We are delighted to announce our report, ‘Transformative Women: Women’s inclusion in the evolving identity industry’, in connection with our Transformative Women initiative at Identity Week Europe and Identity Week America.

Inclusion in any workplace is a basic right. In technology industries in particular, male professionals seriously outweigh women. A lack of diversity in talented people working on the development of complex technologies like AI, blockchain, or digital identity can impact the product in terms of creating accessible identities.

In the report we explore the power of inclusive workforces on technology, the gendered impacts of technology around bias, and reflect on womens’ experiences from education and exposure to tech sectors, to mentorship and flexibility with juggling society’s pressures, childcare and taking career breaks.

Technology should be built for everyone by everyone to ensure the outcome of a product delivers on benchmarks of inclusion for example, privacy, security, usability and interoperability.

“We can observe that digital ID is a tool to measure inequalities in the broader society” – Christina Hirsch, EVP Digital Trust Business, Swisscom

Inclusion can be measured in terms of how many people own a form of official identification that enables their lives, as well as if it protects their privacy. Citing research from Osservatori Digital Innovation, Politecnico di Milano, we examine the diffusion of digital ID systems between men and women across the EU ecosystem, with men quicker to adopt technologies and specifically the legal persons identity in Italy.

Out of 850 million people who lack any form of ID across the globe, women in low-income countries are 8% less likely to own an ID than men.

Download the report here

Other reports

• Feb 2024: The Gold Standard for Defeating AI Deepfakes
• April 2024: Biographic to biometric data collection: The exclusion of “selective disclosure” rights for travel

The post What you need to know: Transformative Women Inclusion Report 2025 first appeared on Identity Week.

Vakaris Noreika, a cybersecurity expert at NordStellar

Data from 2024 shows that 278M leaked email addresses and phone numbers on the dark web come from companies operating in the tech industry

As many as 716M user contacts — namely 554M email addresses and 162M phone numbers — collected by identifiable companies were leaked on the dark web in 2024, new research by NordStellar, a threat exposure management platform, reveals. Technology, media, financial services, commerce, and healthcare are the top five industries responsible for the most leaked personal information.

According to the data, around 4,800 databases containing sensitive information belonging to individuals were published on the dark web last year. Six hundred of them could be traced back to identifiable businesses. The largest pool — 135 databases — was associated with companies within the technology and IT services industry. They contained 207M email addresses and 71M phone numbers, that is, information that best identifies a user in a system and can be used for contacting them.

“Technology is one of the biggest industries worldwide, with many companies, employees,  clients, and consequently, a vast pool of highly valuable digital assets and private data. Compromising a tech company can serve as an entry point to attack third parties — their partners and clients,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “Hackers usually target these companies for  significant monetary gain or to exploit them as a playground to test their skills — successfully infiltrating complex cybersecurity infrastructures can elevate a hacker’s status.”

Media services ranked as the second biggest user information-leaking industry, with 150M emails and 11M phone numbers landing on the dark web.

“Cybercriminals usually target media companies in the act of ‘hacktivism’ — to push their ideological agenda in the press. In other cases, they exploit these businesses to tarnish an outlet’s reputation and minimize their credibility. Instances of hacktivism soar during significant political events, so the 2024 U.S. elections could have contributed to the big numbers we’re seeing,” says Noreika. “Another sub-industry in media is advertising agencies, which when hacked serve as a gateway to strike other organizations these companies work with, as well as their clients — influencers and content creators. Social media platforms are also frequent targets — bad actors use stolen user profiles and contacts for scams.”

Main tools and practices to prevent data breaches

Companies that experience a data breach should notify their clients immediately and advise them to prepare and remain vigilant for suspicious emails, calls, or alerts about breached accounts. However, to avert possible breaches, a reputable business should consider investing in the following cybersecurity measures:

• A firewall and an antivirus solution. A firewall acts as a barrier, blocking unauthorized access into or out of a network, while an antivirus solution identifies and removes infected files. Implementing them on every network and device minimizes the risk of accidentally downloading malware.
• A zero trust policy. The zero trust model uses strict user authentication and continuous validation, ensuring that non-authorized or compromised users and devices are denied access to the company’s network.
• Data encryption. Strong encryption helps protect sensitive information by transforming it into an unreadable format. As a result, even if cybercriminals manage to steal the data, they won’t be able to access it.
• Cybersecurity training for employees. The majority of cyberattacks happen due to user error. While mistakes are bound to happen, teaching employees to recognize and report phishing scams will decrease the likelihood of experiencing a data breach.
• Threat monitoring. If a data leak does occur, it’s vital to deploy mitigation efforts as soon as possible, and the company should be the first to know about it. Threat monitoring tools help identify emerging cyber risks and quickly respond if data of employees is compromised to prevent it from further exploitation.

Noreika emphasizes that besides the mentioned tools, businesses require a comprehensive cybersecurity strategy to be fully protected. Companies interested in their security posture can check their rating using the free  Business Digital Index online assessment tool.

Research methodology

Out of the total number of 4,800 databases containing personal data that were leaked on the dark web in 2024, 600 had identifiable domain names that could be linked to companies on LinkedIn. The companies were first categorized according to the industry names on their social network profiles and then into broader categories.

The post Technology companies leak most user information, dark web reveals first appeared on Identity Week.

This week, the ID Talk podcast welcomed Rob Sutton, HID’s Director of Solution Enablement for Aviation and Travel, who shed new light on the challenges and opportunities facing the air travel sector with respect to digital transformation. With a career spanning nearly three decades in aviation, Sutton brought a wealth of knowledge and practical insights to the discussion.

The conversation delved into the growing role of biometric technology in aviation. Sutton highlighted its increasing adoption worldwide, noting the efficiency gains it delivers for passengers. “Facial biometrics greatly increase the efficiency of getting through an airport,” he said. “Just yesterday, I was through immigration in less than two minutes using facial recognition in Washington, D.C.”

For all of Rob Sutton’s insights and some entertaining asides about the quirks of the air travel industry, listen to the full episode of the ID Talk podcast, either through the media player below, or wherever you get your podcasts:

The ID Talk Podcast | HID’s Rob Sutton on How Identity Technology Is Transforming Air Travel

The post ID Talk: HID’s Rob Sutton on how identity technology is transforming air travel first appeared on Identity Week.

Written interview with Sophia Nunn, Counter Fraud Officer, HM Passport Office London Counter Fraud Team.

In December, the Identity Week team visited His Majesty’s Passport Office (HMPO) in London and were given a guided tour of each step it takes to develop and issue our world class national document. We met with document examiners, printing experts, quality assurance and counter fraud teams who are doing a fantastic job to ensure security and authenticity with the utmost care.

Explain the processes of assessing fraudulent documents and the document holder’s identity to understand whether or not a fraudulent crime is being committed?

A British passport will not be issued until all checks upon the applicant’s nationality, identity, and eligibility have been satisfactorily completed. Our Counter Fraud Team are highly-skilled in assessing the applicants’ documents, identity, and any fraudulent activity they may or may not be committing. We approach with an open mind and go on the context and evidence. Countering attempted passport fraud is the responsibility of all of our staff, not just those in the Counter Fraud Team. Which is why each member of the team that handles passport applications and supporting documents are fully trained to spot initial signs of possible fraud within a passport application or the documents that are put in front of them. Where there are any concerns about a document, we have access to a range of checks to confirm its authenticity. This includes systems that are specifically designed to counteract newer technologies that can enable fraud, such as tampering with the use of artificial intelligence.

How do front-line systems such as DAP speak directly to the Counter Fraud department?

Our digital systems mean that we have immediate access to all the relevant case-working information, including high quality scans of the supporting documents. If the document needs more interrogation and we need to look at the physical item, we will retrieve this from its secure storage.

Can a rejected application affect the applicant in the future?

Holding a passport opens doors to travel, to employment, to verifying identity for access to public services and financial services, and we endeavour to make getting a British passport as quick and simple as possible, providing that you are eligible. If one application is unsuccessful, it does not mean there is prejudice towards any future applications. Circumstances change, and if you can satisfy our nationality, identity, and eligibility checks, then we will be able to issue a passport.

Are effective identity practices implemented right across government?

HM Passport Office certainly plays its part in this, and we share information with other government departments to help them to fulfil their objectives when it is legal to do so.

What advice do you give to the public about the best ways they can protect their identities and spot the signs of fraud?

From the perspective of countering passport fraud, the key message is to keep your identity documents secure. If your passport is lost or stolen, make sure to let us know as soon as possible so that we can cancel it and help prevent any chance of it being misused.

What’s your 5-year strategy to tackle serious fraud? Our strategy is to embrace technology keeping up with fraud trends, for example artificial intelligence (AI), and expand our understanding of how AI can also empower the attacker.

While we are not a law enforcement agency, we work with the police and others to help ensure that people who commit passport fraud will face the full consequences of the law. Our strategy rests on evolving our systems and processes to continue to improve our efforts to prevent and detect passport fraud, which will continue to include the routine redesign of the passport itself to help keep ahead of any criminals who make seek to forge or fake it.

Can you explain about the pilot programme you participated in this summer with the College of Policing?

Thirteen of our Counter Fraud Officers participated in a pilot course by police trainers that uses storytelling to contextualise their encounters with fraud offences. There were a number of classes, including ‘applying investigative mindsets’ which demonstrated the synergies and differences between policing and investigations relating to passport applications.

How has technology, existing with physical checks, transformed operations across HM Passport Office?

The way our systems have evolved better allow us to allocate greater resource to the highest threats.

Do you comply with privacy legislation?

We comply with the General Data Protection Regulations on protection of personal data, and you can find our Privacy Information Notice online at GOV.UK.

The post “Help us to help you”: His Majesty’s Passport Office (HMPO) reserves all judgement or bias in passport applications first appeared on Identity Week.

Comprehensive Guidance for Decision-Makers Navigating Digital Transformation in Government Services.

The Prism Project’s Biometric Digital Identity Government Services Prism Report, published by Acuity Market Intelligence, presents proprietary market analysis, including evaluations of more than 120 vendors and organizations operating in and supporting the global digital identity ecosystem, and market forecasts projecting $202.5 billion in revenue and 6.4 trillion identity transactions in government services globally between 2024 and 2028.

Designed to illuminate the rapidly evolving landscape of biometric digital identity in government services, this report is a valuable resource for government stakeholders, industry leaders, and technology innovators. It empowers influencers and decision-makers to understand, evaluate, and implement biometric digital identity technologies. The report delivers actionable insights into how biometrics can be leveraged to address critical challenges in government services, from fraud prevention and automation to enhancing citizen experiences and meeting regulatory requirements.

A New Vision for Government Services

“The Government Services Prism Report offers unique insight into the challenges, opportunities, and strategic pathways for leveraging biometric digital identity within government services,” said Maxine Most, founder and CEO of The Prism Project and Acuity Market Intelligence and report author. “Governments are critical enablers of secure, user-centric identity ecosystems, ensuring that services spanning civil identity, healthcare, social services, and border control are delivered efficiently and securely.”

“This report is not just a roadmap for the future of biometric digital identity; it’s a call to action for businesses and governments to prioritize secure and inclusive identity solutions,” Most added. “Biometric-centric digital identity must form the cornerstone of any reliable and scalable ecosystem as digital transformation accelerates.”

What’s Inside the Government Services Prism Report

· Prism Identity Hierarchy: A visual framework illustrating how identity builds from foundational to transactional levels, anchored by biometric solutions.

· Holistic Insights: Analysis of the barriers governments face when adopting biometric technology, including legacy systems, cybersecurity concerns, and budget constraints.

· Market Forecasts: Original research predicting an impressive growth trajectory, with global market revenue exceeding $202.5 billion by 2028.

· Prism Market Landscape Model: Government Services specific version of the proprietary Biometric Digital Identity Prism market framework.

· Vendor Evaluations: Proprietary assessment methodology applied to more than 120 vendors and organizations operating in and supporting the global digital identity ecosystem.

· Real-World Use Cases: Deployed solutions showcasing how biometric digital identity is currently solving critical challenges for government agencies.

Report Highlights

· Revenue Growth: The government services biometric market is expected to grow at a CAGR of 39.2% from 2024 to 2028.

· Transaction Volumes: Asia Pacific leads with 50% of forecasted transaction volumes, followed by North America and Europe.

· Industry Survey: 66% of respondents actively seek or deploy biometric solutions to improve efficiency and prevent fraud. Key motivators include regulatory compliance, fraud prevention, and automation.

· Critical Market Challenges: Include legacy systems, inclusion barriers, and cybersecurity concerns.

· Applications: High impact use cases include civil identity programs, healthcare services, immigration, elections, and emergency response.

Part of the 2024 Prism Reports Series The Government Services Prism Report is one of four Biometric Digital Identity Prism reports released by The Prism Project in 2024, alongside the Financial Services Prism Report, the Travel and Hospitality Prism Report, and the Flagship Prism Report. Each report builds on the Biometric Digital Identity Prism, a proprietary market landscape framework that helps influencers and decision-makers understand, evaluate, and implement digital identity technologies and solutions. The Prism is the only truly biometric-centric market model for understanding and evaluating the global digital identity ecosystem. It is based on the foundational conviction that in the age of digital transformation, the only true, reliable link between humans and their digital data is biometrics.

Together, these reports provide in-depth analyses of biometric digital identity’s transformative potential across critical industries, addressing unique challenges and opportunities in each domain. All reports are available for download after a brief registration at https://www.the-prism-project.com/prism-reports

The Role of Collaboration in a Transformative Era

The success of the Government Services Prism Report is rooted in the collective commitment and forward-thinking contributions of its sponsors and partners, a who’s who of the global digital identity intelligentsia. These include:

Anonybit, AuthenticID, Aware, IDEMIA, Identity Week, ID Tech, iiDENTIFii, Incode, Innovatrics, Indicio, Inverid, iProov, Kantara Initiative, Keyless, Peak IDV, SITA, and Tech5.

These industry leaders are helping governments worldwide adopt privacy-first biometric solutions that streamline access to vital services, enhance security, and foster trust. Their dedication to innovation and service excellence aligns with The Prism Project’s vision for a secure, inclusive future where identity solutions empower governments and citizens alike

A Platform of Independence and Integrity

While sponsorship provides organizations with increased visibility and opportunities for profiles and case studies, The Prism Project maintains strict independence and unbiased assessments. Sponsorship does not influence vendor evaluations or rankings, ensuring readers receive transparent, objective insights.

The post Government Services Prism Report evaluates 120+ digital identity vendors; forecasts $202.5 billion revenue opportunity for biometric digital identity first appeared on Identity Week.

Identity fraud continues to grow and now costs the UK an estimated £1.8 billion each year. It is one of the most common case types filed to the Cifas National Fraud Database by its 750-plus industry members – accounting for 64% of all filings in 2023 with more than 237,000 identity fraud cases recorded.

Findings from a cross-industry working group hosted jointly by Cifas, the UK’s leading fraud prevention service, and the Royal United Services Institute (RUSI) – and published in a report, Who Do You Think You Are: Recommendations on the Future Response to Large-Scale Identity Fraud – highlight the industry’s growing concern that these figures are set to soar as ever more criminals abuse AI technologies to steal identities and create flawless fake identity documents that evade controls in the financial industry.

Industry contributors are urging the Government to take the problem seriously and prioritise the issue in its forthcoming Fraud Strategy.

The report highlights the serious consequences of identity fraud and the lack of Government support available to victims. As well as impacting access to future credit and months of burden to restore accounts and ‘repair’ their online identity, many victims suffer psychologically from identity fraud and disengage from the digital economy.

In response, the paper calls for a government-funded identity repair service like those in the US, Australia, and New Zealand.

As businesses fight attacks on their services from organised crime groups, the report asks Government to enable industry access to the information they need to protect themselves. Allowing verification of Government-issued identity documents and allowing the sharing of intelligence by the Public Sector on false identity documents used in the defrauding of public bodies will be key to combatting the threat from the fraudsters.

The report makes a number of recommendations including:

• A review of the law on identity theft to ensure it provides an adequate deterrent to fraudsters.
• Greater law enforcement action against the criminal marketplaces where the tools to commit mass-scale identity fraud are sold.
• Assurances that the Government’s new digital identity scheme holds identity providers accountable for counter-fraud controls and victim support.

Kathryn Westmore, Senior Research Fellow at RUSI, said: “Identity fraud is a pervasive threat, facilitating not just fraud for financial gain but many other types of serious criminal activity. Driven by new technologies and enhanced digitalisation, the sheer scale of the issue is ever-increasing and demands that the UK prioritises its response.”

Commenting on the findings, Helena Wood, Director of Public Policy at Cifas and co-author of the report, said: “Identity fraud victims suffer considerable administrative, financial, and also psychological harms following the fraudulent use of their identity. However, there is no support when repairing the damage that has been done. It is imperative that the Government’s Fraud Strategy treats this threat with the seriousness it deserves.”

Download ‘Who Do You Think You Are: Recommendations on the Future Response to Large-Scale Identity Fraud’.

The post Growing threat to UK security from identity fraud first appeared on Identity Week.

Provided by RecFaces

Facial biometrics is not a novel technology, it is being used to elevate security and operational efficiency for more than a decade. Although the applications of facial recognition technology (FRT) still requires vast exploration, its footprint is constantly deepening. As its adoption expands over federal and private operations, questions about the technology’s reliability and legality surface. The misinterpretation of advanced technologies is nothing new, it comes as a byline of lack of awareness and unfamiliarity.

In this article, we’ll be busting some common myths and misconceptions around facial recognition technology.

1.    Facial recognition can lead to false impeachment of innocent people

Contrary to the general belief, facial recognition systems (FRS) do not identify each and every individual under a camera. Instead, the system is trained to verify the presence of a known offender according to the pre-fed offenders list. It supports the traditional techniques of tracing the whereabouts of the person of interest, as the security officials no longer have to guess if an individual under the camera is the criminal or not. The system speeds up the process and identifies the person for faster and accurate security compliance. So, there are no risks of innocent people getting falsely condemned for a crime as facial recognition efficiently works to prevent it.

2.    Facial recognition technology propagates racial bias

Facial recognition technology is becoming more and more reliable as the algorithms advance. The problems of false positives and mis-identification occur when an FRS is not tested on a diverse sample. Nonetheless, the frequency of such errors is estimated to be 0.2% or less, according to the studies by leading technology regulatory institutes. Especially in the context of bias on the ground of colour of skin, there is no sound evidence of differences in identification results. Growing adoption of facial recognition technology over the years has helped training the technology to work precisely under adverse conditions and across diverse data sets. Following this, facial biometric systems have come to achieve accuracy with chances of error falling down to near zero.

3.    Facial recognition technology poses privacy risks

This narrative is a very common misconception. Contrastingly, facial biometrics is one of the least instigators of privacy breaches. It can not be easily compromised like alphanumeric passwords, unique identification numbers or hyper-personal information. When a face image is scanned under a facial recognition engine, it is converted into numeric values to match the identification algorithms in the technical system. In other words, the mode of reception of a person’s face biometrics is translated into the language a computer system can comprehend, making it almost impossible to misuse. Also, such technologies are subject to compliance with global privacy policies like GDPR, committed to data protection and authorised use.

4.    People’s face image data is stored in FRS

Since the facial biometrics systems work on identification only, the area under surveillance is accessed to verify a person of interest. The system matches the individual’s data points to the existing identification values to verify the presence of a blacklisted person. The faces of unidentified persons, on the other hand, are neither disclosed nor stored by the system.

5.    Facial biometrics can be easily fooled or cloned

One of the prime capabilities of a facial recognition system is liveness detection, which differentiates an actual person from a synthetic identity. So, an accurate FRS can not be fooled by deep fakes, images of the authorised person, lifting the eyelids of a person or through synthetic identity proofs. In fact, it prevents identity cloning frauds which can otherwise be troubling because of traditional password-based access control and slow security processes. AI-powered facial biometric systems rely on advanced algorithms updated time and again to counter the challenges of evolving security concerns. Experts have come to vouch for innovative technologies that lead the way to build a robust security infrastructure.

Closing Notes

Being a complex technology, it is only natural that myths exist around the use and implementation of facial biometrics. In order to trust a technology, a deep understanding may not be required but the awareness of its capabilities can open up the way to exceptional possibilities. Facial biometrics is meant to restore trust on security operations, while improving experience and functional efficiency. And RecFaces is committed to provide best-in-the-industry solutions that evolve with the evolving technological requirements to achieve security and experience never imagined before.

The post Myths vs Facts: Discerning facial recognition technology first appeared on Identity Week.

This week, the ID Talk podcast is very fortunate to welcome Javier Galbally, a Capability Building Officer in Research and Development for eu-LISA, the European Union agency overseeing some of the most important IT systems across the bloc, including border management systems like the Schengen Information System (SIS), the Visa Information System (VIS), and Eurodac, which are essential for the secure flow of information among EU member states.

The European Union is one of the most complex political and state-building enterprises in history, and its modern IT infrastructure is supporting some very ambitious technological projects, including the often-delayed Entry-Exit System, which will apply biometric border control to the perimeter of the EU’s Schengen zone of free travel. In his conversation with ID Talk hosts Tony Bitzionis and Alex Perala, Galbally offers both a big-picture view of his agency and an insider’s perspective on what it’s like working on such large-scale, complex, and sometimes politically sensitive projects.

It also helps that Galbally is a bona fide biometrics expert, with direct subject matter expertise. With his skill set and position within eu-LISA, Galbally offers tremendous insights on EU infrastructure, eu-LISA itself, and one of the most important identity technology projects underway in the 21st century.

Listen to the full episode on Soundcloud, Spotify, Apple Podcasts, or through the IDTech website. Listen here.

The post ID Talk: eu-LISA R&D Engineer Javier Galbally Talks Biometrics, Privacy, and the EES first appeared on Identity Week.

By Allan Tinkler

As anyone knows, the demise of third-party cookies (3PCs) will be the reason first-party data (1PD) takes over digital marketing. Right? I mean, 3PCs have been the glue that has enabled third party companies to collect data from any site and then use that data to make powerful buying decisions on another site. So, surely the loss of that glue means data has to stay with the site it’s been collected on and therefore that first-party data becomes very important?

Well, in theory this all makes sense and it’s understandable why publishers heralded the loss of 3PCs as an opportunity to shift the power back to them as the ‘custodians’ of their audience’s data. However, the reality is a little different.

To fully understand the challenge, we need to consider what 1PD is and why it’s so important. The sport publisher collecting data about their reader browsing sport content or a retailer collecting data about customers purchasing beauty products on their site are examples of 1PD collection. Just like 3PCs, 1PD provides an understanding of a consumer’s behaviours, interests, intentions but only on the domain where it was generated.

Where expectation meets reality

But this is where it gets tricky. For 1PD to be useful it must be made available to inform the advertiser’s buying decisions.

So how can publishers make 1PD available to third parties in a way that is:

a) compliant with privacy regulations

b) compatible with the browser technologies

c) scalable?

Marketers and publishers wanted to use this rich data to grow their business and fund their sites. Without the 3PC glue to connect everything together, they have the challenge of finding other ways to power a 1PD strategy.

The biggest challenge is the current programmatic workflow (SSPs to DSPs), because they need a common identifier to track users and to target them with ads. They do this by matching a user with an ID, this was typically a 3PC, but could now include alternative third-party IDs such as fingerprinting, probabilistic IDs and deterministic IDs. If 1PD is shared with the SSP and DSP, for instance as a first-party cookie or a publisher-provided ID, it will be unrecognisable to them (i.e. unmatched) unless it is shared alongside some other ID that they recognise (like a 3PC or an alternative third-party ID). Without them, publishers’ and advertiser’s valuable first party data is essentially useless and deemed to have no value by the SSP and the DSP.

The only exception to this rule is if the 1PD is a signal that remains constant across domains and devices, like email addresses. But this does not solve the scale, data leakage and the compliance problems. For example, a marketer understands 100% of its audience using 1PD methods and uses deterministic alternative IDs to ‘find’ those users on the open web, the match rate for these IDs will be at best 20% (and I would also be asking how many of those matches still use 3PCs).

The economics of ad tech models mean that SSPs are designed to optimise towards highest yielding inventory and to filter bids towards those goals. DSPs are designed to optimise towards traditional DSP signals that support their matching table, this helps them to drive performance.

Both of these commercial models are understandable. However, these models are built to put inventory quality/value decisioning into the hands of ad tech and not being dictated by the publisher’s or advertiser’s 1PD.

First-party data should be ID-less data

To create a scalable, privacy-friendly alternative to current ad tech, we must develop a system that doesn’t rely on matching tables. Anonymised’s ID-less audience targeting offers a solution that can help advertisers and publishers leverage their valuable first-party data without compromising privacy. By rethinking how SSPs and DSPs determine inventory value, we can improve ad targeting without relying on matching tables.

Ad tech commercial model means it is primarily focused on maintaining historical tracking methods (like cookies and alternative IDs) rather than developing new approaches that prioritise 1PD. This means the industry is more invested in creating a new tracking system than in finding ways to leverage 1PD directly.

The solutions are out there today. Companies like Anonymised are making 1PD audiences available via the programmatic pipes. While SSPs and DSPs are engaging with privacy-enhancing technologies (PETs) to find ways to make ID-less audiences available for buyers.

As I reflect on the current state of ad tech, I’m concerned about the industry’s trajectory. The rush to replace third-party cookies with alternative IDs seems short-sighted, placing an undue burden on publishers and advertisers to provide deterministic first-party data signals such as email addresses. This approach not only disregards warnings from regulatory bodies but also fails to address the rapid decline in available signals.

Most troubling is the potential devaluation of a significant portion of the open web. With nearly 60% of quality content becoming unaddressable, we risk creating a vast ‘valueless’ landscape in the eyes of ad tech. This situation favours walled gardens like Google and Amazon, which possess unmatched logged-in user bases.

The race for cookie-like signals seems destined to further entrench the dominance of tech giants, leaving independent publishers struggling. As we move forward, we must critically examine our strategies and prioritise solutions that preserve the diverse, accessible nature of the quality open web while respecting user privacy and regulatory concerns. The future of digital advertising depends on our ability to innovate beyond quick fixes and short-term gains.

Allan Tinkler is Commercial Director at Anonymised. For more information visit: anonymised.io

The post The appeal of first-party data first appeared on Identity Week.

Provided by RecFaces

Did you know? Over 90% of users believe that biometrics are more secure and convenient than traditional passwords. In fact, many are ready to leave the era of password-based authentication behind altogether.

In a world where names, numbers, and passwords define much of our identities, biometrics transcends these limitations. It’s a reflection of who we truly are, beyond the names we carry or the documents we hold. Biometrics offers something deeper: a connection to the very traits that make each of us unique. Our fingerprints, our irises, our faces—they are not just marks of identification but the keys to unlocking our personal world, eliminating the confusion of identity, and putting an end to the question of *who is really who*. Unlike passwords, which are distant and disconnected, biometrics is inherently part of us, a superpower given by nature.

Biometrics bridges the gap between identity and access, making sure that we are not just names in a system but the sole and irreplaceable keys to our own lives. We carry our security within us every day, every moment.

The Universal Language of Identity

Biometrics offers something truly remarkable: a constant language of identity that is independent of borders, cultures, and technologies. It’s a system based on the inherent uniqueness of each individual’s fingerprints that remain constant, faces that convey personal histories, and irises that reflect the singularity of our DNA. Therefore, identity becomes the key to the world of access that is secure and frictionless.

It is estimated that 245 million people in the U.S. already use biometric technology in their smartphones, with fingerprint scanning being the most popular. According to a recent global survey in 2021, 84% of consumers have adopted biometric authentication methods, signalling a widespread shift toward this technology.

Today, identity is probably as important as ever. The United Nations has acknowledged this increasing demand. It seeks to establish that every person in the world—especially in developing countries — gets effective identification by 2030. This objective makes identity management an indispensable task in the fluid technological world. Biometrics is one way to meet this challenge. It refers to a number of processes aimed at the identification of people by physical traits or behaviour patterns. The main kinds of biometrics are fingerprint, iris, voice, and face recognition that tell a thousand stories and reflect the individuality of our DNA. Unlike passwords, which can be stolen or hacked, biometrics cannot be faked or duplicated.

In these, facial recognition is one of the most general-purpose and least invasive methods. As compared to other types of biometric authentication, facial recognition is easy to install in public areas with little or no interference from users while being highly accurate.

Zooming In: The Power of Facial Recognition Systems

What if the key to seamless security was a system that could recognize 1,000 faces in a second with almost perfect precision? Facial recognition is doing just that with 99.9% accuracy, is unbiased, and is reliable when trained on balanced data. Leading the biometric revolution, this technology is defining a future of seamless, frictionless convenience in addition to improving security.

FRS creates a digital map that is as unique as a fingerprint by examining the contours, bone structure, and important aspects of the human face. A crucial component of biometric facial recognition systems is liveness detection, which confirms that the person claiming to be who they say they are is a real, “live” person and not a static artefact like a picture, mask, or artificial imagery like deep fakes. By eliminating identity fraud and guaranteeing that only legitimate users are allowed access, this technology improves security.

The 2024 Brazilian Carnival was not just a celebration of culture and colour; it was also a ground-breaking showcase of facial recognition technology in action. Deployed at mobile checkpoints, this innovative system enhanced security by accurately identifying individuals amidst the massive crowds. Its advanced capabilities proved essential for the carnival, showcasing its potential impact across various sectors.

AI-powered facial recognition technology is transforming several industries and offering new possibilities across a range of domains. Two primary applications are security and surveillance. Facial recognition improves public safety in this instance. Its ability to identify people of interest in real-time is crucial. Another area where this technology succeeds is access control. It makes time management and attendance easier. The automated nature of entry points ensures precise recording of employee hours. Moreover, it’s getting more typical to utilize facial recognition to provide access to specific tools or services. This increases security by granting verified people exclusive access to sensitive tools and systems. It streamlines identity verification processes in eKYC, enhancing efficiency and security across the BFSI sector. This reduces the likelihood of fraud and streamlines the onboarding of new customers. Lastly, two-factor authentication (2FA) and anti-spoofing measures work together to further increase security. This ensures that protected accounts and devices are only accessible by genuine users, which lowers the risk of identity theft.

These illustrations demonstrate the enormous potential facial recognition technology has to increase convenience and security in a variety of industries.

With 98 nations using face recognition and 60% of users depending on it once a week, it’s clear that the technology is becoming more and more popular. This tendency is anticipated to develop further, with an estimated 8.2 billion people predicted to pass through airports by 2037. British Airways, for instance, has shown how effective this technology can be in high-traffic situations by utilizing facial identification at departure gates to board 400 passengers in just 22 minutes.

Connecting Tomorrow: Balancing Privacy with Innovation

As we gear up for a world where biometrics are widespread, it is critical to find a balance between innovation and personal privacy. For biometrics to work, people need to trust the technology. By safeguarding data and being transparent about its use, we can ease concerns and build that trust.

Establishing confidence in security procedures requires people to be actively involved in creating useful policies and openly sharing information about how their personal information is used. Transparency not only protects private information but also creates a sense of community safety.

At its core, biometric technology aims to make people feel protected rather than just increase security. People are more inclined to trust when they feel safe. Whether accessing a bank account or passing through an airport, biometrics are shaping a future where we can live with greater peace of mind.

Embracing the Power of Biometrics for a Safer, More Connected World

We’ve used passwords, numbers, and names to identify ourselves for decades. These approaches, however, are not without problems. At least once a month, the majority of people forget their passwords, and they frequently try four different combinations before they finally figure it out. Many people, in their attempt to simplify, put their security at risk by using the same password for several devices and accounts, choosing a password that is simple to remember but equally simple for fraudsters to figure out. In 2018, 14.4 million people in the United States alone became victims of identity fraud.

Biometrics provides a revolutionary approach to these problems. As we integrate this technology into our lives, it’s clear that biometrics is not merely a distant possibility—it’s the future that’s already here, protecting us every day. Every face tells a unique story, a reflection of lives lived and dreams yet to be fulfilled. This innovative technology empowers us to create a world that not only honours our individuality but also nurtures our security and fosters trust among us all.

By unlocking our identities through biometrics, we move beyond simple recognition; we celebrate the remarkable individuals we are. In this transformative era, biometrics emerges as more than just a tool—it becomes our greatest asset, paving the way for a safer and more personalized future. Together, let’s ensure that every person is seen, valued, and protected for who they truly are.

“Beyond Recognition: Biometrics for a Safer Future.”

Sukrit Varma, Global Marketing Partner, APAC and MENA regions, RecFaces said: “In a world that is increasingly interconnected, facial biometrics isn’t just about enhancing security — it’s about redefining trust.”

Eugenia Marina, Business Development Director, MENA region, RecFaces commented: “Facial biometrics is paving the way for the future of security, where identities are as dynamic as the global environments they safeguard. This evolution isn’t just about protection — it’s about empowering individuals and enterprises to move forward with absolute confidence in an interconnected world.”

The post World Biometrics Day: Celebrating the technology that protects us everyday first appeared on Identity Week.

The post Seventh Sense unveils revolutionary privacy-preserving face-based public key infrastructure and eID solution first appeared on Identity Week.

Guest article contributed by Nash Ali, Head of Operational Strategy at NeuroID, a part of Experian 

While businesses are still strategizing their approach to using generative AI (genAI) tools, fraudsters are wasting no time putting it to work. GenAI is key to many of the spikes in social engineering scams, automated ATO attacks, and next-generation, human-like bots being deployed at an alarming scale. 

GenAI-powered fraud is straining fraud prevention teams, and the problem is only growing. To help counter fraudsters’ advancement, Experian announced on August 13 that it acquired NeuroID. NeuroID and Experian have a track record of successfully safeguarding consumers and businesses from evolving fraud threats, with both organizations conducting extensive research on impending threats and defenses against them.  

Research Shows an Alarming Rise in Next-Generation Bots, GenAI-Powered Fraud 

In a recent seven-week study, NeuroID found next-generation bots aren’t just a problem for the future: they’re here and are already causing issues for businesses. Our latest Emerging Trends in Fraud report outlined that trend in-depth, including patterns indicating that for nearly half of NeuroID customers attacked by bots, more than 95% of attacking bots were next-generation.  

Per Experian’s 2024 U.S. Identity & Fraud Report, the U.S. is adopting genAI faster than other countries. We’re facing an urgent need for modern, genAI-ready fraud solutions. Experian’s report also found that genAI fraud is a top concern for businesses: 70% of businesses say genAI-powered fraud is expected to be a major challenge over the next 2-3 years, and they’re largely uncertain in their ability to address the problem.  

The genAI fraud landscape is changing month-to-month, making planning even more challenging. From January to June 2024, bot-led attacks doubled. This summer, in particular, saw a considerable uptick in bot-led attacks, bucking a trend of typically slower summer months—June 2024 attacks were nearly three times larger and longer lasting than June 2023 attacks. Fraudsters’ mentality has changed, too; rather than spreading smaller attacks across many businesses, they’re identifying and zeroing in on a handful of vulnerable targets and launching large-scale attacks to cause maximum damage.  

What Makes The Next Generation of Bots So Dangerous? 

First-generation bots were simple scripts designed to execute basic tasks. Fraudsters deployed them to spam forms and scrape data, but user-agent analysis and IP blocklists easily stopped these basic bots. In the following decades, evolving bot generations began to maintain cookies, execute JavaScript, utilize headless and full-fledged browsers, and simulate basic human interactions like cursor movements and keystrokes.  

Even as bots grew to replicate humans’ behavior better, they still lacked human randomness. Prior-gen bots’ programmatic sequences—whether it be impeccably consistent keystrokes, repeated IP addresses and user agents, or unnaturally linear cursor movements—are easy to spot. Businesses have relied on these giveaways to identify and block bots before they cause damage.  

Next-generation, also known as fourth-generation, bots are different. They don’t exhibit the tell-tale signs of their predecessors, making them incredibly difficult to stop with traditional detection methods. Fourth-generation bots rotate through thousands of IP addresses, alter user agent strings, and utilize mobile emulators to bypass the device-based defenses that stopped older bots. These hyper-sophisticated bots can also use “behavior hijacking,” recording and replicating users’ swipe and mouse patterns, hover times, and other behavioral cues to create seemingly random actions that appear human.  

These advanced bots aren’t available only to equally sophisticated fraudsters. In the past, fraudsters needed at least basic coding knowledge to control bots effectively. Now, readily available genAI fraud tools like FraudGPT allow anyone to generate the code and synthetic identities needed to launch a large-scale bot attack.  

How NeuroID and Experian are Fighting Back 

Unlike traditional bot detection tools, NeuroID can detect the nuanced differences between a human-like bot and a real human user. It has proved effective against next-generation bots, catching 99.8% of all first-through-fourth-generation bots.  

Experian is making this technology available at scale to more businesses than ever. Within Experian’s fraud risk suite, NeuroID’s behavioral analytics provide new insights into user behavior during account openings, logins, and transactions. The combination of NeuroID’s behavioral analytics and Experian’s data-driven insights gives businesses a solution that can effectively respond to evolving fraud threats.  

I’ll be taking the Identity Week stage to talk more about the evolution of fraud bots and defending against them. Join me on September 11 at 11:50 in Theatre 4 for “Next-Gen Bots Are Here and They Act Just Like Us”, stop by booth #921 to chat with the NeuroID team, and download our Emerging Trends in Fraud Report for more. 

The post NeuroID and Experian team up to combat next-gen fraud bots first appeared on Identity Week.

In today’s rapidly advancing digital landscape, AI-enabled biometrics have emerged as a transformative technology, revolutionizing the way we approach security and identification. By integrating artificial intelligence with biometric systems, this technology offers a range of advantages that significantly enhance accuracy, efficiency, and user experience across various sectors.

Enhanced Security and Accuracy

One of the primary advantages of AI-enabled biometrics is the substantial improvement in security and accuracy. Traditional biometric systems, while effective, have their limitations in terms of precision and vulnerability to spoofing attempts. AI enhances these systems by utilizing machine learning algorithms that can learn and adapt to new patterns and variations in biometric data. This results in more reliable identification and verification processes, reducing the likelihood of false positives and negatives. For instance, AI can differentiate between a real fingerprint and a replica, or between a genuine face and a photograph, thereby offering robust protection against fraudulent activities.

Increased Efficiency and Convenience

AI-enabled biometrics also bring significant improvements in efficiency and user convenience. These systems can process and analyze biometric data much faster than traditional methods, enabling quicker and smoother authentication experiences. This is particularly beneficial in high-traffic areas like airports, where rapid processing is essential. Additionally, the convenience of contactless biometric solutions, such as facial or voice recognition, has become increasingly important in the wake of the COVID-19 pandemic. These technologies provide a seamless and hygienic way for individuals to verify their identity, reducing the need for physical contact and minimizing health risks.

Adaptability and Scalability

Another notable advantage of AI-enabled biometrics is their adaptability and scalability. These systems can be integrated with other advanced technologies such as the Internet of Things (IoT) and cloud computing, expanding their potential applications. For example, in smart homes, AI-powered biometric systems can be used to control access to various devices and services, enhancing both security and user convenience. In the healthcare sector, AI-enabled biometrics can ensure secure access to electronic health records and patient data, improving both privacy and efficiency. Furthermore, the scalability of AI-enabled biometric solutions means they can be deployed across various sectors, from banking and finance to government and retail, addressing a wide range of security and identification needs.

AI-enabled Biometric Market Outlook 2031

As per Transparency Market Research, the AI-enabled biometric market has shown remarkable growth and is poised to continue this trajectory in the coming years. Valued at approximately USD 12.7 billion in 2022, the market is projected to expand at a compound annual growth rate (CAGR) of 16.7% from 2023 to 2031, reaching an estimated USD 50.5 billion by the end of the forecast period. This robust growth is driven by the increasing demand for enhanced security measures, the adoption of smart devices, and the need for contactless solutions, especially in the wake of the global pandemic.

Analysts point out that the integration of AI algorithms with biometric systems has played a crucial role in improving accuracy and expanding applications across various sectors such as banking, finance, healthcare, government, and retail. Continuous advancements in machine learning and deep learning techniques are expected to further enhance the precision and reliability of AI-enabled biometric systems. Additionally, the convergence of AI with IoT and cloud computing technologies is anticipated to unlock new opportunities in areas like smart homes and connected devices, further propelling market growth. Major players in the industry are focusing on innovation and strategic partnerships to cater to the evolving consumer demands, which is expected to drive significant market expansion over the next decade.

Conclusion

The integration of AI with biometric systems represents a significant leap forward in the field of security and identification. AI-enabled biometrics provide enhanced security, improved accuracy, and greater convenience compared to traditional methods. The adaptability and scalability of these systems make them suitable for a wide range of applications across various industries. As technological advancements continue and the demand for secure, efficient, and contactless solutions grows, the AI-enabled biometric market is set to expand rapidly. With a projected market value of USD 50.5 billion by 2031, the future of AI-enabled biometrics looks promising, offering new possibilities for security and convenience in an increasingly digital world.

The post The future of identity verification: AI-powered biometrics explained first appeared on Identity Week.

The Future of Money is Prismatic 

Synopsis: Biometric Digital Identity Financial Services Prism Report 2024 

1.2 trillion biometric digital identity financial services transactions will generate $40 billion globally by 2028.

Fraud protection, user experience, and privacy are paramount. 

Discover the vendors solving financial services pain points and understand their complex ecosystem. 

Download the latest report from The Prism Project.

The post Biometric Digital Identity Financial Services Prism Report 2024 – by The Prism Project first appeared on Identity Week.

Authored by osservatori.net

The new wallet paradigm for digital identity: characteristics and business models

The report represents how the digital identity scenario is rapidly transforming driven by the wallet model. This paradigm, which originally originated in the finance world as a means of digitising payment cards, has recently been introduced in the digital identity arena as well.

The report, commissioned by osservatori.net, outlines the characteristics of this model and provides a definition of Digital Identity Wallet. It presents an analysis of the current international digital identity wallet scenario by highlighting the presence of distinct value propositions and delving into the business models associated with this model.

Digital Wallet: identity (r)evolution

The report describes the digital identity market in 2022. On the one hand To start it describes the evolution leading to the wallet paradigm is described looking at international level, and in particular at in Europe, following given the eIDAS revision. Focusing on Italy, the growth of national systems (SPID and CIE) is analysed and the propensity of private companies towards these instruments is examined more closely. Lastly, the prospective impacts of regulatory updates on the Italian strategy and context are evaluated.

Digital identity: don’t stop it now!

The report presents the main results of the Observatory Research regarding the international digital identity scenario and the development of Italian electronic recognition systems, in terms of spread among end users and adoption by public and private organizations. It also outlines focus areas to support the development of digital identity in view of national and international legislative regulatory updates.

Finding your identity… your digital identity

The report provides a defining framework for digital identity and the key related concepts, analyses the different models used in the international arena and the ecosystem of startups active in this area. It also presents a comparison of the main systems currently active in Europe, with a specific focus on the Italian context.

Discover these reports, completely free for registered users. Visit osservatori.net to download the free content. 

The post The new wallet paradigm for digital identity – osservatori.net reports first appeared on Identity Week.

Bosnia and Herzegovina’s e-Identity initiative, led by the Agency for Identification Documents, Registers and Data Exchange (IDDEEA), is making significant strides towards positioning the country as a leader in digital identity in Europe. This initiative directly supports several United Nations Sustainable Development Goals (UN SDGs), including Goal 9 (Industry, Innovation, and Infrastructure), Goal 16 (Peace, Justice, and Strong Institutions), and Goal 17 (Partnerships for the Goals). It aligns with key sections of the European Union’s digital strategy, particularly the Digital Single Market strategy and the eIDAS Regulation, while addressing EU priorities for Bosnia and Herzegovina’s integration and synchronization with EU standards.

IDDEEA’s comprehensive approach empowers citizens with cutting-edge digital solutions, ensuring they can interact with government services effortlessly. This digital leap represents a significant step towards digital inclusion, bridging the gap between Bosnia and Herzegovina and the European Union’s digital agenda.

Phase 1: Introducing the Qualified Digital Signature

IDDEEA is responsible for digital signing in the field of identification documents, specifically in charge of electronic certificates and electronic signatures related to identification documents, in accordance with the law regulating electronic signatures. One of the longstanding challenges was addressing whether to develop e-services without electronic signatures or wait until such signatures were viable. IDDEEA resolved this by introducing the qualified digital signature through the BiH e-Identity program. This foundational step ensures secure and legally binding digital interactions, paving the way for a robust e-identity ecosystem.

Phase 2: Developing Electronic Services

With a secure digital signature infrastructure in place, it’s now the turn of various public and private entities to develop comprehensive electronic services. This phase encourages banks, municipalities, telecoms, and other legal entities to integrate electronic services into their operations, leveraging the secure digital signatures established in phase one.

Phase 3: Educating and Motivating Citizens

The final phase focuses on educating and motivating citizens to use the newly developed electronic services. Through targeted educational campaigns and user motivation strategies, IDDEEA aims to ensure widespread adoption and effective utilization of e-services employing electronic signatures, ultimately transforming the way citizens interact with public services.

Benefits for Citizens

The e-Identity initiative brings numerous tangible benefits to citizens:

• Ease of Access: Citizens can now easily verify fines and track the status of personal documents online, marking a significant leap towards more accessible public information.
• Increased Transparency: Enhancements in transparency reduce administrative burdens and improve service delivery.
• Efficiency: Citizens can manage various bureaucratic tasks online, eliminating the need for physical queues and in-person visits.
• Cost Savings: Digital services drive significant cost efficiencies for both citizens and public administration.

Significance for Bosnia and Herzegovina

The e-Identity initiative is extraordinarily significant for Bosnia and Herzegovina, propelling the country among the leaders in digital identity in Europe. This achievement not only underscores Bosnia and Herzegovina’s commitment to digital transformation but also highlights its ability to innovate and align with EU standards and objectives. The initiative reflects the country’s drive to modernize, streamline public services, and enhance the efficiency of government operations.

International Leadership

By implementing the e-Identity initiative, Bosnia and Herzegovina joins the ranks of Europe’s digital pioneers. The comprehensive integration of digital solutions into public administration sets a new standard in the region, showcasing how strategic investments and coordinated efforts can lead to pioneering advancements in digital governance.

Key Factors for Success

Several key factors contribute to the success of IDDEEA’s e-Identity project:

• Continuous Investment in Digital Infrastructure: Ongoing investments ensure robust and resilient digital frameworks.
• Innovation in Public and Private Sectors: Both sectors have shown relentless pursuit of innovation, driving the initiative’s progress.
• Enhanced Capacity of Public Servants: Specialized training equips public servants with the knowledge and skills to harness digital technologies effectively.

Fostering Open Data and Collaboration

One of the highlights of this initiative is the Open Data Portal launched by IDDEEA. This portal serves as a treasure trove of statistical data, unlocking new possibilities for businesses, the media, and the general public. By fostering an open data culture, IDDEEA significantly contributes to better transparency and data-driven decision-making.

Streamlined Bureaucratic Processes

The e-Identity application and digital signatures streamline bureaucratic processes, setting new benchmarks for public administration. Enhanced efficiency in government operations and strengthened inter-agency cooperation are leading to a more cohesive and effective governance model.

In conclusion, the success of the e-Identity initiative in Bosnia and Herzegovina can be attributed to unwavering support for digital transformation from both the public and private sectors. It is not just about modernizing and streamlining public services; it is about integrating the ingenuity of technology into public service, creating a more inclusive and efficient digital governance model that benefits all citizens, businesses, and the government. This initiative positions Bosnia and Herzegovina as a forward-thinking digital leader in Europe, ready to meet future challenges with innovative solutions.

The post Bosnia and Herzegovina’s e-identity initiative: setting new standards in digital government first appeared on Identity Week.

Quantum computers will be a game changer in many areas where complex calculations are required. However, they also entail a risk that should not be underestimated: current cryptography algorithms, such as those used in electronic ID documents and smart cards, might be compromised in future with quantum computers. Post-quantum cryptography is intended to mitigate this risk. But there is not much time left for the preparations.

By Robert Bach, Infineon Technologies

In contrast to classical computers, quantum computers have the potential to perform complex calculations at unprecedented speeds. They use so-called qubits, which, unlike conventional bits, are not either 0 or 1, but can be in both states simultaneously. This allows quantum computers to perform several calculations parallelly, much faster, and thus solve problems that cannot be mastered with the computing power of today’s systems. As a result, they enable significant advances in many fields of application, for example in searching through large databases, simulation of chemical and physical reactions, and in material design. On the other hand, they also enable the fast prime factorisation of long integers – and by that they have the disruptive potential to break various encryption algorithms currently used. It is commonly assumed that quantum computer attacks on today’s cryptography will become reality within the next 10 to 20 years.

This will certainly have a game-changing effect on the cryptographic security of identity documents like eID cards, especially as they often have a regular lifetime of 10 years and more. The established and widely used encryption algorithms such as RSA (Rivest Shamir Adelman) and ECC (Elliptic Curve Cryptography) deployed in those electronic ID documents and smart cards will be heavily affected by future universal quantum computers. Equally, quantum computers have the potential to disruptively threaten algorithms like ECDSA (Elliptic Curve Digital Signature Algorithm) and protocols like ECDH (Elliptic Curve Diffie-Hellman).

Post-quantum cryptography (PQC) aims to repel the cryptanalysis performed on both quantum and classical computers. PQC schemes are executed on conventional computers and security controllers and do not need a quantum computer to work. From the user’s perspective, they behave similarly to currently available ciphers (e.g., RSA or ECC). PQC schemes rely on new and fundamentally different mathematical foundations. This leads to new challenges when implementing PQC on small chips with limited storage space.

Standardization and adoption are needed

In 2017, the US National Institute of Standards and Technology (NIST) started its post-quantum crypto project and asked for submissions of post-quantum key exchange, public-key encryption, and signature schemes to a competition-like standardisation effort. NIST plans to finalise the first standards for PQC algorithms in summer 2024.

Infineon experts have been working at the forefront of PQC algorithms for years. For example, Infineon contributed to two submissions to the NIST PQC standardisation process, the stateless hash-based signature scheme SPHINCS+ and the NewHope key-exchange protocol.

Besides standardisation, the adoption of infrastructure is required. Communication protocols need to be adapted and standardized. Documents and infrastructure, including the background systems, need to be upgraded.

The transition from today’s conventional algorithms to PQC will be gradual. The speed of migration depends not only on the availability of quantum computers, but also on the extent to which security is critical for the applications in question, the lifetime of devices in the field, and many other factors. How can device vendors navigate all these uncertainties?

One promising path to success lies in crypto agility: devices should be able to evolve to support different crypto algorithms. Adaptability in this dynamic space hinges on the ability to add and exchange crypto algorithms and the corresponding protocols.

Infineon is involved in publicly funded projects and actively advises customers on secure migration to quantum-safe cryptography. In 2022, together with the German Federal Printing Office (Bundesdruckerei GmbH) and the Fraunhofer Institute for Applied and Integrated Security, Infineon demonstrated a quantum computer-resistant version of the Extended Access Control (EAC) protocol for an ePassport with the objective to showcase the feasibility of a quantum-secured ePassport. At the core of the demonstrator is a security controller from Infineon, which protects the data against both conventional and quantum computer attacks.

Early preparation is key

Although the first standardised algorithms are expected in 2024, the rapid development of quantum computing signals the importance of early preparation. Knowledge and expertise will be essential to put appropriate and commercially feasible solutions in place in a timely manner. A good way to familiarise yourself with PQC is working on demonstrators and preparing a timely start with first – although limited – field trials. First pilot projects for national eID cards are expected to start shortly after 2025. First wide-scale rollouts of quantum-safe documents are expected to start before the end of this decade.

Governments and other ID document-issuing organisations should prepare so that they do not risk exposure to the threat of quantum computing. This starts with learning about PQC and developing strategic plans and migration strategies. They need to think about infrastructure, document upgrades, the impact of PQC on their software and hardware (key sizes, required memory…) and so on. And all of this should be done as early as possible to overcome all challenges in good time, because moving to PQC affects the whole lifecycle of a document from industrialisation, personalisation and issuance to operational usage and field updates.

The post The risks of quantum computers for electronic identity documents and how to counter them first appeared on Identity Week.

Arguably the most important document for any individual is their passport. As well as serving as a key means of identification and passage from one country to another, the passport also chronicles personal travel history. Whilst this is clearly useful in many ways, unfortunately, it can also create the potential for certain individuals to attempt to alter or conceal details of their travel history, for various undesirable reasons. 

Criminals often try to do this via the disassembly of stolen passports so that visa pages can be removed and/or replaced, thereby altering the recorded travel history contained in the passport. This illicit process involves cutting and removing the existing security stitching thread that holds the passport booklet together, followed by sewing the passport back together once the page removal or substitution has been undertaken. 

To counteract such unwelcome activities, passport designers have typically incorporated intricate security features into the stitching thread substrate, to make this counterfeiting process more difficult. Additionally, the utilisation of lock-stitching ensures that cutting the thread is necessary for the passport to be unstitched and disassembled. 

This is where the composition of the security stitching thread can play a vital role. Until fairly recently, many passport security stitching threads primarily consisted of polyester-cotton thread (cotton enveloping a polyester core). In the case of this material, it is possible for the thread to be unpicked to enable page removal or substitution, and for the thread to then be carefully re-sewn, leaving little or no visible sign in the passport that this activity had taken place. 

However, stitching threads made from a multi-core/multi-ply polyamide (nylon) substrate, and then subjected to a special under-tension twisting process during the production phase, overcome this potentially serious flaw because it is not possible to unpick them and then re-sew them without leaving a clear and obvious visible sign in the affected passport. This visible sign can be made even more prevalent and stand-out with the use of a dark colour within the 3-ply colour combination. So, in a sense, a multiply polyamide (nylon) thread can act as a marker or highlighter of any illicit passport tampering or interference that may have taken place. 

The key differences between polyester-cotton and polyamide(nylon) thread substrates can be summarised as follows:

• Polyester-cotton thread has a softer and more fibrous surface finish, since the outer layer is cotton.
• Polyamide (nylon) substrate is notably stronger for an equivalent thread thickness. 
• Polyester-cotton threads are prone to shedding fibres during sewing, potentially resulting in fine hairs – including security features – on the paper surface. 
• Polyamide (nylon) threads exhibit greater durability and resistance to abrasive degradation, which is crucial in heavily used or frequently verified passports. 
• The special tensioned twist of a polyamide (nylon) thread makes it more distinguishable, with multi-colour ply combinations even more apparent than with multi-ply polyester cotton threads. 
• Advanced chemical expertise is required in order to ensure that polyamide (nylon) threads accept visible and fluorescent colours effectively. This makes counterfeiting and illegitimate / unauthorised production of the thread highly unlikely. 
• The dyeing process for polyester-cotton thread is much easier, due to the cellulose base of the outer layer. This means that counterfeit or illegitimate sewing thread may be more readily available. 
• It should be noted that security dyestuffs and other features may behave differently with different substrates, meaning that dye recipes are not directly interchangeable across thread substrate types. 

Finally, the integration of polycarbonate data pages in passports has been a significant recent advancement in passport design and manufacturing. These pages require specialised hinge systems due to their increased thickness, stiffness, and abrasiveness, compared to traditional paper/laminate data pages. Consequently, it is highly recommended that polyamide (nylon) security stitching thread is used in passports employing polycarbonate data pages, since this thread is much stronger and will cope with the increased abrasion that these pages cause. 

While it’s certainly true that some older passport designs still utilise polyester-cotton stitching threads that have historically performed well enough, the increasing mobility of populations and the subsequent increase in the volume of passport checks also makes it prudent to adopt the more durable polyamide (nylon) threads in all new passport design specifications.

The post Selecting the appropriate security stitching thread first appeared on Identity Week.

Written by Gus Tomlinson, Chief Product Officer, Identity & Fraud, GBG

From function to fun, the internet plays a central role in how many of us now carry out our daily lives. Convenience turned to habit and routine, and now Gen Z – the first generation to grow up with the internet as part of their daily lives – have surpassed Baby Boomers in the workforce, a generation required to adopt and adapt to new technology.

Headline figures easily encapsulate the growing trust consumers have placed in digital world to facilitate their needs; online banking usage has risen dramatically, eCommerce continues to steadily grow and data indicates over 80% of the world’s population now owns a smartphone.

Access to goods and services are now more than ever secured digitally and, as this requires consumers to communicate with businesses over a digital divide and vice versa, two questions have becoming increasingly important for both parties:

1. Are you who you say you are?

2. And can you be trusted?

In the process of finding reliable answers to those questions, digital identity verification has become a critical part of building trust for everyone during this journey. In the coming year, the work of making it easy to identify customers and keep everyone safe online will continue but, with identity fraud on the rise, the stakes will be higher all round.

In this backdrop, I explore five digital identity industry predictions I believe we see will develop in 2024 in response to new and existing challenges.

1. Breaking down silos: the convergence of identity and fraud

We are already witnessing the convergence of identity and fraud – instances of identity fraud are on the rise, and, with every report of large-scale data breaches, consumers are increasingly aware their stolen data may be in the hands of a fraudster to help create their latest guise.

With the moment of customer onboarding a critical opportunity to identify fraudulent behaviour, this year, driven necessity, businesses will break down any remaining internal silos to approach digital identity verification and fraud prevention as one and the same strategy.

2. Beating synthetic identity fraud

Synthetic identity fraud – the use of genuine, stolen, and manufactured data to create a fake identity to fraudulent purchase goods or access credit – is a perfect example of why fraud and identity will continue to converge in the coming year. This is by no means a new type of fraud and has been the go-to tactic for fraudsters on the recent years. However, there’s no signs of it slowing down and, Deloitte expects synthetic identity fraud to generate at least US$23 billion in losses by 2030.

Despite this expectation, the reality is the defences to beat synthetic identity fraud already exist. What is missing is the layered defences that identify and flag a fabricated identities as standard.

At this point in time, no one should be letting through synthetically manufactured identities. This year, we will see more companies embrace this ethos and build up several layers of defences alongside tried and tested digital identity technology such as biometric and document verification.

3. Spotting and stopping deepfakes

Speaking of biometric identity authentication, this technology will continue to confront identity fraud threats from advancing generative AI this year.

Machine-manipulated facial image spoofing, voice clones, fake documents and other forms of emerging AI-generated deceptions have been steadily growing in sophistication. Over the last decade, artificial intelligence systems have made significant strides, resulting in the creation of highly realistic images and videos. While this advancement has undoubtedly brought various benefits, it has also introduced new risks, particularly in relation to fraudulent activities.

Certainly, the ever-growing capabilities of AI image recognition have also made it a powerful ally in automating identity verification and fighting identity scammers but it’s a race that businesses can’t afford to lose. To ensure the utmost security, it is imperative for biometric authentication systems to incorporate robust security protocols. As such, we will be seeing more businesses integrate liveness detection technology to spot these AI-generated deepfakes and to detect tampering within identity documents in 2024.

4. Getting ahead of authorised push payment fraud

The next trend I predict will remain prevalent in 2024 is a scam centred around emotional manipulation – Authorised Push Payment (APP) fraud. By building a sense of trust with a victim, a fraudster tricks them into willing transferring money for goods or services that never materialise.

In many instances fraudsters lean on current affairs to create a sense of urgency and FOMO (fear of missing out) to persuade victims to act, while others go as far as to pose as the perfect partner on a dating app, making the victim believe there are in a committed relationship, only to con them out of money.

According to data from UK Finance, APP fraud rose by 22% in 2023 and accounts for a huge 77% of fraud cases. This sparked action from the Payment Systems Regulator (PSR) in December last year, who announced banks will be forced to reimburse scam victims on sums worth up to £415,000 at the end of 2024.

With less than a year to prepare, banks and fintechs will certainly be incentivised to get ahead of APP and put a stop to this fraud in early 2024. As fintechs look to tighten up due diligence on payee identity verification as a response, I predict we will see a huge majority turn to mobile data to better understand the relationship between ‘sending’ and ‘receiving’ accounts. Afterall a mobile number is unique to each of us and in many cases, often stays with people longer than an address or an identity.

5. Scoring identity

Last but certainly not least, my final prediction is, with identity fraud on the rise, we will see more and more consumers seek to better understand their digital identity. Afterall, for everyone, it is the key which unlocks access them to the digital world.

There will be a new demand from consumers for better insight into their digital identity footprint both on the value it holds and potential signifiers of distrust they have developed from past online behaviour – much like consumers now leverage credit scores but instead a score for their identity.

With this, more organisations will turn to the expertise in digital identity verification to gain a more precise and comparable understanding of each identity. By getting beyond the binary pass-fail compliance checks that frequently false-fail consumers and accurately measuring and recognising more genuine identities, businesses will also be able to rapidly expand internationally with confidence. For consumers, this will offer a greater inclusivity of diverse digital identity footprints as well as greater transparency in onboarding decisions made by the organisations they interact with.

Download GBG’s The Global State of Digital Identity 2023 report to find out more.

https://www.gbgplc.com/apac/reports/the-state-of-digital-identity-2023/

The post What’s next for digital identity in 2024? first appeared on Identity Week.

Written by Kenny Ching, Head of Citizen Identity, Asia Pacific, HID

The movement of people and goods, which continues to expand, is creating challenges for border security as risks evolve and enforcement goals becoming increasingly complex. Adding to that is the demand of the modern traveller who no longer tolerates being stuck in long queues at security checkpoints and expects a seamless journey from departure to arrival.

Fortunately, the travel industry is at the forefront of digital innovation and continues to be transformed by new technologies in almost every aspect of its operations.

According to the International Civil Aviation Organisation (ICAO), a digital travel credential or DTC is a digital representation of the traveller’s physical document which can temporarily or permanently substitute a conventional passport. The DTC would operate in a similar way to the ePassport within the travel continuum and can be validated using the established public key infrastructure.

In this article, we’ll delve into the concept of DTC, explore the different types of DTC, discuss major advantages of DTC adoption, and underscore the pivotal role DTC is poised to play in shaping the future of seamless travel.

Understanding digital travel credentials

Digital travel credentials (DTCs) are stored securely in a wallet app. This evolution in travel documentation aims to enhance and streamline the travel experience, reduce reliance on physical paperwork and induce security measures.

According to ICAO, the current security of the electronic machine-readable travel document or eMRTD results from the ability to verify the consistency of the data between the physical and the electronic document. The digitised data stored on the chip is identical to the printed information (the exception being the optional secondary biometrics and some special data groups) and ties the data on the chip to the holder of the document through a process of matching the primary biometric to the presenter of the passport.

To ensure integrity and authenticity can be validated to the same level of security as an eMRTD, the DTC approach is based on a ‘hybrid’ concept, in which the DTC will consist of a virtual component (DTC-VC) containing the digital representation of the holder’s identity and one physical component (DTC-PC) that is cryptographically linked to the virtual component.

The DTC can be implemented in three types:

· Type 1 – eMRTD bound DTC – consist of a DTC-VC only, with the eMRTD as a physical authenticator: The traveller must have their physical eMRTD (passport booklet) in their possession while travelling.

· Type 2 – eMRTD-PC bound – consists of DTV-VC and an DTC-PC in addition to the eMRTD: The physical device serves as the DTC-PC, with the eMRTD as the alternate or as a fallback; the traveller should have their physical eMRTD in their possession while traveling.

· Type 3 – PC bound – consists of a DTC-VC and a DTC-PC but no eMRTD: Only the physical device will serve as the DTC-PC; there is no need for the traveller to carry his or her physical passport booklet while travelling.

Efficiency and convenience

While security and interoperability are utmost, the main drivers for DTC are efficiency and convenience.

Clearly, quick passage through a border is more convenient for the traveller, but the DTC will also mean that physical documents do not need to be presented as regularly through the travel process. The processes of revocation and emergency travel authorisation will be made simpler and more convenient in the event of loss or theft of a document. While visa acquisition, presentation and authentication processes can be further digitised and made more convenient.

Ongoing challenges

There are ongoing challenges facing DTC if it were to attain widespread adoption in the future. These include:

· Interoperability: Achieving global interoperability remains a significant challenge for DTC. Different countries may adopt varying standards and technologies, which could lead to compatibility issues. Establishing a universally accepted standard for DTC is paramount to ensuring seamless integration across borders.

· Security concerns: While DTC aims to enhance security, concerns regarding data breaches and unauthorised access persist. Robust encryption and authentication protocols are crucial to safeguarding sensitive traveller information and preventing identity theft.

· Technological barriers: The widespread adoption of DTC relies on accessible and reliable technology. Ensuring that travellers, regardless of their technological

proficiency or access to devices, can easily access and use DTC is essential for broad acceptance

The vital role of DTC in seamless travel

As we look into the future, DTC is poised to play a crucial role in shaping a seamless travel experience for citizens and travellers. The convenience DTC offers in terms of speed, efficiency and reduced paperwork is matched only by the enhanced security measures it brings to the table.

Efficiency at borders will be improved by sharing the DTC virtual component in advance of travel, so that the receiving country will already have a passenger’s data upon arrival. This will allow the relevant risk assessments to be performed ahead of time. More importantly for efficiency, it will speed the travellers’ passage through the border by reducing inspection times.

As technologies continue to advance, and as global standards for interoperability are established, the widespread adoption of DTC will become a cornerstone of the modern travel industry.

The journey towards seamless travel is intricately linked to the development of DTC. The digital transformation of travel documentation is paving the way for a more efficient, secure and interconnected global travel landscape.

While challenges persist, ongoing technological advancements and collaborative efforts between governments and industry stakeholders are steering us towards a future where the phrase “seamless travel” becomes synonymous with the seamless integration of DTC.

Kenny Ching is Head of Citizen Identity for Asia Pacific at HID where he oversees strategy development and market growth for the Citizen Identity business in more than 40 countries. For decades, HID has been providing trusted identities to citizens worldwide, ranging from the supply of advanced security documents to the implementation of full scope enrolment and personalisation systems.

The post Navigating the future: The rise of digital travel credential (DTC) in seamless journeys first appeared on Identity Week.