Almis Ledas, President and COO at EnStream, spoke with Efma’s Boris Plantier about how his company is creating more digital security for Canadians.
What led to the creation of EnStream?
EnStream was born from the realization that the mobile industry’s management of secure, identity-backed credentials could be made available to verify a device or identity during any transaction. With increasing reliance on digital channels, businesses and governments are facing challenges due to the continued investment required to thwart increasingly sophisticated fraud attacks, particularly account takeovers and fraudulent applications. Many fraud mitigation solutions in the marketplace are costly and create unnecessary friction, even denying transactions for legitimate customers. EnStream offers highly effective and affordable solutions, leveraging the mobile device to verify that anyone is who they say they are.
Four elements combine to make EnStream’s solution uniquely powerful:
1. Security - every mobile device is secured with a unique Subscriber Identity Module, or SIM card, that offers a level of security equivalent to that of a Chip and PIN bank card, produced by the same manufacturers.
2. Verified identity - contracted mobile subscribers have their identity verified and credit checked when opening their account. Mobile network operators maintain active relationships with their customers, including billing, payment processing and re-contracting, establishing data available for identity verification.
3. Device authentication – mobile device information, such as acquisition of a new phone or SIM card, or transfer (port) of the mobile number to a different carrier – can be telltale signals that something suspicious may have occurred. This information, delivered in real-time, is not available from any other service provider.
4. Ubiquity – virtually every economically active Canadian has a smartphone, and they have it with them – at work, at home and on the road. Whether transacting in person, on a desktop, or over the mobile device itself, the device is available to help verify identity.
Since no single mobile network can offer access to the majority of any customer base in Canada, and connection to multiple mobile networks presents business and technical challenges, EnStream was formed as a cross carrier hub, to deliver an industry wide service solution.
Could you present EnStream’s solution?
While the internet can help maintain anonymity, it can also make it hard to prove identity. It can be hard to distinguish between a legitimate name, mobile number and address, from one that is fictitious or stolen. EnStream enables the ability to verify asserted information against telco records, to screen out fictitious identities, and it enables verification that the person is in possession of the phone that is registered to them, to screen out stolen identities. Once the account is established, EnStream’s service makes a returning customer no longer appear as an anonymous IP address, but a as verified trusted device. Finally, EnStream is easy to do business with. It is mobile network operator owned, and currently enables access to over 90% of the mobile devices in Canada through a single point of contact.
EnStream does not maintain its own customer database, rather, it is deeply connected into the networks and information systems of Canada’s three national mobile networks (with discussions underway to connect additional networks). EnStream can therefore offer “real time” access to mobile device and mobile account information. Access to customer information must be done with customer consent, and EnStream never releases a customer’s name and address, it only verifies information received from relying parties. Once the information is verified, EnStream destroys the data, retaining only a “hashed” mobile number, time stamp and record of whether or not the transaction was successfully completed, for audit purposes.
Connection into EnStream’s systems is through API’s tailored to deliver different types of verification services:
• Name and address verification against telco records;
• Verification of possession of a device to confirm identity;
• Device verification for returning customers; and
• Risk scoring and detection of mobile account takeover, through SIM swap or number porting.
EnStream’s service is hosted in Canada, in secure, private facilities that meet ISO 27001 and SSAE16 security requirements.
What’s coming next?
Today, EnStream verifies identities of individuals seeking to open new accounts, authenticates devices and provides clients alerts of suspicious activity on their customers’ mobile phones. These activities are in support of bilateral relationships between enterprises and their customers, usually secured with user-names and passwords. The world, however, will move beyond user-name and password for digital identity. Just as mobile payments moved to open wallets, we see identity moving to digital credentials that will be stored in mobile devices. This will include digital driver’s licenses, passports and other government, professional and business credentials.
The mobile device will become the identity wallet, just as it has become a payment wallet. Access to the device will likely be secure, through biometrics or other means, but it will be no less important to verify the device presenting the credential, providing another factor for security, authenticating the individual and minimizing fraud. Network-based device verification will therefore be increasingly important in digital security. Fortunately, the mobile industry is ready, willing and able to verify and manage its connected devices through future evolutions in technology. EnStream will be available to make this verification available to all parties seeking to secure their digital transactions.