occurred because we planned for it. Dubbing the new situation Y2Q, the speakers expressed that what we need to do now is prepare for it with the same sense of urgency to ensure that there are no insurmountable consequences to the current security infrastructure.
AI takes center stage –
The explosive growth of AI was top of mind for many Summit speakers and attendees. American Express pointed out that while it is still early days, they are excited about the opportunities to explore generative AI to drive innovation that benefits their colleagues and customers. They have gathered a few hundred use cases from across the company and stood up an initial set of pilots focused on enhancing the productivity of their colleagues. Other stakeholders in attendance mentioned the use of generative AI as a productivity tool, implementing it for improved visibility into system security and enhancing cardholder experiences.
Fraud prevention was by far the most developed use case mentioned at the event. One global payment network claims to have stopped $20 billion in attacks in the past 12 months by leveraging AI. Visa added that while they’ve been using forms of AI such as machine learning algorithms to prevent fraud for 20 years, the industry is still only scratching the surface. For example, there is an opportunity for growth when it comes to using AI tooling to separate good transactions from potentially harmful ones, which can improve acceptance rates with minimal risk.
Keynote speaker Claire Le Gal, senior VP of fraud intelligence at Mastercard, showed an excellent demonstration of this, in which AI was used on the backend to examine cardholder data and block suspect transactions as they happen in 250 milliseconds, before authorization. By connecting directly with the customer using an AI chatbot, they could determine if it was fraudulent and put an end to it. The process is especially effective against friendly fraud.
With its capabilities to process and evaluate tremendous quantities of data, other AI use cases that were common to many Summit speakers included simplifying the processes surrounding documentation of chargebacks and disputed transactions as well as improving the customer service experience and connecting more closely with consumers and their preferences.
Mobile banking’s super apps –
The payments industry continues to move toward a fully integrated, digitized future. Fintech venture capital firm M13 reviewed the evolution of mobile banking and described the current “marketecture” as consisting of four layers. The base in their model, the Infrastructure Layer, consists of banks, card networks and others that provide the foundation for managing data and transactions used by apps. The next progression was the orchestration layer, which includes apps like Plaid that make it possible to access multiple accounts in a single app. This also made it possible to form the application layer, which created single-focus solutions for personal finance like Mint, mortgages like Loan Depot and others. What has emerged in the last two years is the ‘super apps’ layer, which are apps that re-bundle multiple services. Consumer super app examples include investing/banking like Robinhood and buy now pay later, while Square for POS and others are also emerging for businesses. Looking ahead they see the era of super apps continuing for the next several years, with a possible challenge from financial connectivity enabled by portable digital identities.
Mobile driver’s license momentum –
The U.S. is making great strides in creating trusted and secure mobile driver’s licenses (mDLs) and digital identities. The Identity & Payments Summit hosted a panel with leaders from key state motor vehicle divisions including Arizona, Georgia, Maryland, Utah and California, to highlight progress in implementing mDLs. These initiatives will have a tremendous positive impact on protecting people’s identities, reducing fraud, eliminating waste and many other benefits to our society in the coming years. Five of the six states that have fully implemented mDLs so far—Arizona, Colorado, Georgia, Maryland and Utah—represent 66 million people.
The director of the Arizona Motor Vehicle Division shared that for decades the driver’s license has been effectively a de facto national identity, expressing that mDL is simply a better, more secure way of carrying that legacy forward. Over 900,000 digital identities have been issued in the state of Arizona.
For the most part, these states are supporting their digital identities on Apple and Android phones through iPhone, Google and Samsung Wallets as well as stand-alone apps.
As it stands, the leading use case for mDLs is travel. TSA currently recognizes mDLs as secure identity credentials at its various checkpoints. There was a universal call for stakeholders to begin programs to use secure, state-issued mobile identities, and their inherent mobile device biometrics, for more use cases. The Secure Technology Alliance’s Identity and Access Forum is an ideal place to make these connections and work on creating cross-industry infrastructures for their acceptance.
The Alliance is very engaged with the mDL community and provides a website, mDLConnection, as a focal point for the latest information. It includes an implementation map showing the status by state of mDL programs.
Identity’s impact on vertical markets –
In a track dedicated to key industry verticals, including healthcare, thought leaders shared how identity and access tools shape day-to-day operations. During a healthcare-focused session, a presenter with iShare Medical shared a study that found that preventable medical errors are the third leading cause of death in the U.S. due in large part by incomplete medical information and poorly coordinate care.
The lack of the use of a defined standard in identity is a contributing factor. Most healthcare providers match patients based on patient name and date of birth. According to AHIMA (American Health Information Management Association) when more than one patient has the same name and date of birth health information management professionals “manually review possible duplicate patients and manually update paper and electronics systems as needed.”
According to information shared at the Summit, matching patients based on patient name and date of birth does not work because there are too many possible people with the same information to manually review the patient’s records to find a match. For example, a study performed by the Bipartisan Policy Center of Harris County Texas found that the county had 3.4 million people of which 2,488 were named Maria Garcia and of which 231 had the same date of birth. A common practice in this situation is to create a new duplicate identity for the same patient compounding the problem because now there is another Maria Garcia – that’s 232 and climbing.
This is why we need a Federated Universally Unique IDentity (UUID) such as the DirectTrust Direct Address that binds the real identity of a person to two X.509 certificates where one certificate is used for digital signing and the other for encryption. Performing patient matching based on the x.509 certificates provide a non-refutable identity match every time thus solving patient identity and matching.
Organizations, associations, government agencies and individuals interested in participating in upcoming Alliance projects and events, like the Identity & Payments Summit, should visit the Alliance’s website to learn how to become a member. By joining the Alliance, members will have access to activities within its affiliated U.S. Payments Forum and Identity and Access Forum. For continuing updates on the Secure Technology Alliance visit the organization’s LinkedIn and follow @SecureTechOrg on Twitter.
About the Secure Technology Alliance
The Secure Technology Alliance is the digital security industry’s premier association. By collaborating on education and guidance, the Alliance helps enable efficient, timely and effective implementation of large-scale, disruptive technologies. Its U.S. Payments Forum is the only non-profit organization bringing together merchants, issuers, payment networks, acquirers, processors and technology makers on neutral ground to develop resources for the betterment of the payments industry. The Alliance is also strengthened by its Identity and Access Forum which is dedicated to advancing the adoption and development of secure identification, including physical and digital technologies. This includes mobile drivers’ licenses, access control and various forms of identity authentication. For more information on the Alliance’s activities, please visit https://www.securetechalliance.org.
Contact
Sherlyn Rijos-Altman
Montner Tech PR
203-226-9290
[email protected]