Aviva Zacks of Safety Detective was privileged to interview Andre Boysen, Chief Identity Officer of SecureKey. She learned that Canadians enjoy banking safely, now that SecureKey is on the scene.
Safety Detective: Can you tell me bit about your background including how you got into cybersecurity?
Andre Boysen: My entire career has been in the fintech industry, working with financial institutions and innovation in service delivery. Around 2008, while I was working with the banks in Canada, a new urgency in solving the digital identity problems banks were facing inspired me to research and understand how to solve their problem in a better way. The challenge for banks is opening a bank account with a regulated process (AML/KYC) which typically requires a counter visit, but the bigger challenge for banks was detecting and thwarting fake driver’s license documents being used for financial frauds. I became interested in applying payment system technology, cards, and methods to consumer identity and access problems. We have three key examples of that at SecureKey today:
- the Concierge service which does federated SSO;
- the BC Services Card which uses EMV technology to improve government service delivery while also providing hooks for digital use cases across the economy; and
- Verified.Me, which is a full customer life cycle management service.
SD: What are the industries that your company serves?
AB: SecureKey works with trusted organizations to create nation-scale identity that enables consumers to easily and securely access new services while making it cost effective and trust worthy for business. The entire scheme is designed with world leading privacy engineering and a triple-blind privacy model. Consumers can link together trusted relationships they already have with banks, governments, and telecommunication companies to easily share and prove who they are at a new destination service. Service delivery organizations that require high integrity in registration information are ideally suited to the service. The service works across the service delivery channels (at the counter, online, call center, and mail integration) and offers complete customer life-cycle management—registration, regular transactions, and recovery of lost credentials.
SD: How can SecureKey help prevent cyberattacks?
AB: Our Concierge service has been active since 2012. It has had 100% up-time, and no security incidents. The service works so well because it is anchored in bank accounts Canadians use every day. Like governments, banks deliver services with a very high security standard. Unlike governments, Canadians access their banking services 17-20 times per month—they don’t usually forget their password, but the bank is always available to help reset a password when there is a problem and it is included as a benefit of the service..
SD: What are the current cyberthreats that companies should look out for?
AB: Password breaches continue to be a problem across the internet and across the globe. Users have too many credentials to manage to keep each password complex, unique, and updated regularly. As a consequence, many passwords are copied from site to site, which is a risk propagation. When site A gets hacked, sites B, C, and D also suffer from a breach from shared passwords. So even when these sites have amazing controls in place they are still subject to this type of attack.
SD: How do you see cybersecurity developing in the next 5 years?
AB: There are three parallel strands of evolution in cybersecurity for consumer identity and and access management (IAM). Strand 1 continues on with the password while making the rules harder. Strand 2 is attempting to innovate at the edges of the internet by adding so-called 2nd-factor authentication (special purpose doodads that are required to beef up the authentication). Strand 3 is about setting up trust infrastructure for the Internet similar to the credit card model—trusted issuers who enroll customers on one side and universal acceptance at all the destination services where consumers want to sign up for a new service. The double benefit in this third strand is that it easier for consumers with a lower attack surface while also making it more cost effective and more trustworthy for business.