Mobile Connect Archives

Digital identity: Four steps to maximising value

Telecoms operators have been developing and providing digital identity solutions to customers for years, in many cases for over a decade. While a significant proportion of telecoms operators now provide digital identity solutions – 70 offer services leveraging the GSMA’s Mobile Connect standard – and some have attempted to build more broad-based solutions helping customers to manage personal data. So far these have not grown into significant revenue generators for telcos.

However, as more and more services move online, in part accelerated by the COVID-19 pandemic, consumers, businesses and governments are increasingly dependent on digital identity solutions to access basic and critical services. This is creating complexity and risk in managing and maintaining multiple identities for individuals, and multiple identity systems for businesses and government organisations. With all facets of life and work becoming ever more connected through the IoT, the potential attack surfaces where access and sensitive personal data can be exposed, raises the risk of identity theft and other forms of costly fraud against individuals and businesses.

Although the risks of insecure digital identities are well known, owing to regular high profile data breaches exposing users’ personal information, consumers in particular have been slow to invest in cybersecurity systems to protect themselves from these risks. Likewise, the potential benefits of greater integration between government- and privately-managed digital identity systems are also well understood, yet there has been limited progress in unifying digital identities. The digital identity market remains highly fragmented and users have little more visibility over where their personal information is stored and how it is shared than they did five years ago.

The key question we explore in this report is therefore whether telecoms operators can build on their existing roles in delivering authentication or other digital identity and personal data protection or management services to address the underlying scaling challenges in the digital identity market. How can they help customers to gain more control over their personal data and work with businesses and governments to reduce complexity in this market?

Enter your details below to download an extract of the report

The state of digital identity

Definitions and technology background

A digital identity is a digital record that uses a collection of attributes to represent a person or an entity such as a device, an organisation or a process online. Digital identities are used to verify and authenticate users before allowing them to access to digital systems. Digital identity technologies aim to streamline the identification process and minimise the human intervention while keeping the process highly secure.

Three core elements of a secure digital identity

Source: STL Partners, Mobile Ecosystem Forum

As outlined in the three components above, digital identities use two different types of information to identify individuals, which can be used alone or in combination:

Digital attributes are personal identifiable information (PPI) that is either inherent or assigned information about the user. These are usually part of the user’s nature and not affected by external factors. Inherent attributes can be a person’s date of birth or biometric data such as fingerprints, while assigned attributes can be their national insurance or social security number.
Digital activities refer to the user’s online behavioural patterns and contain trackable records of online transactions such as search history, purchase history, phone call log, location and geotagging, social media activities and online downloads.

At the second stage of authenticating users, organisations mainly use one of three ways to securely verify and authenticate their users. These are:

Information the individual knows such as a combination of a username and a password or personal security questions,
Items that the users have such as a token, a phone or a SIM card or any type of cryptographic key including network information in case of mobile phone users and,
Who they are, using inherent attributes such as biometric data, including fingerprint, handprint, eye scan, facial recognition, and voice recognition.

The first method is a very common way to authenticate users and provide access. However, it has become vulnerable on its own, especially for granting access to sensitive information, as passwords and PINs are particularly vulnerable to phishing scams and end users too often use the same password or PIN for multiple accounts. The use of a physical key is not necessarily safer either as it can also be stolen or lost.

This is driving increased usage of two- or multi-factor authentication, which combines information a user knows with something they have or who they are. Broadly, the more sensitive the data saved in the digital identity system, the more layers of authentication required.

Single-factor authentication (SFA) is the simplest type of authentication and requires the user to only provide their credentials in a single step similar to logging in using a username and a password.
Two-factor authentication (2FA) is when another set of credentials is asked of the user in addition to the password such as a one-time SMS / email pin code or a biometric scan.
Multi-factor authentication (MFA) requires two or more sets of credentials. More layers of security provide higher security. This can complicate and lengthen the access process for the average user, although in some instances it can be done in a frictionless way, e.g. the service provider can independently check that the user’s stated location matches their actual location by verifying the location of their mobile with their telecoms provider.

Increasing usage of 2FA and MFA has likely been a key factor contributing to a levelling off in the number of victims of data breaches over the last four years, despite persistent number of attacks, as illustrated in the graphic below.

Total number of data breaches and victims, 2016 – Q3 2022

Source: Identity Theft Resource Center

Executive Summary
Introduction
- The state of digital identity
- Definitions and technology background
- Types of digital identity
- A fragmented market
- Existing digital identity systems are not fit for purpose
Telco digital identity services: The story so far
- Mobile Connect
- Telco digital identity case studies
- National digital identity initiatives
- Estonia and Finland: Showing the way for national digital identity
- Telcos’ roles in national digital identity solutions
Recommendations for telco digital identity efforts

Related research

This report builds on previous STL research relating to digital identity and personal data:

Cybersecurity: What will consumers pay for?
Fighting the fakes: How telcos can help
Personal data: Treasure or trash? (a profile of Telefónica)
Blockchain for telcos: Where is the money?
Will web 3.0 change the role of telcos?

Enter your details below to download an extract of the report

Telco ecosystems: How to make them work

The ecosystem business framework

The success of large businesses such as Microsoft, Amazon and Google as well as digital disrupters like Airbnb and Uber is attributed to their adoption of platform-enabled ecosystem business frameworks. Microsoft, Amazon and Google know how to make ecosystems work. It is their ecosystem approach that helped them to scale quickly, innovate and unlock value in opportunity areas where businesses that are vertically integrated, or have a linear value chain, would have struggled. Internet-enabled digital opportunity areas tend to be unsuited to the traditional business frameworks. These depend on having the time and the ability to anticipate needs, plan and execute accordingly.

As businesses in the telecommunications sector and beyond try to emulate the success of these companies and their ecosystem approach, it is necessary to clarify what is meant by the term “ecosystem” and how it can provide a framework for organising business.

The word “ecosystem” is borrowed from biology. It refers to a community of organisms – of any number of species – living within a defined physical environment.

A biological ecosystem

Source: STL Partners

A business ecosystem can therefore be thought of as a community of stakeholders (of different types) that exist within a defined business environment. The environment of a business ecosystem can be small or large. This is also true in biology, where both a tree and a rainforest can equally be considered ecosystem environments.

The number of organisms within a biological community is dynamic. They coexist with others and are interdependent within the community and the environment. Environmental resources (i.e. energy and matter) flow through the system efficiently. This is how the ecosystem works.

Companies that adopt an ecosystem business framework identify a community of stakeholders to help them address an opportunity area, or drive business in that space. They then create a business environment (e.g. platforms, rules) to organise economic activity among those communities. The environment integrates community activities in a complementary way. This model is consistent with STL Partners’ vision for a Coordination Age, where desired outcomes are delivered to customers by multiple parties acting together.

Enter your details below to request an extract of the report

Characteristics of business ecosystems that work

In the case of Google, it adopted an ecosystem approach to tackle the search opportunity. Its search engine platform provides the environment for an external stakeholder community of businesses to reach consumers as they navigate the internet, based on what consumers are looking for.

Google does not directly participate in the business-consumer transaction, but its platform reduces friction for participants (providing a good customer experience) and captures information on the exchange.

While Google leverages a technical platform, this is not a requirement for an ecosystem framework. Nespresso built an ecosystem around its patented coffee pod. It needed to establish a user-base for the pods, so it developed a business environment that included licensing arrangements for coffee machine manufacturers. In addition, it provided support for high-end homeware retailers to supply these machines to end-users. It also created the online Nespresso Club for coffee aficionados to maintain demand for its product (a previous vertically integrated strategy to address this premium coffee-drinking niche had failed).

Ecosystem relevance for telcos

Telcos are exploring new opportunities for revenue. In many of these opportunities, the needs of the customer are evolving or changeable, budgets are tight, and time-to-market is critical. Planning and executing traditional business frameworks can be difficult under these circumstances, so ecosystem business frameworks are understandably of interest.

Traditional business frameworks require companies to match their internal strengths and capabilities to those required to address an opportunity. An ecosystem framework requires companies to consider where those strengths and capabilities are (i.e. external stakeholder communities). An ecosystem orchestrator then creates an environment in which the stakeholders contribute their respective value to meet that end. Additional end-user value may also be derived by supporting stakeholder communities whose products and services use, or are used with, the end-product or service of the ecosystem (e.g. the availability of third party App Store apps add value for end customers and drives demand for high end Apple iPhones). It requires “outside-in” strategic thinking that goes beyond the bounds of the company – or even the industry (i.e. who has the assets and capabilities, who/what will support demand from end-users).

Many companies have rushed to implement ecosystem business frameworks, but have not attained the success of Microsoft, Amazon or Google, or in the telco arena, M-Pesa. Telcos require an understanding of the rationale behind ecosystem business frameworks, what makes them work and how this has played out in other telco ecosystem implementations. As a result, they should be better able to determine whether to leverage this approach more widely.

Executive Summary
The ecosystem business framework
Why ecosystem business frameworks?
- Benefits of ecosystem business frameworks
Identifying ecosystem business frameworks
Telco experience with ecosystem frameworks
- AT&T Community
- Deutsche Telekom Qivicon
- Telecom Infra Project (TIP)
- GSMA Mobile Connect
- Android
- Lessons from telco experience
Criteria for successful ecosystem businesses
- “Destination” status
- Strong assets and capabilities to share
- Dynamic strategy
- Deep end-user knowledge
- Participant stakeholder experience excellence
- Continuous innovation
- Conclusions
Next steps
- Index

Enter your details below to request an extract of the report

Fighting the fakes: How telcos can help

Internet platforms need a frictionless solution to fight the fakes

On the Internet, the old adage, nobody knows you are a dog, can still ring true. All of the major Internet platforms, with the partial exception of Apple, are fighting frauds and fakes. That’s generally because these platforms either allow users to remain anonymous or because they use lax authentication systems that prioritise ease-of-use over rigour. Some people then use the cloak of anonymity in many different ways, such as writing glowing reviews of products they have never used on Amazon (in return for a payment) or enthusiastic reviews of restaurants owned by friends on Tripadvisor. Even the platforms that require users to register financial details are open to abuse. There have been reports of multiple scams on eBay, while regulators have alleged there has been widespread sharing of Uber accounts among drivers in London and other cities.

At the same time, Facebook/WhatsApp, Google/YouTube, Twitter and other social media services are experiencing a deluge of fake news, some of which can be very damaging for society. There has been a mountain of misinformation relating to COVID-19 circulating on social media, such as the notion that if you can hold your breath for 10 seconds, you don’t have the virus. Fake news is alleged to have distorted the outcome of the U.S. presidential election and the Brexit referendum in the U.K.

In essence, the popularity of the major Internet platforms has made them a target for unscrupulous people who want to propagate their world views, promote their products and services, discredit rivals and have ulterior (and potentially criminal) motives for participating in the gig economy.

Although all the leading Internet platforms use tools and reporting mechanisms to combat misuse, they are still beset with problems. In reality, these platforms are walking a tightrope – if they make authentication procedures too cumbersome, they risk losing users to rival platforms, while also incurring additional costs. But if they allow a free-for-all in which anonymity reigns, they risk a major loss of trust in their services.

In STL Partners’ view, the best way to walk this tightrope is to use invisible authentication – the background monitoring of behavioural data to detect suspicious activities. In other words, you keep the Internet platform very open and easy-to-use, but algorithms process the incoming data and learn to detect the patterns that signal potential frauds or fakes. If this idea were taken to an extreme, online interactions and transactions could become completely frictionless. Rather than asking a person to enter a username and password to access a service, they can be identified through the device they are using, their location, the pattern of keystrokes and which features they access once they are logged in. However, the effectiveness of such systems depends heavily on the quality and quantity of data they are feeding on.

In come telcos

This report explores how telcos could use their existing systems and data to help the major Internet companies to build better systems to protect the integrity of their platforms.

It also considers the extent to which telcos will need to work together to effectively fight fraud, just as they do to combat telecoms-related fraud and prevent stolen phones from being used across networks. For most use cases, the telcos in each national market will generally need to provide a common gateway through which a third party could check attributes of the user of a specific mobile phone number. As they plot their way out of the current pandemic, governments are increasingly likely to call for such gateways to help them track the spread of COVID-19 and identify people who may have become infected.

Enter your details below to request an extract of the report

Using big data to combat fraud

In the financial services sector, artificial intelligence (AI) is now widely used to help detect potentially fraudulent financial transactions. Learning from real-world examples, neural networks can detect the behavioural patterns associated with fraud and how they are changing over time. They can then create a dynamic set of thresholds that can be used to trigger alarms, which could prompt a bank to decline a transaction.

In a white paper published in 2019, IBM claimed its AI and cognitive solutions are having a major impact on transaction monitoring and payment fraud modelling. In one of several case studies, the paper describes how the National Payment Switch in France (STET) is using behavioural information to reduce fraud losses by US$100 million annually. Owned by a consortium of financial institutions, STET processes more than 30 billion credit and debit card, cross-border, domestic and on-us payments annually.

STET now assesses the fraud risk for every authorisation request in real time. The white paper says IBM’s Safer Payments system generates a risk score, which is then passed to banks, issuers and acquirers, which combine it with customer information to make a decision on whether to clear or decline the transaction. IBM claims the system can process up to 1,200 transactions per second, and can compute a risk score in less than 10 milliseconds. While STET itself doesn’t have any customer data or data from other payment channels, the IBM system looks across all transactions, countrywide, as well as creating “deep behavioural profiles for millions of cards and merchants.”

Telcos, or at least the connectivity they provide, are also helping banks combat fraud. If they think a transaction is suspicious, banks will increasingly send a text message or call a customer’s phone to check whether they have actually initiated the transaction. Now, some telcos, such as O2 in the UK, are making this process more robust by enabling banks to check whether the user’s SIM card has been swapped between devices recently or if any call diverts are active – criminals sometimes pose as a specific customer to request a new SIM. All calls and texts to the number are then routed to the SIM in the fraudster’s control, enabling them to activate codes or authorisations needed for online bank transfers, such as a one-time PINs or passwords.

As described below, this is one of the use cases supported by Mobile Connect, a specification developed by the GSMA, to enable mobile operators to take a consistent approach to providing third parties with identification, authentication and attribute-sharing services. The idea behind Mobile Connect is that a third party, such as a bank, can access these services regardless of which operator their customer subscribes to.

Adapting telco authentication for Amazon, Uber and Airbnb

Telcos could also provide Internet platforms, such as Amazon, Uber and Airbnb, with identification, authentication and attribute-sharing services that will help to shore up trust in their services. Building on their nascent anti-fraud offerings for the financial services industry, telcos could act as intermediaries, authenticating specific attributes of an individual without actually sharing personal data with the platform.

STL Partners has identified four broad data sets telcos could use to help combat fraud:

Account activity – checking which individual owns which SIM card and that the SIM hasn’t been swapped recently;
Movement patterns – tracking where people are and where they travel frequently to help identify if they are who they say they are;
Contact patterns – establishing which individuals come into contact with each other regularly;
Spending patterns – monitoring how much money an individual spends on telecoms services.

Executive Summary
Introduction
Using big data to combat fraud
- Account activity
- Movement patterns
- Contact patterns
- Spending patterns
- Caveats and considerations
Limited progress so far
- Patchy adoption of Mobile Connect
- Mobile identification in the UK
- Turkcell employs machine learning
Big Internet use cases
- Amazon – grappling with fake product reviews
- Facebook and eBay – also need to clampdown
- Google Maps and Tripadvisor – targets for fake reviews
- Uber – serious safety concerns
- Airbnb – balancing the interests of hosts and guests
Conclusions
Index

Enter your details below to request an extract of the report

Innovation Leaders: A Surprisingly Successful Telco API Programme

Introduction

The value of APIs

Application programming interfaces (APIs) are a central part of the mobile and cloud-based app economy. On the web, APIs serve to connect back-end and front-end applications (and their data) to one another. While often treated as a technical topic, APIs also have tremendous economic value. This was illustrated very recently when Oracle sued Google for copyright infringement over the use of Oracle-owned Java APIs during the development of Google’s Android operating system. Even though Google won the case, Oracle’s quest for around $9 billion showed the huge potential value associated with widely-adopted APIs.

The API challenge facing telcos…

For telcos, APIs represent an opportunity to monetise their unique network and IT assets by making them available to third-parties. This is particularly important in the context of declining ‘core’ revenues caused by cloud and content providers bypassing telco services. This so-called “over the top” (OTT) threat forces telcos to both partner with third-parties as well as create their own competing offerings in order to dampen the decline in revenues and profits. With mobile app ecosystems maturing and, increasingly, extending beyond smartphones into wearables, cars, TVs, virtual reality, productivity devices and so forth, telcos need to embrace these developments to avoid being a ‘plain vanilla’ connectivity provider – a low-margin low-growth business.

However, thriving in this co-opetitive environment is challenging for telcos because major digital players such as Google, Amazon, Netflix and Baidu, and a raft of smaller developers have an operating model and culture of agility and fast innovation. Telcos need to become easier to collaborate with and a systematic approach to API management and API exposure should be central to any telco partnership strategy and wider ‘transformation programme’.

…and Dialog’s best-practice approach

In this report, we will analyse how Dialog, Sri Lanka’s largest operator, has adopted a two-pronged API implementation strategy. Dialog has systematically exposed APIs:

Externally in order to monetise in partnership with third-parties;
Internally in order to foster agile service creation and reduce operational costs.

STL Partners believes that this two-pronged strategy has been instrumental in Dialog’s API success and that other operators should explore a similar strategy when seeking to launch or expand their API activities.

Dialog Axiata has steadily increased the number of API calls (indexed)

Source: Dialog Axiata

In this report, we will first cover the core lessons that can be drawn from Dialog’s approach and success and then we will outline in detail how Dialog’s Group CIO and Axiata Digital’s CTO, Anthony Rodrigo, and his team implemented APIs within the company and, subsequently, the wider Axiata Group.

Executive summary
Introduction
The value of APIs
The API challenge facing telcos…
…and Dialog’s best-practice approach
5 key ‘telco API programme’ lessons
Background: What are APIs and why are they relevant to telcos?
API basics
API growth
The telecoms industry’s API track record is underwhelming
The Dialog API Programme (DAP)
Overview
Ideamart: A flexible approach to long-tail developer engagement
Axiata MIFE – building a multipurpose API platform
Drinking your own champagne : Dialog’s use of APIs internally
Expanding MIFE across Axiata opcos and beyond
Conclusion and outlook

Figure 1: APIs link backend infrastructure with applications
Figure 2: The explosive growth of open APIs
Figure 3: How a REST API works its magic
Figure 4: DAP service layers
Figure 5: Five APIs are available for Idea Pro apps
Figure 6: Idea Apps – pre-configured API templates
Figure 7: Ideadroid/Apptizer allows restaurants to specify food items they want to offer through the app
Figure 8: Ideamart’s developer engagement stats compare favourably to AT&T, Orange, and Vodafone
Figure 9: Steady increase in the number of API calls (indexed)
Figure 10: Dialog Allapps on Android
Figure 11: Ideabiz API platform for enterprise third-parties
Figure 12: Dialog Selfcare app user interface
Figure 13: Dialog Selfcare app functions – share in total number of hits
Figure 14: Apple App Store – Dialog Selfcare app ratings
Figure 15: Google Play Store – Dialog Selfcare app ratings
Figure 16: MIFE enables the creation of a variety of digital services – both internally and externally

Mobile Authentication: Telcos’ Key to the Digital World?

Introduction: The Authentication Arms Race

Authentication: Ubiquitous, but increasingly complex

Authentication is the process of verifying a claim by (or for) an entity to an attribute, identity or unique identifier: it confirms that ‘you are what you claim to be’. The entity might be a human or machine, for example, and a peer in a transaction or the source of some data. This verification is achieved by presenting credential(s) (or ‘authentication information’) that corroborate the claim(s) of the entity.

Clearly, authentication is not a new issue: for thousands of years, societies have learned to cooperate and establish trust in non-digital environments. When an individual presents a credit card (the ‘credential’) for payment in a shop and, in some cases, enters a secret PIN code or signs a receipt (another credential), they are attempting to authenticate their claim that the bank account associated with the card is theirs to use (the ‘attribute’). When a letter is received with a difficult-to-replicate wax seal, this is an attempt to authenticate the origin of the letter. When two members of a secretive group meet for the first time, knowledge of a secret handshake can mutually authenticate their membership of the group.

Nor is it a new issue for STL Partners, either: we began our coverage of authentication, and the broader identity and personal data markets, in 2008 and have regularly provided market-leading research (e.g. Customer Data 2.0: Telcos Must Vie for a slice of the $Multi-Billion ‘PIE’; Personal Data: how to make it a viable, customer-centred industry) and advisory services since then.

What is new, however, is the growing digitisation of our everyday lives. This has driven new contexts for authentication (e.g. logging in to email accounts), new and sometimes more sophisticated methods of authentication (e.g. SMS one-time passwords, public key encryption), and created entire industries (e.g. Digital Certification). An example which covers all three of these areas is SSL (Secure Sockets Layer), the technology which establishes secure ‘HTTPS’ connections between servers and browsers using a sophisticated mechanism called ‘public key cryptography’, which we return to later.

Figure 1: Mutual SSL Authentication Handshake Message Flow

Source: CodeProject

As we discussed in the recent Executive Briefing ‘Authentication Mechanisms: The Digital Arms Race’, another consequence has been the entrance to the ecosystem of companies not traditionally associated with this space, especially Facebook and Google. Among their many activities in this space is the provision of ‘federated’ authentication and identity services to third-party websites, which essentially allows their users to login and register using their existing social network credentials. Although usage metrics for these services are not publicly available, anecdotal evidence suggests they are both widely and frequently used. There are clear benefits to each party from using one of these services, such as users needing to remember fewer passwords; online service providers being able to outsource their credential management systems; and Facebook/Google/Twitter collecting more behavioural data for advertising; but, as we will see, there are also clear drawbacks, notably around reach and privacy.

Such user (consumer, citizen or employee) authentication services to remote, digital environments for third-parties (enterprises or governments) are the focus of this report.

Figure 2: The Internet players are providing authentication services to third-parties

Source: Adweek

Some MNOs are already active in authentication services

Authentication is not a new activity area for mobile operators, either. Most fundamentally, one of the two core purposes of the SIM cards that MNOs issue and manage is precisely that (as well as storage):

Identity: The SIM contains, among others, a unique reference number (the international mobile subscriber identity, or ‘IMSI’) that identifies the SIM and the relevant subscription. The MNO recognises the reference number and ensures costs and usage are allocated against it correctly.
Authentication: To provide assurance that the identity claim is valid, the MNO uses a security mechanism to grant access to the network. This is done by issuing a ‘challenge’ which only a particular SIM card can answer correctly using a unique 128-bit ‘Ki’ key associated with its identity. The specific mechanism is known as ‘symmetric key cryptography’.

Beyond authentication for their own use, MNOs have also been developing commercial propositions around user authentication services. In some cases, their role has been strictly limited to enabling the authentication process, such as the UK MNOs’ support of ValidSoft’s fraud prevention service for financial services. In other cases, MNOs have been providing complete mobile authentication services themselves. Some of these have achieved impressive traction and results (e.g. Swisscom’s Mobile ID, KDDI’s au ID), whilst others have struggled, and there are important lessons here.

Figure 3: Map of MNO mobile authentication services, 2014 (incl. examples)

Source: GSMA, STL Partners

Back in May 2014, the GSMA recognised the shaded countries in Figure 3 as having active mobile authentication services, although some of these offer more than ‘pure’ authentication (e.g. extending towards identity) whilst others have the MNO acting as more of an enabler. Example operators (or service logos where available) are overlaid on the map.

Perhaps the most significant recent development in this space was the GSMA’s announcement of the collaborative ‘Mobile Connect’ initiative in February 2014. Mobile Connect aims to facilitate industry-wide collaboration between MNOs so that they can offer privacy-centric authentication, identity and attribute services to relying parties with single technical and commercial interfaces, thereby maximising their reach (3.9 billion unique mobile subscribers) and therefore the attractiveness of these services to relying parties.

Following successful trials and development of the authentication proposition with a lead group of operators during 2014, Mobile Connect is now beginning to go live: March 2015 saw the official launch of Mobile Connect by 17 operators in 13 countries, with others committed to launch during the remainder of 2015 and 2016. The launch proposition is pure authentication, and leverages operator assets (e.g. the SIM card) to allow the use of mobile phones as authentication devices independently of the service provided and independently of the device used to consume the service.

So, what are the opportunities for MNOs in authentication?

Whilst MNOs also have other strengths around privacy, customer support capabilities, and more, they have several weaknesses, and the business case for mobile authentication services is not yet clear to most. To clarify the situation, this report covers the following:

Key Concepts: The basics of authentication, identity and attributes
The Need: The practical advantages of mobile authentication mechanisms
The Vision: Short-term, ‘tactical’ opportunities in premium authentication; long-term, ‘strategic’ opportunities for the industry
SWOT: MNO’s strengths, weaknesses, opportunities, and threats in authentication
Case Studies: (Swisscom) Mobile ID, GSMA Mobile Connect
Conclusions and Next Steps

The report concludes that now is indeed the time for MNOs to strongly and collectively embrace authentication services. MNOs can be successful in authentication and have an opportunity to directly and indirectly monetise it across three key areas, but this opportunity will not last and there will be few more like it.

Executive Summary
Introduction: The Authentication Arms Race
Authentication: Ubiquitous, but increasingly complex
Some MNOs are already active in authentication services
So, what are the opportunities for MNOs in authentication?
Key Concepts in Authentication and Identity
Authentication, Credentials and Authorisation
Attributes, Identity and Identifiers
X-Party Authentication and the ‘Digital Identity Ecosystem’
The Need for Mobile Authentication Services
The need for more convenient & secure digital authentication
The advantages of SIM-based, mobile authentication
The Vision: Authentication is the First Step
Context: MNO Authentication Services SWOT
(Swisscom) Mobile ID: Success in ‘premium’ authentication
GSMA Mobile Connect: Free, ubiquitous authentication?
Looking Beyond Authentication: Monetising attributes
STL Partners and Telco 2.0: Change the Game

Figure 1: Mutual SSL Authentication Handshake Message Flow
Figure 2: The Internet players are providing authentication services to third-parties
Figure 3: Map of MNO mobile authentication services, 2014 (incl. examples)
Figure 4: Summarising key definitions in authentication and identity
Figure 5: Google’s SMS two-factor authentication system
Figure 6: The ‘Digital Identity Ecosystem’
Figure 7: The Most Common Passwords of 2014
Figure 8: Time Spent per adult user per day with internet media, USA, 2008-2015
Figure 9: Breaking the relationship between security and convenience
Figure 10: The Vision for MNOs in Authentication Services
Figure 11: MNO Authentication Services SWOT
Figure 12: Consumers are increasingly concerned about online privacy
Figure 13: Authentication Market Growth Dynamics
Figure 14: The (Swisscom) Mobile ID Proposition
Figure 15: Authentication using Public Key Encryption
Figure 16: Mobile ID’s User Experience
Figure 17: Logical Technical Architecture for Mobile Connect
Figure 18: Mobile Connect’s User Experience – ‘Click ok’, initiated on PC/tablet
Figure 19: Mobile Connect Roadmap – Authentication, Identity and Attributes

Tag: Mobile Connect

Telco ecosystems: How to make them work

The ecosystem business framework

A biological ecosystem

Enter your details below to request an extract of the report

Characteristics of business ecosystems that work

Ecosystem relevance for telcos

Table of Contents

Enter your details below to request an extract of the report

Fighting the fakes: How telcos can help

Internet platforms need a frictionless solution to fight the fakes

In come telcos

Enter your details below to request an extract of the report

Using big data to combat fraud

Adapting telco authentication for Amazon, Uber and Airbnb

Table of contents

Enter your details below to request an extract of the report

Innovation Leaders: A Surprisingly Successful Telco API Programme

Introduction

The value of APIs

The API challenge facing telcos…

…and Dialog’s best-practice approach

Sample Reports