Leveraging Identity for Security
Session
Wednesday, December 04, 2024 12:15—13:15
Location: Sirius
Wednesday, December 04, 2024 12:15—13:15
Location: Sirius
With the arrival of the EU Digital Identity Wallet, the users will be able to store and manage a lot of information and many relationships. This is of course very convenient for the users, but will also make this an attractive target for criminals. In the Nordics, we are already seeing a lot of attacks on users, tricking them into using their BankID, where the criminals will be able to transfer money. With AI, the attacks will be more sophisticated, and the use of deep-fakes to steal large amounts of money has already happened.
The presentation will show the danger of the AI attacks used to hack people, and how the existing technical protections (such as MFA) will not prevent these, as it is the users themselves doing the transactions. In addition, it will look at how we are currently doing fraud prevention in the financial industry, and why these mechanisms may be challenging with the wallet, due to restrictions in the eIDAS2 regulation.
Now the terms Wallets and Verifiable Credentials can be heard everywhere. Can and will they open a new world which drastically improves the cybersecurity posture of enterprises? Based on the updated eIDAS regulation – aka eIDAS 2.0 – and the resulting EU Digital Identity Wallet – EUDIW – we will dive into possibilities and merits, but also obstacles and possible pitfalls.
This presentation offers a real-world example of implementing a modern authentication journey for a multinational corporation with a legacy infrastructure and a user base of 90,000. We will explore the critical steps taken to transform the company's authentication system, focusing on three key areas:
- Identity Lifecycle Management: Establishing a foundation for clean, reliable data.
- Modern Authentication: Implementing a self-controlled Passkey enrollment system using open standards, while bridging legacy gaps through technical intermediary layers.
- Comprehensive Security: Addressing identity, authentication, and session handling to secure user interactions.
We will discuss the solution architecture, roadmap development, encountered pitfalls, and valuable lessons learned throughout the process. The presentation will conclude with an overview of the benefits realized from this authentication modernization effort. This case study provides practical insights for organizations facing similar challenges in updating their authentication systems within complex, legacy environments.
