Mobile Solutions and Market Trends

2013 Open Stack Identity Summit - France

Transforming authentication

Thomas Bostrøm Jørgensen CEO Encap

! Encap – who we are and what we do

! Issues facing user authentication

! How is Encap adressing these issues

! Value proposition and Demo

! Authentication trends and drivers

! 5 years from now …

Agenda

!  Encap is the leading Nordic software security company, founded in 2006, with offices in Oslo and Palo Alto

!  Our security platform offers a wide range of innovative solutions for authentication and digital signatures based on standard protocols and interfaces

!  Our patented authentication technology enables smart-phones and tablets to be used as transparent, banking-grade ID credentials

!  Encap´s in-App client software enables a seamless and intuitive user-experiences, across all channels and devices

ENCAP

Security vs User Experience !  ”Everyone” is moving to 2FA

!  Most 2FA solutions are based on one-time-passwords (OTPs)

!  The problem with OTPs is:

!  Poor user experience especially mobile

!  Vulnerable to threats

!  Costly to buy and manage

!  Complex to implement and maintain

Current issues facing user authentication

How to fix the problem? •  Get rid of PC-era authentication solutions

•  Smartphones and tablets

•  Levarge context information (device and user)

•  Minimize user involvement (cognitive load)

•  Same user experience across all channels and devices

•  Use transaction risk to decide on method

•  PS: Biometrics is not a silver bullet

Encap retail banking demo

Functions and features

Authentication Digital Signatures

Transaction context info

Mobile App security

User- and device risk parameters

Encap functionality and features

End-User Directory

ENCAP Mobile App

ENCAP API

Mobile Business App

Client Side

Risk Engine Policy Manager

Identity and Access Manager HTTPS

Push

User Behavior

Device Pro!le

Encap Risk Interface

Encap Auth and signing server

Business Application Web Business

application

Server side Encap protocol

Encap protocol

Legend

ENCAP AUTH SOFTWARE

3rd PARTY

CUSTOMER

ENCAP APP PROTECTION

Overall system architecture

Value to the bank or issuer Reduced cost & complexity !  No additional hardware & no variable cost per transaction

!  Dramatically lower support costs

!  Reduces integration & management costs

!  Reduces the average TCO by up to 60% vs. OTP alternatives

Compelling experience = increased adoption !  Consistent experience across channels & devices

!  A “one-factor” user experience

!  A risk-based approach enables proportional security

Banking-grade security !  Banking-grade security based on software only

!  Adopted by the highly advanced Nordic banking market

!  Highly responsive to new threats & attacks

Authentication trends driven by … Mobile

!  Smartphone and tablet penetration in the world’s top 19 digital markets will double from 35.5% in 2012 to an average of 71.7% in 2015

!  This is fuelling the need for securing access to mobile services

!  The smartphone has made the phone a highly personal device

User experience

!  Compelling online & mobile user experiences will be at the heart of differentiation

!  Customers are demanding a consistent and seamless experience across all channels

!  Proportional security increase usability and lowers fraud

Authentication trends driven by … Increased threats

!  Sophisticated, high-profile and lucrative attacks will increase ( e.g. Project Blitzkrieg)

!  Social engineering is increasing

!  High-value/high-risk services are moved to smartphones and tablets

Big data

!  Institutions have a deluge of customer data

!  Data will be used to make risk-based decisions on users and transactions

!  62% of banks believe that managing & analysing big data is important to their success

Five years from now… Multi-factor everywhere

!  By 2018 multi-factor authentication will be everywhere

!  The simple password will (almost) become extinct

!  Robust biometrics will be implemented on smart-devices

Bye bye binary

!  A ‘binary’ approach to authentication will no longer be mandated or appropriate

!  Financial institutions will take a ‘risk-based’ approach to security and “step-up” to multi-factor when required

Harness the power of context data

!  Massive amounts of context date on behaviour, location, device etc are available

!  More data will be available about everyone