Consumers are tired of usernames and passwords. With the explosion in online shopping and services, the number of different login details each individual must remember has become unsustainable. As a result, the convenience of the format has been greatly diminished. This has a damaging effect on commerce: 86% of users report abandoning a purchase when asked to register with a website.
Usernames and passwords are also an increasingly insecure way of verifying digital identity. Hackers are now highly adept at cracking even sophisticated passwords and around 63% of online security breaches can be attributed to compromised passwords. Michael Chertoff, former head of Homeland Security in the US has described passwords as “the weakest link in cybersecurity today”. As cases of identity theft in the US have now risen to their highest-ever level, it is little wonder that 86% of users express concern over security in online purchases, with 87% saying they would prefer one single means of logging in.
One solution is authentication through a device everyone has in their pocket: a mobile phone. Mobile network operators are increasingly moving into the digital identity market with collaborations between operators and their partners to eliminate the need to remember multiple insecure usernames and passwords. Indeed, research published this month indicates76% of mobile users are interested in using a single sign-on service from their mobile network operator – and operators are uniquely-placed to provide such services. Those who have rolled out such solutions already have seen excellent returns on their investment. SKT for instance, announced that their identity solution has been adopted by 99% of Korean websites, generating a $40 Million annual revenue opportunity for operators.
There are multiple ways mobile networks can be deployed to verify identity. Operators in Belgium, working in tandem Belgium’s major banks, have launched their application ‘itsme’. A 5-digit code is entered for each transaction – codes which are not stored in a database – which itsme verifies while also checking the handset and SIM being used are those of the registered user. Alternatively, the Big Four operators in the United States are working with the GSMA towards being able use behavioural and location data to determine whether users are who they claim to be.
In addition, collaboration between operators and major private sector partners in Germany will soon make operator-led verification available to a wide range of consumers in the automotive, finance, IT, aviation, media, telecommunications and insurance sectors. Verimi – an amalgam of the words ‘verify’ and ‘me’ – will enable mobile users to access this broad range of services by using a single login or ‘master key’, without the need to enter separate details for each participating business. Significantly, users will soon also be able to access public bodies and services using Verimi, as Europe’s largest economy becomes its first major state to follow Estonia in facilitating e-government on a wide scale.
The implications of this technology go far beyond financial transactions and online purchases, with use cases are now expected to include a wide array of public sector deployments as well. With the implementation of the eIDAS Regulation in September 2018, we can expect a rise in the use of operator-led solutions in cross-border public as well as private-sector services: users will increasingly be able to access services as various as university enrolment, access to medical records, and filing of tax returns across borders using their smart phone.
During the shift away from passwords, more than $4 billion per year in new revenues is forecast to be generated by 2020 for those providing authentication, authorisation and identity services via eIDAS. The market incentive to meet this challenge is clear, and mobile operators are well underway in meeting it.
[su_box title=”About Marie Austenaa” style=”noise” box_color=”#336588″][short_info id=’103541′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.