As with risk and customer relationship management, identity authentication requires consistent vetting, storing, validating the use of, and trust. Multiple approaches by individual groups within an organization open the opportunity for fraudsters to exploit those inconsistencies.

Key to a best-practice approach is gaining consensus on how identities are going to be authenticated and handled consistently across all of the participants in a transaction. Assembling a consortium to develop and agree upon a set of policies and procedures is critical for interoperability. The resulting rule set governs the vetting to be performed prior to issuance of a certificate. Expanding this consortium to include global participants insures that identities are globally interoperable under uniform private contracts recognized around the world.

End-to-end tracking of activity is required for regulatory reporting in jurisdictions around the world. Doing this, while maintaining privacy, is critical. Equally important is that the operations supporting identity authentication and validation are consistently applied and are easily integrated with other trust-related products and services. In this way, financial institutions can extend their spectrum of compliance more rapidly. Lastly, the platform must be flexible to allow a selection of technology for integration with certificates (e.g., USB, soft certificate, encrypted USB drive) to be open.

PLOT at Work

The PLOT expands the strong authentication that is begun with the technology for access authentication. Based on the policies, procedures and legal framework agreed by the consortium that created IdenTrust, all member institutions will issue certificates consistently and handle their revocation and deletion under the same rules. Combining this with the integration of various access authentication technologies - key storage mechanisms and soft certificates, expands the spectrum of trust to incorporate the end to end flow of a transaction. The IdenTrust Trust infrastructure is based on a public key infrastructure (PKI). Thus, each participant in the flow is issued a public and private key pair. This is used in conjunction with an access authentication technology providing even stronger authentication.

For a hacker or fraudster to violate a four corner deployment model, one where multiple institutions are involved, he/she would have to obtain ten key pairs in addition to the PIN/Password for each of the parties to the transaction. In a three corner model, both the originator and receiver of a transaction use the same financial institution, but still need to validate their identities. Even within a two corner deployment model, where just one user is dealing with one financial institution, the hacker must obtain the user's pin/password, the user's public and private key, the bank's public/private key and the IdenTrust public/private keys. Mathematically, the probability of this is very low.

Reputational Risk is a multi-billion dollar problem closing down businesses and driving customers back to the branches.




Depending on the identity model deployed will require X number of key pairs in order for the transaction to be executed.
2 corner model requires 6 key pairs
3 corner model requires 8 key pairs
4 corner model requires 10 key pairs

Benefits