Security and Usability David Hunt: DCH Technology Services
A Financial Services View Active Security Passive Security Technologies Impact on Users Big Data Consumer context, do we know you?
Active Security The perfect software system from a security architecture perspective: Highly Secure. Many different security technologies. User id, password RCA type Token 2 Factor Authentication
Active Security Why users dislike too much active security, payments: Intrusive RCA Token --- Mobile!! Not always intuitive 2FA requirements to enroll for MPS payments User ID to authorize payments NFC Chip and PIN QR codes
Partnerships and extended networks Extension of traditional partnerships Creation of new opportunities Extended threats Biometrics
Extension of traditional partnerships Introduces a set of new partnerships (TSM) and opportunities (SIMM) and creates new threats through the extended network.
The SIMM card can provide a high degree of security on a mobile device same capabilities as a credit debit card. Creation of new opportunities Phone only Alternative secure elements???
Extended threats Personal Cloud OpenID??? Consumers will look to create a extended world of APPS and data on their personal devices. This creates threat opportunities on these devices as no single APP/provider is in control, or can set standards or security policies.
Biometrics the silver bullet?? Apple buys fingerprint security firm AuthenTec The Galaxy S4, like Apple's iphone, has voice recognition software but at present it cannot identify a particular person. In future, it's possible that a smartphone could recognise its owner's voice and unlock accordingly. Nuance Voice Biometrics My voice is my password. Samsung has had a "Face Unlock" feature in its phones since the Galaxy S3. It s early days yet
Passive Security Big Data and Security Analytics Consumer context, do we know you?
Big Data Fraud detection Already employs an element of passive security data collection Profiling Transaction History Location Tracking Big Data will take this to a new level
Role of Big Data Analytics Enhance the current fraud and security processes How well do we trust the current user?? What is the appropriate security token for a given transaction What additional information do I need for a given transaction.
How well do we know you? The value of customer context Convergence of Security and Marketing through the use of big data analytics Collecting browsing behaviours Mining data in transaction histories Buying in 3 rd party data Location behaviours Security vs privacy of the individual Unique in the crowd: The privacy bounds of human mobility
Studied fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier s antennas, four spatiotemporal points are enough to uniquely identify 95% of the individuals While in the past, mobility traces were only available to mobile phone carriers, the advent of smartphones and other means of data collection has made these broadly available. For example, Apple has recently updated its privacy policy to allow sharing the spatio-temporal location of their users with partners and licensees Furthermore, it is estimated that a third of the 25B copies of applications available on Apple s App StoreSM access a user s geographic location, and that the geo-location of, 50% of all ios and Android traffic is available to ad networks. All these are fuelling the ubiquity of simply anonymized mobility datasets and are giving room to privacy concerns.