What is mobile identity?

Mobile identity is a relatively new, broad concept referring to the way that our connected devices can be tied to us as individuals. A smartphone, for example, can be linked to an end user through a saved biometric template that allows only the authorized user to access it with a fingerprint scan or a selfie. But with new developments in FinTech, the Internet of Things, and even connected cars, mobile identity technologies are playing an increasingly important role across a range of devices and form factors, from fitness-tracking wristbands to in-car AI assistants that can recognize the driver’s voice.

Why is biometric technology becoming so popular on mobile devices?

To put it simply, biometric technology offers stronger and more convenient security than previous authentication methods. Passwords and PINs can both be compromised or forgotten, and must be changed on a regular basis. Since consumers are using their smartphones to access their many digital accounts, having a single strong authentication factor presents an attractive level of convenience while improving security. Because a biometric system is based around who a user is and not what they know or have, it is more intuitive to use than a password – especially considering that the username/password system in place was developed for devices with a QWERTY keyboard – and much more difficult to compromise. Thanks to recent innovations, biometric solutions are becoming increasingly accessible, while recent high-profile security breaches have underlined a need for better-than-password technology.

What other security technologies support mobile identity?

There are a number of solutions and mechanisms that are being used to secure identity across today’s mobile devices. There are security keys, for example, that can be plugged into the USB port of a laptop or tapped against an NFC-enabled mobile device in order to prove the end user’s physical presence during authentication. One Time Passwords, meanwhile, are increasingly being transmitted to end users’ mobile devices, allowing them to verify that they have a registered device at hand. Other important security mechanisms used in mobile identity include encryption, cryptographic hashing, trust certificates, embedded Secure Elements, and more.

How do second factors work in comparison to biometrics?

While a biometric is something you are, a second factor is something you have. The latter is often used in conjunction with something you know (a password or PIN), enhancing the traditional security framework; but it’s increasingly being used together with biometrics to enable even stronger security. Common second factors include tokens that generate a One Time Password (OTP), a mobile device with GPS (location based factors), and USB or NFC security keys, with models now emerging that feature embedded fingerprint sensors.

What is the role of AI in mobile identity?

Artificial Intelligence is playing an increasingly critical role in helping to support and secure mobile identity. The threat of presentation attacks – or “spoofing” attacks – aimed at tricking biometric authentication systems has prompted vendors to implement sophisticated, AI-driven liveness detection systems that look for subtle cues signalling that a live, human user is the one authenticating. And even before liveness detection comes into play, many of today’s biometric authentication systems already operate on the basis of AI-driven computer vision based on machine learning.

AI is also increasingly being used to automatically detect the signs of fraud in online behavior in the form of typing patterns, for example, or the speed at which online forms are filled out, among other anomalies. State-of-the-art AI can not only identify known end users, but also recognize the signs that something isn’t right, prompting step-up authentication requests and other additional security mechanisms.

How does mobile identity fit into the Internet of Things?

The Internet of Things is blossoming across the consumer, enterprise, and industrial markets. As the IoT grows and proliferates into all areas of society, mobile identity solutions offer two major benefits:

1. Mobile ID solutions can help end users interface with smart devices, either from an experience standpoint (the device senses your unique ID and reacts accordingly) or an administrative perspective (using voiceprint and speech recognition to change the settings on a connected device).

2. Mobile ID solutions can offer much needed, network-wide security. As more devices connect through the Internet of Things, experts are scrambling to find strong security solutions that can protect interconnected networks from sophisticated cyber threats, and mobile identity helps to ensure that end user touchpoints are secure.

How can mobile identity technology be used in commerce and payments?

Mobile identity technologies like smartphone fingerprint scanners and selfie authentication are now being used to authorize payments through mobile devices, even in brick-and-mortar retail stores. And beyond securing mobile payments and digital wallets, these same kinds of mobile identity technologies are increasingly finding their way into new applications, from biometric payment cards to in-car payment systems that let drivers get gas and pay tolls without getting out of the car.

What is on-device authentication?

On-device biometric matching is common across biometrics-enabled smartphones and a growing number of other devices. In this framework, biometric templates are stored in a secure place on the mobile device that can only be accessed by the authentication technology. Data is not transmitted to external servers; instead, the entire authentication process plays out within the device itself. While this limits the means by which an end user can authenticate – they must use the device on which they have been registered – it prevents the server-side hack attacks and data breaches that so often compromise personal data.

What standards and regulations apply to mobile identity?

There’s an increasingly complex web of standards and regulatory guidelines applicable to mobile identity technologies. In terms of industry standards aimed at promoting technological advancement, the FIDO Alliance has emerged as an important cross-industry body issuing specifications for two factor authentication (2FA) and multi-factor authentication (MFA), with a focus on the on-device approach.

On the regulatory side, laws like the European Union’s PSD2 and GDPR, aimed at securing online payments data and privacy, are pushing a growing number of businesses and other organizations to implement mobile identity technologies enabling Strong Customer Authentication.