THE WIRE REPORT: Big Three leveraging wireless networks for digital ID business
News | 02/28/2018 3:52 pm EST
Canada’s major telecoms are among the leading players in the creation of a form of identity verification that uses mobile technology to digitally confirm a person’s authenticity.
In a bid to replace today’s use of physical documents and cut down on fraud, EnStream LP, a joint venture between BCE Inc., Rogers Communications Inc. and Telus Corp., announced last week enhancements, including better analytics for name and address matching, to a service that uses the digital information held by the wireless carriers to help verify a user’s identity.
Partners including credit bureau Trans Union of Canada, Inc., messaging company Infobip Ltd. and identity authentication provider SecureKey Technologies Inc. are already using the tech, but last week was the first time EnStream announced its existence. The Thursday press release said EnStream has clients using its identity services in fields as diverse as banking, retail, lotteries and gaming, roadside assistance and transportation and logistics, though EnStream representatives declined to specify how many companies are currently making use of the service.
“You text or dial…and the mobile network responsible for that device will find that end user and correctly deliver that message to that device,” EnStream’s chief operating officer Almis Ledas told the The Wire Report in a phone interview. “That gives the network operator a unique relationship with whoever is holding that device,” and grants the device the ability to be a credential “like a chip card for a financial transaction that we carry in our wallets.”
EnStream’s technology has multiple components: identity confirmation which is based on a comparison of data stored by the telecoms, as well as a location and device authentication services which uses mobile technology to bolster protections of individual and corporate trusted information, said Ledas. “We may be able to bring more sophisticated digital authentication, not just online, but in face to face transactions,” Ledas added.
To verify a customer’s identity, a business client uses EnStream’s online interface to send a request to the telecoms’ subscriber information databases for authentication. The service relays back a “confidence score” to the business, determined by proprietary algorithms, according to the company’s marketing and operations director Janice Masotti. EnStream does not send back any personal information to avoid compromising the privacy of the subscriber.
Telecoms are in a prime position to lead on digital ID technology because of the width and breadth of customer info they collect, said Masotti. Names, addresses and birthdays are all provided when a wireless account is opened, and telecoms hold the details of a significant amount of Canada’s population. There were approximately 28 million subscribers of the big wireless companies and their flanker brands as of the third quarter last year, according to statistics on the Canadian Wireless Telecommunications Association (CWTA) website.
Additionally, Ledas explained that mobile networks offer a strong way to authenticate a person, given that verification is based on a connection to a subscriber identification module (SIM) card, which contains geolocation technology and is unique to the subscriber. With its device authentication technology, EnStream can confirm that a text message with a multi-factor authentication code was sent to the correct device and it can verify the last known location of the device through the SIM card’s connection to a cell tower. If another party changes a person’s SIM number, banks and other services can be notified to watch for suspicious requests or significant account changes, according to Ledas. In the future, Ledas said it hopes to implement a stronger form of digital verification by sending a prompt directly to the person’s phone to be approved using the device’s biometric inputs, like Apple Inc.’s Touch ID.
EnStream has over 15 years of experience in secure mobile payment and identity verification services, according to its website, and it connected its first client in March 2016 to a basic version of its verification service, Masotti said in a follow-up email. Since then, it has added to the variety of carrier info that the service can query and improved latency, which enables that info to be verified in real time.
EnStream built a roster of partners in the financial industry after it developed the mobile payment service Zoompass, which it later sold, said Masotti. Its website says it’s “the only company with direct access to mobile telecom information in Canada that cover over 90 per cent of Canadians.
Examples of similar services that use telecom services in other countries include Payfone Inc. in the United States and South Korea’s Danal Corp.
No information is stored by EnStream or the business client, and any use of EnStream’s customer information comparison service is done with explicit consent of the customer. Ledas said the EnStream service will not be used for marketing or consumer behaviour prediction, but only for authentication and fraud management.
Documents provided by EnStream to The Wire Report indicate that the service is hosted in a private cloud located in Canada that is compliant with the latest in cybersecurity and encryption standards.
EnStream is among a group of technology companies, including its partner SecureKey, that is looking to create a nation-wide solution that replaces physical items with digital identification, SecureKey’s chief identification officer Andre Boysen told the The Wire Report over the phone. In a follow up email, Masotti confirmed that EnStream has started the process of joining the Digital ID & Authentication Council of Canada which is looking to build a pan-Canada trust network.
As an identity and authentication service provider, SecureKey helped create the process of using bank information to authenticate access to federal government systems like the Canada Revenue Agency.
“There’s a very small set of things that consumers treat very differently, and that’s their cell phone, bank account, their driver’s license and their passport,” Boysen said. “Those things kind of live on a separate level of attention and care in the user’s life compared to all… other usernames and passwords.”