Tuesday, 12 September 2017

Hello Face ID - Goodbye Touch ID

One of the technology's industry's worst kept secrets, Apple Face ID on the high-end iPhoneX was unveiled a short while ago at Apple's latest hardware event. It replaces Touch ID fingerprint authentication with a 3D facial recognition technology that leverages IR, neural networks and machine learning.

It is a bold step and attempts to solve the problem in how to support biometric authentication on a bezel-less OLED display. Rumours were that Apple attempted to integrate a fingerprint sensor in the display but this didn't quite work out. 3D facial technology integrated into a camera module has solved this problem but the botched first attempt to demo unlocking the phone at the event leaves questions over its accuracy and performance. They do say never work with animals and live demos and this may be a glitch for the technology that is replacing a biometric authentication system that is quick and very friction-free.

Apple Pay and many other third-party services depend on accuracy and speed. If I am in a queue wanting to pay for my morning coffee I want it to work immediately. Indications from the Apple event point to Apple replacing a one-step fingerprint authentication process with a two-step look at the phone and swipe up process to unlock the phone.

It was very interesting that Apple stressed the multiple use for the 3D camera module and its ability to supercharge the Emoji experience - that will definitely sell a stack of phones. But is there a negative impact on the user experience for the authentication process? Time will only tell and Apple will have performed hundreds of hours of user experience tests on Face ID.

When Apple announced Touch ID in 2013 it revolutionised consumer biometric authentication and led to an explosion of fingerprint sensor integrated in almost all new smart phones.  Will Face ID have a similar impact? Probably.

Samsung has gone the multi-modal route and still supports fingerprint authentication and I believe that many mobile OEMs will continue down this path - especially in the short-term. However, we will see Apple's competitors start to emulate 3D facial recognition technology to support other high-net worth applications, including augmented reality, and to enable full-display, bezel-free devices.

It is definitely not goodbye to mobile fingerprint authentication but there is definitely a new kid on the block and one that can support a wider range of non-security applications. It could also be ported to other devices especially in the growing IoT and AR/VR industries - but this does break the privacy and trust model of the biometric  template never leaves the secure enclave.

These are my initial thoughts on the announcement and I hope to talk about them further in subsequent posts when I have time to reflect. See you.


Wednesday, 21 June 2017

Tackling Regulatory Change Through Automation and Machine Learning

Machine learning and AI technologies are starting to support compliance management functions. The ability to automate resource and data intensive processes is beneficial to compliance management functions struggling with increasing levels of regulatory data. 

Financial services organizations are dealing with a tidal wave of regulatory change that shows little sign of abating. As part of my research for a new study published by Goode Intelligence investigating how machine learning and automation can get regulation under control, I interviewed compliance officers and Regtech experts in both the UK and the US. A compliance officer based in London told me that the financial services industry is facing "mountains and mountains of regulation". This statement is echoed by industry experts including the Boston Consulting Group who believe that "regulation must be considered a permanent rise in sea level - not just a flowing tide that will ebb or even cresting tsunami that will recede."(1)

The combination of information overload and manual regulatory change analysis is creating headaches for many organizations that cannot afford to invest in large specialist compliance teams or automation. The reliance on under-staffed compliance teams to sift through vast reams of complex regulatory data can lead to mistakes – mistakes that organizations cannot afford to make when failure to comply to regulation can lead to financial penalties that can run into the millions, even billions, of dollars. Since the global financial crisis of 2008, banks globally have paid $321 billion for a number of regulatory failings from money laundering to market manipulation. (2)

To reduce the ever-increasing burden on compliance teams, financial service organizations can turn to new regulation change management solutions that automates resource-intensive tasks through machine learning technology.

Just as financial services organizations are increasingly turning to FinTech tools to take advantage of advancements in areas like automation, machine learning and cloud computing, these firms can also turn to the new sector of RegTech to better manage regulation and turn it into an advantage.

Leveraging expert-in-the-loop (EITL) machine learning for automating document frees up compliance professionals to focus their time on the details of actually helping their organizations comply with regulations, rather than just laying the groundwork. 

A smart machine learning compliance solution must offer the following core competencies:
  1. Aggregation - from a comprehensive variety of sources
  2. Normalization - of millions of documents, citations, rulings and publications
  3. Curation & Classification - based on expansive EITL machine learning model foundation
  4. Trend analysis - transform raw regulatory data and peer-review trends into distilled insight
  5. Personalization and notification - follow specific regulatory topics
I explore this further in a white paper that references the latest Regtech solution from Compliance.ai entitled "Getting regulation under control with Compliance AI".

(1) Global Risk 2017: Staying the Course in Banking / March 2017 published by the Boston Consulting Group https://www.bcg.com/en-gb/publications/2017/financial-institutions-growth-global-risk-2017-staying-course-banking.aspx
(2) Boston Consulting Group February 2017

Thursday, 1 June 2017

Five Considerations for Selecting a Consumer Authentication Vendor

In today's mobile-first world, consumer authentication is driven by the need of having a smooth user experience. Of course, it has to be secure and tick all of the boxes for privacy and regulation but when I talk with clients, both authentication vendors and service providers, they all say that the number one priority is having a great user experience (UX). If the authentication user experience fails then customers will simply walk away and go somewhere else or choose an alternative payment method.

I was recently asked to create a white paper for RSA and EyeVerify on key considerations for selecting a consumer authentication vendor. I identified five key considerations:

  1. Consumer choice
  2. Convenience
  3. Demonstrable fraud reduction
  4. Meeting a 'mobile first' strategy'
  5. Regulation compliance
These five considerations are powerful criteria for organizations when assessing authentication solutions and vendors.

Consumers must be given a choice of convenient, easy to use authentication services. The availability of a wide range of device-based authentication technologies including multiple biometric solutions supports this requirement. Convenience and consumer choice can also be combined in a well-designed consumer authentication solution. The combination of risk based authentication (RBA) and mobile biometric authentication services (MBAS) can meet this criteria. Risk based authentication can meet a good percentage of normal authentication scenarios and mobile biometrics can be applied to authentication scenarios that require further ‘proof’ of true identity; a combination of frictionless and friction-light authentication.

Service providers are increasingly pressured to support legacy service channels including physical (bank branch and retail store) and telephony at the same time as evolving their offering to work across a wide range of new technology, first web, now mobile and moving swiftly into the Internet of Things (IoT). When choosing an agile technology partner that can support multiple delivery channels, omnichannel support, an organization must ensure that they choose an authentication solution that can operate across a wide range of these channels. The mobile first strategy can allow organizations to design and deploy effective authentication services that meet this consideration.

Fraud is rising in all sectors. A consumer authentication vendor must be able to demonstrate fraud reduction as a result of deploying the chosen authentication solution – measurable and tangible fraud reduction benefits.

Around the world, regulatory powers are adapting existing regulation or introducing new ones to ensure that consumers are protected when using the latest digital services. A trusted technology partner must be able to demonstrate:
  1. It can help organizations address the latest federal and industry regulations; and
  2. It actively participates in influencing regulatory bodies to ensure that convenience and ease of use are not sacrificed at the expense of over rigid security requirements.

Getting the balance between security and convenience is an essential ingredient in supporting flexible digital service delivery.

To read the white paper in full, you can download it from the Goode Intelligence website here.

Thank you - Alan