Interview with Cédric Hozanne, CEO, Natural Security


Mobile ID World (MIDW): You just launched the Natural Security Alliance, can you please tell us about this?

Cédric Hozanne, CEO, Natural Security (NS): The Natural Security Alliance is the natural evolution of Natural Security. Natural Security was created in 2008 with the objective of redesigning and enriching authentication user experiences while leveraging the synergies between different distribution channels. After a phase of development of specifications and undertaking successful pilots, it is now the time for us to spread this standard. To create an open standard for strong authentication it is necessary to gather different inputs and to take into account all the relevant business needs, for instance the needs from merchants, banks, vendors, and governments.

The specifications need to be shared with industry stakeholders to encourage and support widespread adoption, as well as continue development based on their requirements and input. Creating an Open Alliance is now the perfect way for us to build an ecosystem that can achieve this.

MIDW: Who are the founding members?

NS: There are 27 founding members. What is interesting is that beyond the historical shoulder of Natural Security you will have new key members as, for instance, testing labs and card schemes companies. At this stage there are at least two of them, the first is MasterCard  and the second is GIE Carte Bancaire, which is the national French card scheme. All of these companies are currently exploring the next evolution of the smartcard by studying how to implement biometrics the right way. Having defined an open standard for strong but convenient authentication without compromising privacy and security, joining the Natural Security Alliance seems to be the right approach for these organizations.

MIDW: I know that you have privacy rules associated with the use of Natural Security, can you tell us about those please?

NS: Privacy is one of our core values at Natural Security. We were very pleased to be recognized, by being made an ambassador for privacy by design, by The Information and Privacy Commissioner of Ontario (IPC). To check that our specifications have been implemented the right way, we have defined a testing and certification process. Our best practices have also been compiled into a set of privacy rules to provide a framework for implementation of the specifications, according to Natural Security’s values and to simplify the role of data controllers.

MIDW: You recently released the results of a pilot test of a new payment method using biometrics and contactless technology, can you tell us what the results of that test were?

NS: We had actually 5,000 transactions in less than six months. It was a real success because usually when you set up a pilot for payments you get transactions at the beginning of the pilot and then they slow down. But what was really interesting for all of the partners involved in the pilot, was the fact that customers clearly adopted the technology and continued to use it throughout the 6 months duration. So we can see from the pilot that there is a true adoption of the Natural Security standard, which is a combination of a personal device with biometric data stored on the device and a voluntary gesture for payment.

MIDW: That is very positive news to see that your test worked so well. How does the Natural Security Alliance fit with some of the other activities in the industry such as the FIDO Alliance for example?

NS: The Natural Security Alliance is a member of the FIDO Alliance and we are totally complementary. Natural Security defines a strong authentication method while Fido defines a method to access to online services. We are working on the integration of these two technologies to provide a unique authentication experience, online and offline.

MIDW: That is very exciting news. How quickly do you think that we will see the end of the password?

NS: The end of the password is something that we explained to our shareholders and stakeholders several years ago. It is obvious that tomorrow all businesses will have to rely on strong authentication to deliver value added services for customers as a necessary functionality. Recent attacks on key service providers clearly indicate that we need to go beyond passwords and a combination of biometrics and a second element seems to be the best way to achieve this.

MIDW: We have seen tremendous interest, both through our webinars and also at an event we held in Tampa in September, all around mobility. We are seeing huge numbers of companies express interest in mobile identification. A lot has happened this year especially with the launch of Apple’s Touch ID. What was your take on the year so far especially around the launch of Apple’s Touch ID?

NS: The launch of Apple’s Touch ID based on a biometric authentication is providing a very good education for the customer. To date a lot of iPhone 5S’ have been sold, so it is good news in terms of increasing consumer’s education and experience of using biometrics. But it is important to split biometric use for convenience and  biometric use for security. If you use biometrics for security, you have to implement the biometric in the right way in order to guarantee privacy and protection of the biometric data.

MIDW: I think that the Apple Touch ID is a good first step in terms of awareness and making biometrics comfortable for large consumer use but I do see it as just a first step. There are companies and organizations like yours that will take it to the next level.

NS: It is a good trigger but implementation needs to be assessed.

We are not there to serve 10-20% of the population; we are there to establish a standard for every user. We are very concerned for older people who need something very secure but also something very simple to use. We also need to deliver a strong authentication method for people who don’t have the latest generation of smartphone.

MIDW: Well I couldn’t agree more and that really seems to be the secret and something that has changed over the past where higher end authentication meant less user friendly and less privacy secure, but these days  with groups like yours making higher end authentication easy and comfortable…this really is the key. So congratulations on your launch, I really look forward to hearing how everything unfolds over the next several months and thank you again for taking the time to talk with us today.

NS: It was a pleasure, thank you very much Peter. We will keep you posted!