The belief is that paying online or via mobile has the indubious advantage of speed, but this is only true if the authentication process of those who execute the transaction is also fast. However, this need for speed must not mean sacrificing the security of the transaction and the certainty that the person who is paying with a mobile device or computer is actually the owner of that payment tool and/or account. So this is why innovation in the realm of payments is moving towards the authentication of users for online or mobile payments or even for simple access to online services.
Examples of this we can find in different sectors, both public and private. In Italy, the increasing need to provide tools for certain identification of individuals in both the physical as well as virtual worlds prompted the preparation of a decree that went by the name of Sistema per l’Identita Digitale (SPID, or, System for Digital Identification) which would give each Italian citizen certified digital identity that would permit the secure use of online public services. Introduced during the law conversion phase of law decree 69/2013 (the Fare decree), SPID modifies article 64 of the Codice dell’amministrazione digitale (Digital Administration Code) so that public administrations can allow online access to their services, not only with an electronic Identification Card, but also through services offered by the SPID system itself. This should allow access even with the use of mobile technologies.
And a concrete example of success comes from Denmark where the government and banks have agreed to adopt a common standard for recognizing an identity via digital signatures, designed in a way to become a unifying recognition and access system not just for public services but also for banking and finance services.
So, in a country where 80% of the population has access to Internet, each citizen has a uniqueuser-ID and password to use as legal identification for e-government services as well as that of banking and finance. Thanks to the system it is possible to open immediately an online account by using one’s digital credentials, thus resolving the age-old problem of long distance recognition that exists to this day, and observed with great preoccupation by Banca d’Italia, as was recently demonstrated by the norm that went into effect last January regarding the adequate verification of clients by Banca d’Italia (KYC, Know Your Client).
It would also be opportune for Italy to follow this path, the best one to allow true mobility in payments and banking accessibility which is the precondition for truly cutting costs for banks and their clients, finally favoring banking mobility which is still very low today, and thus giving a strong stimulus towards a digitalized population. With just one go, a strong push towards access and portability of bank accounts and, therefore, competitiveness, in the client’s favor, and transparency and innovation could all be obtained. This is evidenced by the fact that even giants like Apple and Google are showing interest in the theme of weak identification: for access to digital services (email, social networks, eCommerce) operators usually require a user ID and a password, as well as a series functional attributes to use their services. Already one year ago Apple acquired Authentec, a leader in biometrics security solutions. And it is thanks to this that the iPhone 5S is capable of recognizing digital fingerprints with its TouchID.
As for Google, last week it acquired the Israeli startup SlickLogin, which has developed a technology capable of substituting the old password with a sound. The sites that adopt the SlickLogin technology emit a sound at the beginning of the login process. This sound is almost imperceptible and is intercepted by an app that is installed onto the smartphone of the user that, after having recognized it, sends back a signal for ID confirmation. This authentication system via audio seemed ideal for Google to create higher level of security above the classic password and that can be thought of as a total alternative to the traditional window that requests user ID and password, or as a secondary protection and security system that could substitute the so-called 2-step verification model that Google already offers free of charge. “Today we’re announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way,” said CEO Or Zelig, Chief Technology Officer Eran Galili, and Ori Kabeli, vice president for research and development.The three managers are also the founders of the company. Google is among the first companies to offer a two-factor authentication procedure to the public and is continuing to work on ideas to make Internet safer for everyone.
The connection between the theme of identity and that of digital payments demonstrates how the experiments of PayPal, who brought an innovative client facial recognition technologyto some of its sales points. The payments are authorized after recognition of the client’s face with the photo on the PayPal user’s page. An analogy of e-identity (in both stronger and weaker terms) with the world of electronic payments that makes evident, in virtue of the existence of converging solutions and tools, the consideration that payments are part of a larger identification and recognition process.
It is a hot topic, above-all in the U.S. where there is already talk of the existence of a true authentication business, where, along with OTT’s and banks, traditional circuits are also involved. Visa and MasterCard are working to promote the use of digital and mobile tokens for online and mobile authentication for transactions. In general, all of the new biometrics recognition technologies (voice, eyes, fingerprints, facial recognition, graphometric signatures, etc.) can be a further step towards the convergence between e-identity and e-banking. In Italy, a norm regarding this material was passed last spring (Regole tecniche in materia di firma elettronica avanzata, qualificata e firma digitale) and banks are beginning to move, in particular regarding graphometric signatures, but also leaving the door open to other biometrics solutions.
The common goal of all of these actors is that of favoring the use of digital payments and financial services by making them faster and more secure. Governments could also benefit from higher security on the Internet, having already proposed improved e-government services and digital literacy of their inhabitants. It is a big game that still must be played out and, to win, it will take convinced participation from both private and public actors. This is a challenge, that when confronted with, Italy cannot find itself unprepared. A country that courageously follows the example of Denmark, even with an extended view towards non public services, has a greater chance of modernizing its entire economy.