Why We Need the New FIDO Alliance Identity and Binding Working Group

September 5, 2019 Parker Crockford

 

The FIDO alliance has a clear mission: ‘Simpler, Strong Authentication: Solving the Password Problem’.

But why are passwords a problem? Well, over the past decade, our digital footprint has been exposed to increasing numbers of third parties. Concurrently, data hacks have become more frequent and more serious, with news of breaches on an almost weekly basis. This means it’s likely that our data is widely available, especially on the Dark Web. Alarmingly, this includes our usernames and passwords. And when our passwords are no longer safe, then our online accounts are susceptible to attack.

Some startling statistics:

  • 2.3 Billion - stolen passwords in 2017
  • $5 Billion - cost to US companies each year to rectify account take over
  • $1m/yr - amount organizations spend on password reset technology
  • 20%-50% of helpdesk calls are for password resets. 

Ironically, passwords— which were supposed to protect us—have become the gateway for hackers to hijack our accounts. Identity theft is now the largest and fastest growing crime in the world.  And it enables all sorts of criminal activity. Approximately 5% of global GDP, or $2 trillion, is laundered money. This is used for human trafficking, drug trafficking and terrorist activity. Less than 1% of this is seized by authorities.

Yet we are still asking the same question after 30 years online: how do I know a person is who they claim to be in a remote setting? For many years, we thought that passwords were the answer. Now we know that we need a new solution.

There is a clear need for greater assurance around identity from the beginning of an online interaction.  This is especially true for Fintechs and Banks which have an increasing need (and regulatory requirement) to onboard customers in a remote setting, and carry out effective authentication workflows. To restore trust and protect users in the digital world, we need to remove our reliance on passwords and start with the high assurance of a digital proofing. 

That’s why Onfido joined the board of the Fido Alliance. We believe in their mission: ‘Simpler, Strong Authentication: Solving the Password Problem’. As a member of the board, I wanted to explore whether digital proofing could strengthen FIDO’s mission. I led a study group to explore whether the FIDO Alliance should expand its scope and, as a result, we recently announced a new working group: The Identity Verification & Binding Working Group. This working group will help the extent its remit in digital proofing, and set standards and certifications around digital proofing. Below is an extract from the press release.

“For accounts protected from phishing and other credential-based attacks with FIDO Authentication, the account recovery process when a FIDO device is lost or stolen becomes critical to maintaining the integrity of the user’s account. Validating a user’s identity with high assurance is an important aspect of this process, as well as for account onboarding processes, meeting Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements.

The FIDO Alliance has identified a newer remote, possession-based techniques including biometric “selfie” matching and government-issued identity document authentication as having the potential to greatly improve the quality of identity assurance for new account onboarding and account recovery. The Alliance has also determined a market need for authoritative guidance, performance evaluation and certifications for their use.

The FIDO Alliance has created the Identity Verification & Binding Working Group (IDWG) to fill this need. The IDWG will define criteria for remote identity verification and develop a certification program and educational materials to support the adoption of that criteria.

The IDWG is led by co-chairs Rob Carter, Mastercard and myself Other participating organizations include Aetna, Google, Idemia, Lenovo, Microsoft, Nok Nok Labs, NTT DOCOMO, OneSpan, Phoenix Technologies Ltd., Visa Inc., Yahoo! JAPAN, Yubico and the UK Cabinet Office.

By creating the testing standard for document verification providers, Fido enables the digital identity ecosystem to set up testing standards that the whole market agrees on.   This will help companies protect their users and give regulators and relying parties the impetus to put more stress on the document verification industry.”  

If you are interested in learning more or joining the working group please contact me at Parker.Crockford@onfido.com.

 

About the Author

Parker Crockford

Parker Crockford is Director of Strategic Accounts and Policy at Onfido. He is responsible for creating strategic alliances with key customers and advancing the new identity standard for the internet through policy analysis, coalition building, and community engagement. Parker has over 15 years’ experience in technology, finance and commerce, driving market adoption of technology that helps create a more meaningful, secure experience in a mobile first world. Parker was named a Top 2019 Influencer in Identity by One World Identity (OWI), is a founder of the Better Identity Coalition and is a board member of the FIDO Alliance.

Follow on Linkedin More Content by Parker Crockford
Previous Article
Onfido Ranks 8th in The Sunday Times Hiscox Tech Track 100
Onfido Ranks 8th in The Sunday Times Hiscox Tech Track 100

Onfido recognized by The Sunday Times, as one of the top 10 fastest growing private companies in the UK, ra...

Next Article
Nuggets Partners With Onfido on Private Payment and Identity Solution
Nuggets Partners With Onfido on Private Payment and Identity Solution

Onfido has formed a strategic partnership with Blockchain-powered payments and ID platform Nuggets, which r...