Consumers are increasingly tired of usernames and passwords. As the variety of online purchases made by the average person has increased, so has the number of different login details they must remember, and as a result the convenience of the format has been greatly diminished. This has a deleterious effect on commerce: 86% of users report abandoning a purchase when asked to register with a website. Usernames and passwords are also an increasingly insecure way of verifying digital identity. With hackers now highly adept at cracking even sophisticated passwords, around 63% of online security breaches can be attributed to compromised passwords; Michael Chertoff, former head of Homeland Security in the US has described passwords as “the weakest link in cybersecurity today”. As cases of identity theft in the US have now risen to their highest-ever level, it is little wonder that 86% of users express concern over security in online purchases, with 87% saying they would prefer one single means of logging in.
It is therefore excellent news that mobile network operators are increasingly moving into the digital identity market. We are now seeing collaborations around the world between operators and their partners to eliminate the need to remember multiple insecure usernames and passwords, by using instead a device now carried as standard by anyone making such a purchase: their mobile phone. The market is undoubtedly there – research published this month indicates that 76% of mobile users are interested in using a single sign-on service from their mobile network operator – and operators are uniquely-placed to provide such services. Those who have rolled out such solutions already have seen excellent returns on their investment. SKT for instance, announced that their identity solution has been adopted by 99% of Korean websites, generating a $40 Million annual revenue opportunity for operators.
Deployment is therefore understandably picking up momentum elsewhere. Operators in Belgium, working in tandem Belgium’s major banks, have launched their application ‘itsme’. A 5-digit code is entered for each transaction – codes which are not stored in a database – which itsme verifies while also checking the handset and SIM being used are those of the registered user. The Big Four operators in the United States are working with the GSMA’s Mobile Connect programme on their Mobile Authentication Taskforce, which among other tools will use behavioural and location data to determine whether users are who they claim to be. Collaboration between operators and major private sector partners in Germany will soon make operator-led verification available to a wide range of consumers in the automotive, finance, IT, aviation, media, telecommunications and insurance sectors. Verimi – an amalgam of the words ‘verify’ and ‘me’ – will enable mobile users to access this broad range of services by using a single login or ‘master key’, without the need to enter separate details for each participating business. Significantly, users will soon also be able to access public bodies and services using Verimi, as Europe’s largest economy becomes its first major state to follow Estonia in facilitating e-government on a wide scale.
The implications therefore go beyond financial transactions and online purchases – use cases are now expected to include a wide array of public sector deployments as well. As we look ahead to implementation of the eIDAS Regulation in September 2018, we can expect a rise in the use of operator-led solutions in cross-border public as well as private-sector services: users will increasingly be able to access services as various as university enrolment, access to medical records, and filing of tax returns across borders using their smart phone. We at the GSMA therefore anticipate that operators will next turn their attention to ensuring interoperability between what are for now largely national identity solutions. As borders become ever-more digitally porous to transactions of ever-more various types, operators must use their unique position to facilitate the efficiency and security of those transactions. More than $4 billion per year in new revenues is forecast to be generated by 2020 for those providing authentication, authorisation and identity services via eIDAS. The market incentive to meet this challenge is clear, and operators are plainly now well underway in meeting it.