Oh,
I'm here today with a simple proposition that mobile means more than mobile connectivity. I'd like to explore with you the power of mobile enablers, and when we apply this concept to identity and identity, of course we will have mobile wallets, but there's much more that can be achieved if we really leverage these mobile enablers. So I'm ML vk. I lead identity and data at the G sma and at the conference I've realized that for many people the GSMA is an unknown quantity. We come from the world of, of mobile operators and telecoms.
We are the global association supporting mobile operators and the ecosystem, the wider mobile industry. And we are born to corporation and up whole standards and making the probability happen between the early providers of GSM services. So essentially we focused on making your phone work across borders in the early nineties, and then we moved on from there.
We grew from there, but very much remain about unifying the whole connectivity ecosystem.
And in this context, my role is to connect and support the mobile ecosystem in their efforts to, to contribute with their enablers, to, to address some of the digital identity issues that all sorts of businesses, businesses face. So of course mobile means mobile connectivity. We all know it we'll experience it. 85% of people in Europe are using mobile internets and start find really interesting is how quickly mobile is becoming the central platform currently for the consumption of, of digital services. So 60% of of web served on mobile last year and it grew by 9%.
It's still growing fairly quickly.
We all know that we, we all experience it. Nothing new here, but mobile means much more than that. What mobile does is it bridges physical and digital worlds. The physical device that we've got in our pockets, the networks that connect these devices to, to our digital lives.
They, they anchor these lives in the real human beings that we are and our identity. That's very f at the start. It's born in the physical world. Even if we then add a lot of digital attributes to it, we can thanks to that bridge, establish it and trust it in the digital space. So that's what I want to explore with you in a little bit more detail.
The mobile enablers that complement mobile connectivity, I think there's quite a few to cover. The first category is all the data that's in the network that comes from the connectivity ex experience.
So as we use the networks, woman networks, a lot of data is generated. The networks also have to authenticate us for us to be able to use the connectivity services. All of this data and these authentication mechanisms can help third parties, relying parties to check that a user is legitimate, that it can trust this user. And for the user. This can be done much more securely and easily than maybe other available mechanics at the disposal.
The second area is lifecycle management That's associated to a mobile num number.
Mobile network operators have a number of processes that they use to make sure that my mobile number is managed throughout its lifetime carefully. So when I first get a mobile number, I get a new SIM card and a mobile number, that connection is established. And then later on I may get a new device. I may get a new sim card for a different format for a different handset. I may also decide that I want to change operator. I may lose my phone, I may I have it stolen. All of these events will happen and I may decide when I change my operator, I wanna keep my mobile number.
All of that needs to be managed. And at some point I may decide I don't want to use my mobile number anymore.
Again, that needs to be managed carefully because there's a number, there's a limited amount of numbers available in any country.
And so these numbers would get reused and we to be very careful that obviously as they get reused, as they still associated to the correct user. So all these events are very well known and very carefully managed by Beit operator. And the third category I've represented here is the distribution network.
It's not specific to mobile operators, but they're obviously one of the large brands in, in the countries where they, where they operate, they may use obviously a lot of channels, but in terms of retail presence in particular, they're one of the very common high street names. In some countries, operators may have a thousand of stores. And this presence is particularly important when we look at how we can help users to adopt these digital identities.
And, and, and that bring the link again between physical and digital. I think it's also to some extent can be applied to the distribution network that's in place.
Moving on to a bit more detail again, to about this intelligence and authentication from the networks. So in the last few years, mobile network operators have have made a lot of progress in this area. And they're increasingly offering mobile identity APIs to businesses to deliver the next generation of authentication for detection and fraud prevention. These APIs are represented here.
The availability of two of the more common APIs that are available. One is account takeover protection or the availability of Sims web data. Second one is number verify and I'll come onto this one in a bit more detail in a minute. The Sims web data is a common risk factor that's consumed by many, many banks in particular many financial services. W want to check with a mobile operator whether the sim has been swapped as a risk factor that may influence the, the, the security posture when, when a certain suspicious transaction is detected.
What's interesting is that these APIs are now available in all major markets and the availability often extend extends to modern one. If not the majority are all of the mobile network operators in the market.
In terms of, I will give you a bit more detail about number verify.
The, the question behind number verify was what if you could improve the user experience and the security compared to the authentication done via SMS one 10 password. This is the user experience. We all very familiar with codes here. A colleague at Vodafone, we took the screenshots. This is what happens when I try to log into, in this case a holiday rental up. I start by entering my mobile number, wait for a code to arrive. I'm not anything here and then I'm through. The only thing is obviously as a user, this is a fairly lengthy process. Takes quite quite a little bit of time.
I have to potentially leave the app. So it's not ideal from the service provider perspective cause they might lose me in the process and that code can be shared, can be fetched, can be obviously creates a risk from a fraud perspective.
There's no denying that. Obviously SMS one password has improved security generally by, you know, adding that, that universally understood universally available security factor. And that's why it's growing still really, really fast. But we believe that there's some improvements that can be made. So this is where number verify comes in.
The starting point is the same. So for the user, there's no no education that's needed. I enter my mobile number the way I do it today, but then well then I'm through within a a a couple of seconds I'm logged in. What happens behind the scene is that the holiday rental app service will request an authentication from to be done by the mobile network.
This authentication happens in exactly the same way that your phone every day has to connect to the network and proves that it's got the right to to, to use the network. Thanks to the keys that are in the sim card.
This altercation is now exposed for the third party service to use via api. The response comes really quickly and within a a couple of seconds the users logged in.
In fact, in terms of implementation, sometimes it's a little bit, it could be confusing for users when they're not used to it. So we've noticed that some banks, when they implement that, the other screen in between that just has a little circle and that says, we are verifying your number. This it's pure ux, nothing's happening. But because otherwise users are a bit think that there's no security happening.
So especially for services where there's a certain expectation of security that the user exp the design is important, but it's very seamless for the users and the security is, is greatly improved. There's no code to be fetched in particular.
So that's, that's what sort of enables that we are looking at when we talk about exposing mobile intelligence and authentication through APIs. And then there's more, we are obviously following really closely what's happening in, in Europe with urban identity here.
I took an extract from a website from the potential consortium, which I thought was quite interesting. One of the use case that they're gonna be testing is the sim re ear registration. And this raises a few interesting points that I think we'll be able to test for in real with, with ID wallets.
How we do, how we do these things in, in the new world, we will encounter the lifecycle events we were talking about at the start. So when we register for a new sim card, more often than not we are trying to keep our mobile number. So the portability question is going to happen.
And often for this to be done at the same time, it is easily and securely, it's important to have that secure number verification happening. So between the old, the old owner, the owner of the old sim card and the new sim card, we use that secure number verification.
So a mechanic like the one we've just seen could apply really well to this sort of use case. But it could also have relevance for other relaying parties, not just when talking about the migration between mobile operators, but also for other relaying parties because a large majority of of business businesses rely on the mobile number for authentication and, and to reach their users. And so they, the the, the availability of this as a securely verified number is really valuable to them.
So if we can see how it interacts with the wallet and how we have that secure verified number associated to the wallet, we may be able to help with the migration of users from old ways to new ways, et cetera, and, and make that all easy, seamless and, and secure. Some of the concepts are summarized here.
We can see all of this through the lens of looking at a mobile number. It's a very easy to use identifier. It's one that we tend to remember, it's associated to real person.
And in tomorrow's world it could be issued as a verifiable credential that then can be used by all sorts of relying parties. But below the, the tip of the ice bags, the mobile number is what we all know. But below it there's all these other things that make it strong, secure. There's this fully managed life cycle. There's these processes in the networks, there's these, the security of the sim card, the signals that flow through the mobile network that can make it robust. And I'm really scratching the surface here.
There's also data protection mechanics to make sure that we're protecting the, the user. They may use this as a death failure, but they may not want to be spammed.
So there are certain mechanics in place to make sure that we manage their, their privacy and data protection have not mentioned it earlier in great detail. But this is a consideration that flows through all of the, the things we've talked about. All this data, this intelligence that we've got from the networks obviously is generated for the primary purpose of enabling connectivity.
So when it starts to be applied to other use cases and identity verification for detection, as good as we think it is for the, the good of the users, the good of businesses, we need to do it with careful consideration and control so that the APIs allow that control. But there's a lot of consideration to do with data protection in the design of these APIs to manage this carefully.
So I'll, I'll close with a suggestion to carry on the exchange. What, when I came here I didn't realize, but I've really felt over the last few days the don need to have more of a bridge between our communities. A lot of people said to me, what's the gsma? And I've really absorbed a lot of identity knowledge being here. I was talking with you yorgen earlier about this, but reversely, I think there's probably a lot of interesting things happening in our world that may be relevant to the identity community.
We run a GSM identity and data community where we focus on mobile industry solutions for third parties that that may use this mobile enablers to solve identity issues of relying parties. And I hope we can carry on the discussion here or there. Thank you.
Thank you so much. This is really revealing. We never think about mobile providers. We're all identity people and we all the time use the device and device binding and one time passwords and okay, SMS is deprecated, but we never had people like you. I don't remember at least you are the only one. So not the last.
It's very good to have you here, although it's at the end of the day, very insightful. So you're representing a world that should be coming closer to us, I think. But I have one question. I had no questions from the room. My question to you would be, what's in it for a mobile operator to go into this tedious, difficult identity space apart from their own relying party role? Because yeah, you get a lot of work, you get to maintain stuff, you're, you can get into trouble also.
Why, why are those they so open for working together in this space? What's the incentive? Think
It's interesting to look at the angle. The propositions that are live in the market are mostly focused on fighting fraud, helping with identity verification, solving identity theft. At the end of the day, the user of the bank who's victim of an identity theft is also the subscriber of the operator. So we think there's a, there's a nice reason to collaborate in this area because it's, it's our users we're trying to defend. So we are helping secure that digital life make them easier.
So
You've been really nice actually.
No, but there's obviously there's a business opportunity in doing this. It's valuable to the banks, but it's also I think a strategic positioning for the operators that they've got these enablers that ultimately should help get people online more easily. Yeah. And it's playing that role. I think it's a, and it's the more generic trend that goes beyond identity, I would say, of operators looking at being enablers towards the digital world of tomorrow, whatever shape they take. Yeah.
So.
Well, very good. Thank you so much, Elaine vk.
Thank you.
