vbcsf: Reality Check: The Future of Secure, Mobile Authentication

Ollie Whitehouse of NCC Group and Lauren Horaist from RSA join Derek Top. Starting off with Ollie: Mobile Security and 2FA (two factor authentication). NCC is a large independent consultancy, iSEC Partners in the US.

Mobile security: reality and elephants, future enablers; authentication and mobile of 2FA and voice biometrics. Security threats are numerous: hardware, various OS platforms (iOS, Android, Windows), vendor customizations (undermining platform security), apps (poor design & implementation), user activity & practices (including jail breaking). Challenges (an elephant in the room): mobile vendor fragmentation, vendor spend on security, 18-24 month device life cycles, carrier certification of updates required, user awareness/education and experience with security patches and carrier desire for security patches. Continue reading

vbcsf: Barclay Voice Security Service

Barclays logoMatt Smallman, Head of Strategy and Change, is speaking for Barclays Wealth and Investment Management, Client Experience. Barclays deals with clients on the phone, and the clients expect this level of service (now). They’ve been at this for a couple of years, will share lessons learned. Barclays is a universal bank, 50 countries, 300 year history, serving growth and investment areas and doing well.

Key business problems are around productive capacity. Broad spectrum of client needs, client focus internally. Working on removing the administrative load from front line employees. Clients have a choice between two interface: Barclays colleague (emotional connection) or DIY. “The employee-customer encounter is the crucible where value is created in sales and service organizations.” “Success will be defined by how our stakeholders think and feel about Barclays. It’s about creating an emotional as well as intellectual context with them.” Receive -> Route -> Recognize -> Resolve -> Review. Learning as they go along.

Recognition: identify, authenticate, authorize… (video from before biometrics) First challenge: trade-off between convenience and security. Their graph shows area way more toward security, slight convenience. Old model (2 years ago) was broken. Other problem dimensions: diamond shape graphic: client (top), colleague, company (middle), control (bottom). Process is in the middle, which got in the way. Security showed 1 in 4 fraud attempts.

Now (after voice biometrics): colleague speaking with client, time spent under 60 seconds (vs over 4 minutes and unsuccessful attempt to get info above). Voice biometrics: verification and identification. Modes of operation: text dependent or independent. Key processes: enroll client (informed consent) and verify.

Journey to implementation: RFP and proof of concept, evaluation and business case in 2011. Build and test, friends & family testing, client low volume and ramp up in 2012. Extend and analyze, optimize, repeat through 2013.

Lessons learned: solution is part of business process, sits in technology stack, involves clients and colleagues. Demos helped. “You’re my bank. If I trust you with my money, why wouldn’t I trust you with my voice?” Actual client-colleague experience is challenging, but is the key to successful adoption. Metrics and measurements: showing “the money shot” of when it works; getting the clients to that point takes work. Data privacy in UK requires consent for this purpose, successful enrollment, verification, matching, before the transactions take place smoothly. “If you are not serving the customers you better be serving someone who is.”

Forensic Science Academy

random bones

random bones

This is a joint post with Digital Identity Coach, offering two perspectives on this singular event. This post is about the process of dealing with casualties, the methods of forensics, and honoring the victims of (human-based) catastrophes.

Last Thursday I met with a small group of people from Social Media Club Hawaii at Pearl Harbor for a unique tour of the Forensic Science services (Forensic Science Academy) of the Joint POW/MIA Accounting Command (JPAC). We had a special opportunity to explore the process of identifying human remains—casualties of wars—and talk with one of forensic scientists doing this unusual work.

The basic idea: in wars, people from different countries, including Americans, die on foreign soil. All departments of the military have lost people. JPAC works with them all, and by extension, works with foreign governments to recover the remains and victims of battles. “The mission of JPAC is to achieve the fullest possible accounting of all Americans missing as a result of the nation’s past conflicts.” Continue reading

TechFest: Cool stuff you don’t know you need yet

Seems Microsoft is dreaming about being in your pockets and around your neck, among other places. As if they’re not already? But MS means in a new and different way.

SenseCam, touted as a visual diary of sorts, is designed to be worn around the neck and can take up to 2,000 images in a 12-hour day without the wearer doing a thing. …

Some technology on display at TechFest could soon be available to the public. For example, Microsoft is looking to license technology for identification cards touted as “unforgeable” because they combine a regular picture ID with another, multicolored box that includes a compressed facial image. A card reader makes sure both the regular picture and the multicolored box match before granting access, meaning people couldn’t just simply swap out the photograph on an ID card.

Another project, developed by Microsoft Research’s Beijing office, converts a regular facial image into a low-resolution, cartoonish image. That animation can then be used with instant messaging, to convey whether the person typing a message is laughing, frowning or nodding. It could help solve the problem of understanding the nuance of people’s typed conversations, without requiring the computer and telecommunications power needed to use a Web cam.