Building an identity proofing ecosystem that spans both public and private sectors

Transcription

1 Building an identity proofing ecosystem that spans both public and private sectors Joni Brennan Kantara Deborah Gallagher General Services Administration Daniel Buttafogo Citibank Keir Breitenfeld Experian Sal Guariano, Moderator Experian Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any form or manner without the prior written permission of Experian.

2 Agenda Welcome and overview Cybersecurity policy and initiatives Panelist introductions Panel discussion and Q&A Conclusion 2

3 Common challenges across industries Common fraud threats Account takeover First party fraud Commercial fraud Identity theft 3

4 Common challenges across industries Common fraud threats Common business drivers Customer experience Hosted and flexible services Regulatory pressure and out sort rates New access channels and markets 4

5 Common challenges across industries Common fraud threats Common business drivers Solutions Real-time decisioning Holistic customer views Mitigate fraud and meet security and compliance requirements 5

6 Common challenges across industries Common fraud threats Common business drivers Solutions Urgency for egovernment to get it right Fraud has migrated to egovernment Information access via egovernment could be used for follow-on fraud perpetration Security standards could drive massive referral volumes and high costs 6

7 An immediate need Cybersecurity threats and crimes Presidential focus egovernment demand and opportunity Increased effectiveness and efficiency 7

8 NIST SP for the four levels of assurance defined by the Office of Management and Budget Increased strength for increased identity assurance Levels Little or no confidence in the asserted identity s validity Identity proofing is not required at this level, but the authentication mechanism should provide some assurance that the same claimant is accessing protected transactions or data 2. Requires confidence that the asserted identity is accurate Provides for single-factor remote network authentication, including identity-proofing requirements 3. Provides multi-factor remote network authentication At this level, identity proofing procedures require verification of identifying materials and information Ideally online 4. Provides the highest practical assurance of remote network authentication Authentication is based on proof of possession of a key through a cryptographic protocol Requires personal presence Relevant industry capabilities User ID PIN Password/secret questions Identity proofing Identity element verification Authentication and fraud scores Out-of-wallet questions Financial instrument verification One-time password PKI digital signature Biometrics Multi-factor token Additive layers 8

9 Experian capabilities and components Identify proofing Risk-based authentication Out-of-wallet data Public and private data sources Customized business rules Use primary data to verify Risk-based score minimum input Real-time identity verification Cross-industry identity information Knowledge-based authentication Out-of-wallet data questions Progressive questioning Seamless integration 9

10 Panel discussion 10

11 Panelists Deborah Gallagher Joni Brennan Danny Buttafogo Keir Breitenfeld Chair, Federal PKI Policy Authority (FPKIPA) Co-Chair of the Identity, Credential and Access Management (ICAM) Subcommittee General Services Administration Executive Director, Kantara Head of Financial Crime & Transaction Risk Management Citibank Vice President of Product Management and Marketing, Fraud and Identity Solutions, Experian 11

12 Thank you for attending Key takeaways Breadth and depth of data critical to effective identity management Risk-based authentication must be the foundation to citizen enrollment and account management Standards must continue to be reviewed and solutions certified in the near future to accelerate adoption and consistency Fraud has migrated to egovernment and the public sector needs to keep pace with the private sector 12

13 Follow us on #Vision2013 Hear the latest from Vision 2013 in the Daily Roundup: For additional information, please contact: 13

14 Visit the Experian Expert Bar to learn more about the topics and products covered in this presentation. 14