May 21, 2020
Creating and Managing Trusted Identities in a Chaotic Online World
We live in a time when the majority of internet traffic originates from mobile devices. According to Statista, mobile searches account for approximately half of all web traffic worldwide. In fact, at the end of 2019, that number was up to 53% from smartphones alone. But as our mobile dependency continues to grow, so do the problems, ranging from annoying robocalls to potentially harmful identity theft via account takeover.
Trust Problems vs. Identity Problems
These types of problems can cause people financial harm and disrupt their day-to-day lives. This is a trust problem because it erodes people’s trust in their devices as well as in the networks that provide service to those devices. In addition to trust problems, users must also deal with a myriad of usernames, passwords, PINs, passcodes, security questions, etc., when presenting themselves for identification and authentication on apps and websites. This can lead to what I call identity problems.
The advent of biometrics (including Touch ID and Face ID) has reduced this pain point to some degree. However, biometric adoption has not yet reached a point where it is available for every online authentication and authorization—especially across multiple industry sectors and use cases. The challenge of having to remember multiple credentials remains—not to mention going through the agony of recovering passwords and having to prove your identity time and time again. Thus, both trust and identity problems remain.
Introducing a Frictionless Trust and Identity Solution
ZenKey, a joint venture from the three major U.S. wireless carriers (AT&T, T-Mobile and Verizon), recognizes trust and identity problems as two sides of the same coin. We seek to offer the best answer to both problems in a single solution. We accomplish this by building upon the tremendous amount of resources that wireless carriers have already spent in trying to mitigate trust and identity issues through increased network and device security measures. We also believe that both problems can be effectively addressed in a way that doesn’t introduce more friction for mobile users. Through a robust identity solution, ZenKey seeks to become the leader in fraud reduction—namely in making fraud attacks more difficult to pull off. Here’s why we believe we will succeed.
Our Unique Position to Offer Trust and Identity Solutions
Already covering most U.S. mobile subscribers—in addition to being the first and only wireless carrier-based solution—ZenKey is in the best position to address trust and identity challenges head-on. Whether mobile users are banking, shopping, gaming or streaming (basically making online transactions of any kind), these experiences all manifest on the networks of the ZenKey member carriers: AT&T, T-Mobile and Verizon. This allows us to identify users with the ease and accuracy of making a phone call or sending a text message. And when mobile users are connected to Wi-Fi instead of using the network, the ZenKey app can still access their device’s SIM to verify the user’s identity.
Our Ability to Create Inimitable Identity Profiles
Between a user’s profile, mobile usage, online behavior and billing history—plus optional biometric authentication—ZenKey uses diverse, rich and verifiable data with personal and behavioral information. This is data that no other company or industry can access and is gathered with the permission of our users. We use elements of this information to construct a highly secure, reliable and robust identity profile for each mobile user. When someone signs in to their favorite app or website using Zenkey, our ZenKey app presents their unique identity profile, verifying that they are who they say they are, thereby unlocking trust between the user and the Service Provider.
Our Plan for Service Provider Integration
Service providers are the app and website publishers who will adopt ZenKey and integrate it into their platforms, and they are critical for the safer online world that ZenKey envisions. The types of industries that will adopt ZenKey to authenticate and confirm their customers include shopping, banking, travel and healthcare. We believe that once mobile users start using ZenKey with one service provider, they will want to use it with as many service providers as possible.
Our Distinctive Defense Against Fraud and Cybercrime
Once ZenKey is established as a standard for signing in to apps and websites, each user’s unique identity profile will create a high barrier for cybercriminals attempting SIM swap fraud and account takeover. I will go into greater detail on what SIM swap fraud is and how ZenKey prevents it next month (which I will link here), but in a nutshell, it’s when a cybercriminal poses as their victim and uses social engineering to convince the victim’s network customer care representative to reassign the victim’s phone number to a new SIM card that is held by the fraudster. The fraudster then uses that SIM in a new device to reset the victim’s passwords and access high-value accounts.
But, because ZenKey needs to be installed on a device to work—and requires at least two recovery methods per account—a SIM swap fraudster would first need to know to install ZenKey on the new device, then reestablish the victim’s ZenKey identity and, finally, use it to sign in to the victim’s account (and that becomes even harder with our biometric option). But even if they accomplished all of these tasks, thanks to the recovery methods that the victim has already set up with ZenKey, the fraudster would have a difficult time succeeding. So, both the Service Providers and the customer benefit from using ZenKey as a replacement for the traditional, more hackable username and password.
Our Trust Services Go Above and Beyond
While the above scenario is a perfect example of how ZenKey natively deters SIM swap fraud—and how we begin to address the trust problem that I mentioned earlier—the issue at hand is far greater. To fully solve the trust problem, ZenKey will eventually offer a suite of Application Programming Interfaces (APIs) and Event Alerts that we call ZenKey Trust Services. These APIs and Event Alerts will allow ZenKey-integrated service providers to subscribe to and receive automatic, real-time alerts relating to their end users.
Our Commitment to High Privacy Standards
Innovation in identity protection requires more than just technology—to do right by ZenKey users, we must maintain high privacy standards. User privacy is thus foundational, both in the app and with our Trust Services. The ZenKey user provides explicit consent for the use of their wireless carrier data for ZenKey Identity Services and Trust Services alike. Further, when a ZenKey user signs in to a Service Provider’s app or website for the first time, they are presented with a list of personal attributes that are being requested for sharing by the service provider. At this point, the user can select or deselect certain attributes if they choose to do so. It’s important to note that the ZenKey app is signed and maintained by the wireless carrier that the user subscribes to. ZenKey does not have access to any end user profile information that resides within the ZenKey app or that is shared with the Service Provider.
Perhaps most critical of all is that the timing is right. ZenKey was born out of the three largest wireless carriers in the U.S., and we truly believe that a wireless-carrier-backed identity and fraud solution is just what the market needs today. We understand that this is a huge responsibility, and we take it very seriously. We thank Service Providers and the industry in advance for embracing ZenKey and for giving us a chance to help solve these long-standing and complex issues. Through mass adoption of ZenKey, we can contribute to a more secure and reliable online world.
The Road Ahead
Finally, I would be remiss if I didn’t mention the coronavirus pandemic that has hit the U.S. and the world. Since the pandemic started, we have seen a drastic increase in e-commerce—quarantine has caused most consumer purchases to shift online. Unfortunately, with the increase in e-commerce, fraud is on the rise as well. Fraudsters are using the surge in online activity to target unsuspecting consumers and merchants. As a nation, we are also seeing increases in scams seeking personal information under the pretext of providing pandemic stimulus checks. ZenKey can offer strong protection against predatory online behavior if mobile users, apps and websites choose ZenKey to help protect themselves. But most of all, we believe close collaboration with a few select service providers across different industries will help us continue to refine and update ZenKey, making it the solution of choice for both Service Providers and end users. Please contact us for more information if you are interested in joining our fight against fraud. Thank you for your time, and I welcome any questions, comments and feedback. Please visit myzenkey.com for the latest updates, announcements and events.
ABOUT THE AUTHOR
Shailendra Dhamankar is a 14-year U.S. Wireless Industry Veteran who started with T-Mobile USA. He has been working for ZenKey as a Product Lead for Trust Services since its formation. Prior to joining ZenKey, Shailendra launched and product-managed a series of data-driven businesses for T-Mobile, one of which was in the area of fraud prevention where T-Mobile data was made available with user consent for purposes of fraud prevention.