Mass market biometrics – convenience and trust

Back in 2002, biometrics seemed futuristic to say the least. Minority Report was released in that year and I vaguely recall a scene where Tom Cruise trades-in his eyes (yes, his eyes!) to fool, what was supposed to be a retinal scanner.

We’re now in 2015 and biometrics do not seem that sci–fi anymore. Biometrics are insidiously creeping in our lives, via a plethora of services and solutions. But whilst I do passionately follow how widespread biometrics are getting, I still remain very sceptical when it comes to saying that biometrics are the ultimate answer to security.

Let’s take fingerprints for example. Granted, fingerprints are truly efficient when it comes to authentication. They are part of you, and they are unique. Unless I am in serious, serious trouble, I would not be ready to have new fingerprints stitched, were that procedure to be available.

Fingerprints are unique:

A fingerprint is the representation of dermal ridges of a finger. Dermal ridges form a combination of genetic and environmental factors; the genetic code in DNA gives general instructions on the way the skin should form in a developing fetus, but the specific way it forms is the result of random events such as the exact position of the fetus in the womb at a particular moment. This is the reason why even the fingerprints of identical twins are different.

[From Encyclopedia of Biometrics, Stan Z.Li, Anil Jain : Fingerprint Recognition, Overview.]

But, this perceived uniqueness is not without some loopholes:

Doddington et al developed a statistical framework based on the matching performance of individual users.[…]. Their work focused on determining user-induced variability. In particular, they identified four categories of users:

(sheep) users who are easily recognized,

(goats) users who are particularly difficult to be recognized,

(lambs) users who are easy to be imitated,

(wolves) users who are particularly successful at imitating others.

[From Revisiting Doddington’s Zoo: A Systematic Method to Access User-dependent Variabilities]

Fine then, my fingerprints are supposed to be unique. What if there was a “wolf” out there who knows he can access my biometrically locked services, consciously, not by hacking, but simply by the trick of his finger? I’d be having a “finger twin” (remember Joey in Friends in the hand twin episode), albeit an evil one.

This situation, though infinitesimally probable (and even more improbable when it comes to me, with my abnormally high number of minutiae, but that is another story!), does pose a pertinent question. Should I be able to repudiate a service which was authenticated biometrically?

The straightforward answer would be no. However, there have been, in the past, numerous cases in which innocent people have been wrongly singled out by means of fingerprint evidence.

In 2004, Brandon Mayfield was wrongly linked to the Madrid train bombings by FBI fingerprint experts in the United States.

Shirley McKie, a Scottish police officer, was wrongly accused of having been at a murder scene in 1997 after a print supposedly matching hers was found near the body.

[From “Why your fingerprints may not be unique” The Telegraph 21 April 2014]

These cases do prove one thing: An unlucky string of circumstances, though highly unlikely, could be enough to repudiate the alleged non-repudiable: fingerprints.

Mind you, I have not even stepped into the “conventional” debate – Tsutomu Matsumoto, the Japanese guy who made fake fingerprints out of gelatine – nor started a discussion on the challenges facing biometrics – varying physiological aspects in population and environmental effects on both the biometrics to be sensed and the sensor used. And I am miles away from two three-letter acronyms: FAR and FRR.

Mass market biometrics are currently only about convenience, not security. Not having to remember PINs is nice (particularly if you collect bank cards like I do), but relying solely on biometrics is hazardous.

Security is added, or rather implemented, by combining other factors (something you have, something you know), but here is the catch – the more you secure, the less convenient is the solution. Phone + fingerprint + PIN definitely imply that my evil twin finger would have to get hold of my phone, know my PIN to access my services, but would I, as a lazy client, be bothered if I had to have the phone on me, key in a PIN and place my finger on the reader for each access to a service?

But besides this well-known trade-off between convenience and security, there is another crucial aspect in biometrics: sustainability. Unlike “conventional” credentials which can be revoked and changed in case of attack, revoking compromised biometrics is certainly more difficult. Revocable biometric algorithms may be the answer, but I prefer make abstraction of it in this article. In view of ensuring the viable trust of future biometric solutions, emphasis should be laid on zero-flaw in current roll-outs.

L’Observatoire appelle également les acteurs à être vigilants durant les phases d’expérimentation de solutions fondées sur la biométrie, la compromission d’empreintes biométriques utilisées par celles-ci pouvant mettre en cause le déploiement de solutions futures à plus grande échelle.

The panel also calls on players to be vigilant during the experimental phases of solutions based on biometrics. The use of compromised fingerprint may seriously challenge the deployment of future solutions on a larger scale.

[From 2014: Rapport annuel de l’observatoire de la sécurité des cartes de paiement]

Trust, once shattered might be hard, impossible even, to rebuild, especially if the same client pool has been compromised. A case in point here is the Mauritian Biometric Identity Card Scheme. The fingerprints enrolled were stored on the chip, which is secure enough, and a not-so-secure centralised database. A couple of years, frenzied passion against biometrics and doubt-instilling database procedure malfunctions, were enough to convince legal authorities to destroy the much controversial biometric database. The Mauritians are paying the high price of a rapid and not sufficiently prepared solution. I’m not sure they’ve gauged the extent of the problem though.

Les empreintes digitales de 947 000 citoyens, collectées pour la nouvelle carte d’identité, ont été supprimées de la base de données. […]Les données biométriques seront désormais sauvegardées uniquement sur la puce insérée dans la carte.

The fingerprints of 947 000 Mauritian citizens previously collected for the new identity card scheme, have been deleted from the database. […] The biometric data shall be saved only on the identity card chip. 

[From Carte d’identité : Les empreintes digitales de 947000 citoyens détruites” L’ 1st September 2015]

Were I to be one those 947 000 enrolled, the court’s order to destroy the biometric database, limiting the credential to the chip, would not reassure me at all. There has been a point in time where the database was operational with people behind accessing them. Damage could already have been done, and leaving my fingerprint data on the identity card chip is like having a key in a safe when the duplicate key is either destroyed or lost somewhere.

Our approach to biometrics needs to change rapidly. The stars are getting lined up for biometrics. Demand for new authentication methods, enhanced reliability as well as more affordable price ranges are starting to build up a huge potential for future solution deployments. It is up to us to develop new archictectures. Assessing the expected convenience levels and maintaining the high levels of trust will ensure consistency in the security of biometric solutions.

It’s the convenience and trust, convenience and trust only. Security is the outcome of it.




Everybody panic, part 97: contactless cards

Oh no! Shock horror! Something must be done! It’s an outrage! Thank goodness we have a free press to expose this egregious, calamitous, nefarious episode! Questions must be asked in Parliament. Yes, it turns out that a famous author (J. K. Rowling who wrote the tedious “Harry Potter” series of children’s books) has been trimming her hedge.

Shock! Horror!

Oh, and on the front page the non-issue of contactless card security has come up once again, following a report from the consumer organisation “Which?”. They reported that contactless cards work according to their specifications. Using a standard reader they were able to interrogate standard cards and obtain the standard details, which do not include either the cardholder’s name or the security code. You cannot use the details to make a clone contactless card or a clone chip and PIN card or a counterfeit magnetic stripe card.

Yet the Which? researchers managed to buy a £3,000 TV set using one of the cards.

[From Banks want us all to have ‘tap and pay’ cards even though they’re a godsend to fraudsters | Daily Mail Online]

No, they didn’t. They did not use one of the cards. What they did was to use the card number and expiry date with a merchant who does not check the name, address or security code. Retailers are entirely free to do this, it’s up to them. The point of the card system is to protect consumers, not retailers. If retailers decide to deliver a £3,000 TV to a block of flats in Hoxton on the basis of a card number and expiry date (without checking the name, address or security code) then that is their look out. The customer will spot the unusual transaction and charge it back. The bank will charge it back to the merchant. The merchant will be out of £3,000. But it was their choice, so who cares? Anyway, the researchers were surprised that some merchants would behave in this fashion.

We doubted we’d be able to make purchases without the cardholder’s name or CVV code, but we were wrong.

[From Thieves use scanners to steal account details even when contactless card is in your wallet | Daily Mail Online]

Remember, this is the same information that a fraudster could obtain just by looking at your card. Luckily, the newspapers have also had some useful advice for customers concerned about card security.

James keeps his debit card at home and the PIN is still in the sealed letter. That way, if a fraudster takes money from his account, he can easily prove to the bank that he hasn’t used it.

[From There’s nothing James Freedman doesn’t know about fraud … so why won’t HE use contactless cards? | This is Money]

Had the researchers glanced at any or our blog posts about contactless security, starting back in 2006, they would have known about this uninteresting risk. It isn’t news. I’ve suggested before that rather than panic about the non-issue of contactless security, their energies might be better directed toward educating the public about the technology and the distribution of liabilities.

The traditional way of educating the mass market in the UK about anything is to pester the BBC to include it as an EastEnders story line.

[From Crime and contactless]

You may think that I was being flippant with that remark last year but I wasn’t. In fact, the soap opera route has been tried, albeit on the other side.

Coronation Street and Emmerdale will feature Visa’s contactless payment technology from February.

[From TV signs Visa product placement deal for Coronation Street and Emmerdale – Coronation Street News – Soaps – Digital Spy]

Sadly, I have never watched either Coronation Street or Emmerdale, although I know what they are because Harry Hill used to make fun of them on “TV Burp”, so I’m not best-placed to suggest appropriate plot lines. But perhaps one of the characters spotting a £3,000 charge to Currys on their statement and then charging it back might be far too dull.

Now, you might imagine that these stories are so trivial as to be utterly uninteresting. And on the one hand they are. But on the other hand I find them intensely annoying, because they are so insulting. “Fraud alert” over a payment architecture that has been under development for a decade? That’s a headline that suggests that I am a moron. As are the experienced risk analysis and payments architecture experts at Consult Hyperion. As are the risk management experts at retail banks. As are the strategists at Visa and MasterCard.

What are the media thinking? That there is no point over the past decade when it occurred to anybody that because the EMV standard involves the passing of unencrypted data between the card and the point of sale terminal that anyone with a standard reader would be able to obtain the card number and expiry date? That the thousands of people involved in the planning, design, launch and management of contactless cards were as thick as planks? That the issuing banks were so dumb to accept full liability for the fraudulent use of contactless cards that they are going to go out of business? That merchants who accept card numbers and expiry dates without a valid cardholder name or address are simply too dense to understand the liability shift?

Just to be clear. The actual figures (from the UK Cards Association) are that fraud losses from contactless cards are less than for contact cards, for the obvious reason that card numbers are, by and large, stolen online in vast bulk (see, in the Daily Mail, for example “Benson bought stolen credit card details from Russian gangsters”) and not obtained by individual fraudsters waving phones around peoples’ arses (although that would work, as this video shows).

You can tell from the Nokia 6131 used in that video that it was made a good few years ago but, as yet, the gangs of pickpockets in London seem to prefer the old fashioned methods, so you’re much better off carrying a contactless card (that can be refunded in the event of loss) rather than cash (which cannot).

Don’t panic. Unless you spot someone holding their mobile phone a little too close to my backside on the tube, that is.

Neo-banks and iso-banks

For some years, we’ve been talking about an emerging category of what we’ve been calling “near-banking”. I remember using the concept in a couple of projects around the O2 Wallet. Remember that? It was a mobile wallet with a companion pre-paid Visa card. We used it in a Cabinet Office Alpha project with welfare benefit recipients and it worked very well indeed. But it was canned shortly afterwards.

It wasn’t well-received. It seemed like a patchwork of products, was not very user friendly and was essentially not compelling enough to persuade users to try it.

[From O2 Wallet: no users and too much competition. It had to go | Mobile Money Revolution]

This was not, to my mind, a condemnation of the concept. Only a few days after Telefonica shut down O2 Wallet in the UK, we see T-Mobile in the US launching essentially the same product: a pre-paid Visa card linked to a mobile phone number.

The company announced today Mobile Money, a free checking account service available to anyone with a T-Mobile phone number.

[From T-Mobile Mobile Money – Business Insider]

The concept wasn’t the problem. I never saw any marketing of the O2 Wallet. I don’t remember ever seeing a TV ad or anything in the mainstream press.

A key problem here, Holden suggested, is the failure of NFC to take off as a contactless payments technology.

[From What does the closure of O2 Wallet say about the future of mobile payments? — Tech News and Analysis]

I disagree. I thought the NFC thing was tangential. Yes, O2 were a bit hopeless in getting NFC up and running and yes they should have looked at HCE sooner and yes it is symptomatic of a structural flaw that even a telco can’t get SIM-based SEs sorted out. This isn’t because O2 were especially hopeless. Look at what happened in Spain, where Bank Inter launched HCE-based solutions even though they are an MVNO with their own SIMs! I notice, by the way, that Bank Inter have taken advantage of Google’s decision to add HCE to KitKat and put their Mobile Virtual Card (MVC) solution on that platform. I do have to confess that I found some aspects of the O2 customer proposition baffling though. I remember when I got an e-mail from O2 informing me that

As a result of recent changes in the law, we’re obliged to ask you about the source of your funds, once you’ve loaded more than £2000 a year on your Wallet. Unfortunately, if we’re unable to contact you after three attempts, or get an inappropriate answer, we may be forced to block and subsequently close your account.

I’m really curious to know what an “inappropriate” answer might have been, but when someone sounding for all the world like a sophisticated fraudster phoned me up claiming to be from some Gibraltar-based entity wanting details about my personal financial circumstances, I told them. I knew, of course, that this was pointless time-wasting money-wasting AML nonsense but I did wonder what a typical member of the public might have thought about it.

But I digress. I have to say that I rather liked the product as it ended up. With two teenagers in the house I found it simple and convenient. We kept the Visa card in the kitchen and when one of the boys went to get some shopping or had to buy something for school or whatever they took it and used it and I got the transaction confirmation immediately on my phone and I could top it up when necessary.

It was sort of like a bank account for our house.

When I spoke about the rise of “near-banking” at Payments 2012 in London in May of that year, I made the point that there is an opportunity for a spectrum of near-banks that target a potentially wide variety of specific niches (the example I used then was a “Sagabank” for older people), and I still think that this is one of the attractions of the model. The near-bank is not a new idea. In 1997, I wrote (with my then fellow Consult Hyperion colleague Mike Young) an article for Internet Research called “Financial Services and the Internet” (Volume 7, Number 2, p.120-128). In that article we wrote about the potential for the new technology to assemble a banking service depending on the customers’ needs.

Financial services customers use IT to build a seamless environment for themselves, “with the underlying best-of-breed products originating from a wide range of suppliers”; Financial services providers “retreat to a small range of products that build on core competencies, but supplied to a global market”.

[From You searched for near bank – Tomorrow’s Transactions]

This came to mind when I read an interesting post about the new market segmentation for retail banking by the Starling Bank CEO Anne Boden. Anne refers to “neo-banks”.

If you look at the US and some of the European markets, you can see another area of growth that is likely to hit the UK market soon, in the form of so-called neo-banks. These brands claim to deliver the best in class digital experience, with none of the risk of a balance sheet – so they effectively put a layer of information management over another banks’ product set… Simple and Moven are probably the most well known names in this space, with Number 26 starting to grow their reputation across Europe.

[From Starling]

She then goes on to talk about the O2 Wallet category that is centred around pre-paid debit cards, although I think I might argue that these categories have a great deal of commonality.

The grouping of brands that have the greatest potential to cause customer confusion have to be the pre-paid debit cards.

[From Starling]

This made me think about breaking down the “near-bank” category. There’s a difference, I think, between something that looks like bank but isn’t (e.g., Moven or Holvi) and something that doesn’t look like a bank but performs the same functions as a bank in the eyes of the consumer (e.g., Bluebird). In both cases the proposition is essentially a mobile app plus a pre-paid card, but their grammar is different. Therefore, I propose a new terminology standard: I propose that we call the first category neo-banks (as Anne did) and that we call the second category iso-banks. Are we agreed?

With this terminology, we can distinguish neatly between neo-bank (Moven) and iso-bank propositions (O2 Wallet). In business terms, the neo-banks are competition to the retail banks but the iso-banks complement them in specific niches. I have a Simple account instead of a conventional retail bank account, whereas I have my Caxton FX euro wallet as well as a conventional retail bank account. What do you think?

Still arguing about the blockchain

I’d been along to the first European Bitcoin conference, I’d asked our guys about the different aspects of the technology, I’d looked at the functionality that Bitcoin delivered. I came to the conclusion that the technology behind Bitcoin (the blockchain) was much more interesting than the new digital currency and this is what I told our clients and, later, blog readers. Here’s what I wrote back in 2011:

The best strategy is to learn, and to think about ways that the cryptography at the heart of Bitcoin can be used to deliver new kinds of services in a connected environment. I don’t think cash will be one of them.

[From What should the “mainstream” think about Bitcoin?]

I still don’t. And just to save time and e-mails, yes I know that technically you can’t use the Bitcoin blockchain without technically having to use Bitcoins but I don’t seeing using the smallest possible divisions of bitcoins that there are (known as satoshis – there are 100,000,000 sastoshis to one Bitcoin, making them worth around one ten-thousandth of a cent) as transport vehicles for digital assets as the same thing as using Bitcoin as money and certainly not as a currency. And it’s only one way of building a blockchain anyway. But back to the point.

Interest in bitcoin has waned.. Interest in the underlying mechanics of the currency, however, has continued to grow. The technological breakthroughs that made bitcoin possible, using cryptography to organise a complex network, fascinate leading figures in Silicon Valley. Many of them believe parts of Mr Nakamoto’s idea can be recycled for other uses.

[From Blockchain: The next big thing | The Economist]

Some of them are pretty serious people, too. Wim Raymaekers, who manages SWIFT’s Banking and Treasury Markets worldwide and is responsible for the evolution of its core banking value proposition, had this to say about Bitcoin earlier in the year [Raymaekers, W. Cryptocurrency Bitcoin: Disruption, challenges and opportunities. Payments Strategy and Systems 9(1): 22-29 (2015)]:

Banks should look at the technology underlying cryptocurrencies as a potential generic new way to transfer ownership of value in the longer term.

This is essentially the same thing that we said four years ago, so I was happy to see a serious player coming to the same conclusion from a different perspective. And I can assure that SWIFT is not the only serious institution thinking this way. One of the first blockchain-centric assignments for a financial services customer that Consult Hyperion worked on was to look at the idea of using blockchain technology in certain kinds of trading environment and this particular use of the blockchain appears to be gaining momentum.

[] filed a prospectus with the Securities and Exchange Commission that indicates it may issue up to $500 million in stock or other securities using technology akin to the online software system that underpins bitcoin.

[From Overstock Files to Offer Stock That Works Like Bitcoin | WIRED]

Hence I was very interested to see that Nasdaq are going to do an experiment in just that space. To have one of the world’s most important exchanges use the technology for trading would certainly be a confirmation that there is something to the idea that the blockchain is a new way of doing things and a genuinely novel solution to an old problem. So how are they going to do it?

Nasdaq will initially leverage the Open Assets Protocol, a colored coin innovation built upon the blockchain.

[From Nasdaq Launches Enterprise-Wide Blockchain Technology Initiative –]

Colored coins? Well, they’re not really coloured (just like quarks aren’t really red, green or blue).

…bitcoins can be selectively “colored” or marked with extra information to represent something else, such as a stock, but it still retains all the information needed to still use it as a bitcoin. If the stock fails for that colored coin, or the holder wants to abandon the stock and use the bitcoin instead, the “stocks” that the user received as fractions of a bitcoin can be spent as a normal bitcoin without any problem.

[From ELI5: What’s the difference between sidechains and colored coins? : Bitcoin]

Now, a blockchain is a computationally expensive mechanism for maintaining a distributed ledger. It’s worth doing for Bitcoin because the design goals for Bitcoin include cash, and cash must be resistant to double spending and counterfeiting and open to use by anyone. Is it worth doing for, for example, equities? That depends on how cash-like you want to make them. Remember Edward de Bono and his “IBM Dollar”? I was thinking about this while I was listening to Angus Scott from Euroclear (which makes Visa look like a picnic – it settles more than a trillion euros every week) talk at the recent Payments Forward event on cryptocurrencies that my colleague Steve Pannifer commented on last week. Angus was talking about “collapsing” the data flows around clearing and settlement, which I thought was a useful way to think about the impact of the blockchain on the activities.


So – in the absence of any actual knowledge of what they doing – Nasaq will (I’m guessing) use coloured satoshis as a mechanism to maintain a distributed ledger as a means to affect trades without clearing: if I want to move one of my IBM shares from me to you, I simply send you the satoshi with the IBM share in it to you and it’s yours. Done. All of the asymmetric, error-prone, costly data flows associated with the trade are thus collapsed. It’s certainly an interesting experiment although it’s not to my mind an indication that Nasdaq will any time soon cut over to the Bitcoin blockchain or, indeed, a blockchain of any description.

Note that this is not THE Nasdaq market. Nasdaq is only testing with a special tiny little private market that was previously tracked by hand. This is just an experiment that might not go anywhere.

[From Wall Street is using Bitcoin, not just the blockchain. : Bitcoin]

Yes, absolutely. But like all well-designed experiments, even if it goes nowhere we will all learn something from it. I’m not smart enough to predict what is going to happen here, and my hunch is that coloured coins are not the optimal implementation for this sort of thing and that something like Ethereum would be better (because I think that “smart contracts” have a key role to play). But that’s just my opinion. In the meantime, the more experiments the better as far as I am concerned.

Denmark shows us the mobile way

News arrives that our Scandinavian cousins are getting serious in the war on cash.

The Danish government has proposed getting rid of the obligation for selected retailers to accept payment in cash, moving the country closer to a “cashless” economy. Nearly a third of the Danish population uses MobilePay…

[From Denmark moves step closer to being a cashless country – Telegraph]

Actually half of the adult population of Denmark use MobilePay, the mobile-initiated account-to-account (mA2A) immediate payment services, the equivalent of Barclays’ PingIt, that is offered by Danske bank in Denmark. It was launched two years ago and has attracted more than two million users out of a population of 5.5 million which, when you look at the demographics, means that already has around two thirds of its total addressable market (i.e., Danish smartphone users aged 13 and up). Right now it is processing around 200,000 transactions per day with an average value of around €33.


The mobile phone provides a secure and convenient A2A initiator.

MobilePay has over 7000 merchants signed up and has an “small business acceptance” app in place so that merchants can accept electronic payments without a POS terminal. They charge merchants a flat 1% fee (with a maximum of five Danish Krone, or abut 50p) for payments and I’m told (by a very reliable source) that the fraud levels through this channel are significantly lower than they are on cards. They are now extending the app to provide a contactless NFC and Bluetooth option for point of sale. What interests me most about their roadmap is that they have a very good API and are now trialling it with some merchants because, as we all know, merchants want on their own apps to deliver the best customer service and the future is “app and pay”. I saw a very good example of this using a Copenhagen coffee shop app.

Direct A2A payments from inside merchant apps look set to grow.

In the UK, we have two mA2A mobile-centric front ends to the faster payments service (FPS). These are the aforementioned PingIt, offered by Barclays, and Paym, offered by everyone else. Paym has around two million people registered and transferred around £26m in 2014, We happen to be a Barclays-centric household, so I use PingIt all the time and find it very convenient. Therefore I was very excited that they decided to extend their addressing from mobile phone numbers to Twitter names!

Barclays has declared on 25 February that it will be the first British bank to allow people to pay each other and small business through their Twitter handles from 10 March.

[From Barclays uses Pingit to become first UK bank to process Twitter payments – Real Business]

If you want to try this out for yourself by supporting a good cause, by the way, then simply fire up the PingIt app on your mobile phone, select a modest amount for test purposes (say, £250) and send it to @dgwbirch. I will let you know as soon as your payments reaches the Dave Birch Holiday Home in the South of France Emergency Appeal Fund. Both PingIt and Paym are a long way from being used by half the adult population of the UK and edging cash out of the way for the person in the street but, back across the North Sea, Mobile Pay is playing a key role is edging Denmark closer to cashlessness.

The Danish government said as of next year, businesses such as clothing retailers, petrol stations and restaurants should no longer be legally-bound to accept cash. The proposal is part of a pre-election package of economic growth measures aimed at reducing costs and increasing productivity for businesses.

[From Denmark moves step closer to being a cashless country – Telegraph]

They are doing this because to try to get the total cost of the payment system in Denmark down to the lower levels that are seen in, for example, Finland and Norway.

if you include household costs, the total social cost of payments in Denmark is calculated at 0.55% of GDP, of which 0.35% is attributed to cash and 0.15% to the domestic PIN debit scheme.

[From I trashed my cash]

The context here is specific to Denmark. In common law countries (e.g., the UK and the USA) there is no requirement for retailers to accept any form of payment at all, cash included. It’s a misunderstand of what “legal tender” means to imagine that they do. But in Denmark, the law says that certain types of retailer must accept cash and so the law is being changed so that they don’t have to.

Copenhagen Parade

The Danes are very welcoming to visiting consultants.

I think it is really interesting to see this approach to national payment strategy – that is, one based on productivity and economic efficiency – in contrast to the UK’s where the mere idea of ending cheque clearing in a decade was enough to induce apoplexy in the shires and a shake up of the UK payments industry governance.

Authentication yes, identification… hhmmm…

I had the great good fortune to be asked by the GSMA to chair the Mobile Identity session at this year’s Mobile World Congress in Barcelona. During the absolutely excellent session, which featured input from Telesign, Payfone, Early Warning, Telenor, the UK Cabinet Office and Nok Nok, I happened to mention in passing that I thought that a global mobile-centric authentication push (perhaps using FIDO) was possible and that it would make life easier for many people, but that it wasn’t clear to me at all that a global identification platform was getting any closer.


A couple of people asked me about this afterwards, and so I thought it would make an interesting blog topic to look at real-world, population-scale identification as discussed in the session. I’ll use Pakistan as an example. Pakistan has very strong identification laws around mobile and rigorously-enforced mandatory SIM registration.

[Pakistanis] have to show their IDs and fingerprints. If the scanner matches their print with the one in a government database, they can keep their SIM card. If not, or if they don’t show up, their cellphone service is cut off.

[From Pakistanis now need to be fingerprinted to have a cellphone – Business Insider]

This will help to stop criminals and terrorists from obtain mobile phones and operating with impunity in Pakistan because it depends on the integrity of the national identity register. Oh, wait…

The famous green-eyed ‘Afghan girl’ immortalised by the National Geographic magazine on its 1985 cover has been living in Pakistan on fake documents, prompting authorities to launch a probe. Four officials were suspended on Wednesday for allegedly issuing fake Computerised National Identity Card (CNIC) to Sharbat Gula and her two ‘sons’.

[From National Geographic Afghan Girl living on fake identity card in Pak : World, News – India Today]

National identity registers are a single source of failure and a natural honeypot for crime and corruption, as Pakistan has discovered.

The National Database and Registration Authority [NADRA] reports that it has deployed a state-of-the-art facial matching system with the capabilities to stop fraud and forgery in identity documents, yet people are still able to obtain forged identity cards. This was very puzzling to understand given the supposed surety, accuracy and privacy of NADRA database that such a scam was still happening even after the introduction of new chip-based identity cards.

[From Identity theft persists in Pakistan’s biometric era | Privacy International]

It’s not “puzzling” as at all as far as I am concerned.

Identity theft is more common in single reference systems such as centralised national population registers, as they create a single point of failure, and centralisation increases rather than reduces the potential for fraud. Doppelganger matches also become more likely in large scale databases.

[From Biometric Smart ID Cards: Dumb Idea ::]

So while it makes sense for service providers to rely on biometric authentication to digital identities that they themselves will bind to virtual identities (with attributes), it is not so clear that it makes sense for service providers to rely on biometric identities established by third parties. In fact, when it comes to mobile phones, in this case I might go even further and say that it is not at all clear to me that we should be attempting to stop the bad guys from using mobile identities at all!

Surely it would be better to have criminals running around with iPhones, sending money to each other using mobile networks and generally becoming data points in the internet of things than to set rigorous, quite pointless identity barriers to keep them hidden.

[From Search Results SIM registration]

There’s a further point to make here, away from the exigencies of national security and the war on terror and in the world of business. As the banks have long understood, the issue of identification is inextricably linked to liability. There’s a world of difference between me as an operator saying to a service provider that “this is subscriber XYZ and it’s the same person who logged in last time and it’s still the same handset and SIM” and saying to a service provider that “this is Dave Birch”. I know I sound like a broken record on this, but it the overwhelmingly majority of interactions, who you are is not the point. The point is whether you are allowed to do something, whether you have credit, whether you are a subscriber or whatever. Trying to work out who someone “really” is means a world of legal pain.

According to the Post, “…sources say Instagram, owned by Facebook, ran into “serious legal problems” over its verification process and has been forced to pause it. Some suspect Twitter, which also has a verification system, had an issue with Instagram’s.”

[From Instagram is no longer verifying accounts – Business Insider]

Therefore it seems to me that in business terms, it makes sense for service providers to rely on bank identification since banks already have to comply with know-your-customer regulation. For this work, however, there must be a kind of identity “safe harbour” (i.e., if the person turns out to be using a false identity that the liability rests with the bank but if the bank has followed KYC procedures then it has no liabilty) from zealous prosecutors otherwise the wheels of commerce will become gummed up with identity junk.

Markets and blockchains

A blockchain solution, as many people have observed, is best suited to environments where there are a great many actors, some of whom may be untrustworthy. Such as, for example, financial services markets.

A British man, Mr Navinder Singh Sarao has been arrested, and faces extradition to the United States, accused of market manipulation, allegedly causing a 1,000 point drop in the Dow Jones index in 45 minutes and leading to personal enrichment to the tune of $40 million from that and similar incidents. Mr Sarao is a lone trader and was apprehended in his parents’ modest semi-detached house near Heathrow. He lives in a similar house across the street.

The profiteering is supposed to have occurred roughly like this:

1. Multiple sell offers were placed on the futures market, at low prices, which the offerer had no intention (and, in all probability, not the means) of fulfilling.

2. The primary market in the affected stocks, and perhaps others, fell on the flood of offers.

3. The manipulator bought shares at the depressed prices.

4. He withdrew the futures offers.

5. The primary market recovered and the manipulator sold his shares at a profit.

Leaving aside, of course, the question of Mr Sarao’s guilt or innocence, a couple of questions spring to mind:

• When someone in London manipulates a market centred on New York, in what criminal jurisdiction is he acting?

• To what extent does this kind of behaviour occur: is it possible that major market players indulge in such manipulations but at a more discreet level?

I’m by no means an expert in the particular markets involved here. But I do know that if I see my neighbour repeatedly put his house on the market, but never actually sell it, then he’s not exactly serious. If he puts it on the market for a first time, owning a similar property, and as a middle-class Englishman, I’m naturally interested in the price. If that price is wildly high, compared to actual recent deals for similar houses that are recorded on the publically available land registry database, then I’ll conclude that, as for a second marriage, my neighbour is suffering from the triumph of hope over experience. It’s about him, not the property and not the market. Similarly, if the price is unusually low, I’ll conclude that he has fallen upon hard times and is need of ready cash, rather than immediately supposing that conditions are such that there is a surfeit of such sellers that will move the market.

If another neighbour, who drives a modest car, suddenly auctions Bentleys I’ve never seen on eBay, my suspicions would be aroused. And so on and so on. What’s important in these examples, and applicable to wider markets, is not the absolute knowledge of a person’s identity, but of his standing and track record.

If somebody offers to sell stocks at a future date, he is more credible if it can be demonstrated that he actually owns them; or somewhat more credible if it can be demonstrated he has borrowed them. If neither of those can be demonstrated, then evidence that he owns lots of other stuff, to a much higher value than what he has offered, would be reassuring. Likewise, evidence that a reasonable proportion of his offers has been fulfilled.

How might any of that be achieved? One way would be for exchanges, registrars and so on to maintain central databases of offers, trades and holdings, query-able in realtime by market participants. That would raise a number of difficulties: for example, queries could place a massive strain on centralised systems, which might also present attractive targets to hackers working on behalf of manipulators.

An alternative approach could be to implement distributed ledgers using the blockchain technology that underpins BitCoin, or a variant thereof. There would be no single point of failure, and manipulation of the record is, for all practical purposes, impossible once a chain acquires new links (new offers, new transactions, new holdings, etc) and is widely replicated. For an in-depth view of how the blockchain can provide for efficient and secure financial transactions, beyond crypto-currencies, register for the excellent Payments Forward event on 11th May in London and listen to our very own Steve Pannifer demystify the technology before the panel session featuring Lloyds Banking Group, Eris Industries and others.

To me, it is incredible, and seriously worrying, that major players in the financial markets underpinning our economic system are not alert to basic warning signals that any dealer in second-hand goods would recognise. Indeed, they cannot be, given the current infrastructure. Fortunately, technology is at hand to rectify that. Who will move?

These are the personal opinions of Consult Hyperion and its guests and should not be misunderstood as representing the opinion of its clients or suppliers. To discuss how any of the technologies discussed in this post can benefit your business, please contact Consult Hyperion.

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
Verified by MonsterInsights