User present is the key concept in how Tietoevry Banking verifies a user's digital identity during a high-risk transaction to prevent fraud and significant financial losses.
Annaniassen has been working with digital identity for many years. Both the guest and host of the podcast episode agree that passwords are a thing of the past. Now, we need to know that the person conducting a transaction is indeed who they claim to be, in real-time.
“By having a method to verify that the user is actually present, we know who is authenticating and that it happens in real-time,” says Annaniassen.
The method relies on an official ID document like a passport or ID card. Both the signature and photo are validated during onboarding, and the photo is uploaded and stored.
“This is a photo we trust because it is usually taken in a controlled environment at a police station or an embassy,” Annaniassen explains.
For verification during a high-risk transaction, such as transferring large sums of money, the user takes a photo of themselves from their device – and the photos are compared in real-time. Biometric templates calculate several biometric features to achieve a facial match to ensure that the person in front of the camera is the ID document’s owner.
The biometric features ensure that what’s in front of the camera is a living person who is not wearing a mask, not a doll, or a sculpture.
“This is what we call user present, where we know that the person at the other end is the genuine user and that authentication occurs in real-time,” says Annaniassen.
For low-risk transactions, device present is sufficient. The user can authenticate themselves using the device’s built-in fingerprint or facial recognition.
“If all transactions required verified user present, it would create unintended friction between the customer and the bank,” says John Erik Setsaas.
He adds that most people expect more friction when dealing with larger amounts and higher risks.
“At an airport, going through security adds a bit of friction to your journey, but at the same time, we know that if I can board the plane without my hand luggage and myself being checked, so could a terrorist with a bomb.”
In the episode, they also discuss what happened to the "good old" password, and the real differences between verification by user present and device present.
Video is blocked
With over 25 years’ experience in digital identity, John Erik Setsaas is a pioneer in this space. He has deep knowledge in the areas of digital onboarding, authentication, electronic signatures and seals, time stamping and digital identity wallet.
He is a prolific speaker at fintech industry events around the world.
Bjørn Annaniassen is Lead Business Developer in Financial Crime Prevention at Tietoevry Banking. He has 20 years experience in international sales and business development, whereof the last decade has been dedicated to the digital identity space through various roles in China, Sweden and Norway. In his current role, he is balancing technical, legal and commercial aspects to deliver flexible, scalable and futureproof identity services.