Digital identity for telecoms

Digital identity frameworks can make a huge impact on telecoms, reducing fraud, costs, and friction.

The invention of the telephone is generally credited to Edinburgh-born Alexander Graham Bell, who, in August of 1876, made history when staff at the Dominion Telegraph Company in Brantford, Ontario clearly heard cheerful voices and singing coming through a hastily improvised wire that went all the way to the Bell Homestead, where a party was being held.

Though some controversy remains to this day about whether or not Bell misappropriated such credit from electrical engineer Elisha Gray, who had also been working on developing a remote voice communication device for the past two years, several courts ultimately upheld Bell’s patent claim, which was filed on March 7, 1876. (Gray did not contend this, as he accepted that his prototype and Bell’s invention differed in some fundamental ways.)

From those early days, the industry grew exponentially. Today, the telecoms industry is vast in scope and financial worth. (The telephone is, in fact, the most profitable invention in US history.)

Globally, there are around 7.7bn active broadband subscriptions (a massive rise from just 3.3bn less than five years ago). Then there are the mobile telephony networks, cable television, satellite fleets, and so on. Overall, the telecommunication services industry is a trillion-dollar market.

The downside of this high-stakes environment is that this industry has become a prime target for fraudulent activity. According to Cifas, the UK’s leading fraud prevention agency, telecoms fraud accounted for over half of the almost 365,000 cases reported in 2019. The true figure is probably far higher. Worldwide, telecoms operators took a $29bn hit due to fraud in 2018, according to a recent global study.

Malicious actors set their sights on this industry for three main reasons: The sheer amount of money involved, the potential returns of selling stolen data, and the relative centralization of the datasets. These three factors are the key vulnerabilities of what’s otherwise a hugely important industry. To counter these issues, there are several security initiatives in place, including growing reliance on Short Message Service (SMS) and two-factor authentication methods for increased protection, but these, while certainly a step in the right direction, remain vulnerable to well-organized hacks. SMS can fall prey to ‘smishing’ attacks, for instance, where fraudsters mimic text messages that appear to originate from its legitimate source to trick customers into entering banking details in an illegitimate website or other resource. And 2FA is weak for two reasons: One, low uptake by customers and users, and two, its relatively cumbersome nature (2FA often involves relying on a third-party authenticator to generate a unique code that needs to be entered after the username/password combination.) In 2018 for example, communications company Vovox was targeted in a 2FA-related hack. So it is fair to say that fraudsters constantly research the market and adapt their techniques along with new technologies and security trends.

Generally speaking, the telecommunications industry is targeted in three different ways: Identity fraud, account takeovers, and payment fraud. Account takeovers and payment fraud are beyond the scope of this piece, which focuses on identity-related issues, and how the industry can leverage blockchain technology and digital identity platforms to address and mitigate these problems.

Mobile network operators as prime vectors for the advancement of digital identity

Digital fraud is a pernicious, ongoing problem. Identity-related fraud can take many forms: subscription fraud, internal fraud, social engineering, and others. Identity fraud can have a very significant impact on all parties involved. On the mobile network operators (MNOs), definitely, but also other service providers such as banking institutions, device manufacturers, and others. So there is a clear use case for the integration of a digital identity solution to ensure that the system is inherently trustworthy.

Due to the ubiquity of mobile connectivity in the modern world, MNOs are in a unique position to support and advance the adoption and promotion of digital identity solutions. An estimated 8bn devices are connected to mobile networks today, and this figure is forecast to rise to 8.8bn by 2025, according to The Mobile Economy 2020, GSMA Intelligence. And every single of those devices is linked to an account, which in turn is linked to an individual, a company, or organization. In other words, every account is linked to an identity.

MNOs hold data for all these accounts: names, addresses, phone numbers, etc. And some of the largest providers have close ties with local governments, educational institutions, commercial enterprises, etc. through corporate deals, offers, and so on. (The largest 30 MNOs in the world have over 6bn subscribers combined). These established (and often international) relationships create a situation where the onus is on these agencies to positively and unequivocally identify the individual or organization behind those accounts.

Besides customer information, MNOs have access to vast amounts of real-time data pertaining to individual devices and networks (device location, roaming status, billing cycles, etc.), so an intelligent, digital identity framework can greatly enhance fraud detection, including suspicious or criminal behaviour.

Several major players have already understood the crucial role that identity plays in their services, and have gone on to implement measures to enable users to use the same set of credentials to access different, related services. The single sign-on (SSO) authentication framework, for example, is one such measure.

Decentralized identity: The value and benefits for telecoms

Mobile connectivity solutions, while incredibly useful, do have their limitations:

  • Mobile networks tend to be closed systems tightly controlled by operators, which means that the systems cannot onboard other identity issuers or leverage existing KYC processes.

  • Users do not have full ownership of their identity or data. No auditability exists for users to know who has access to their data.

  • It is very difficult for mobile operators and vendors around the world to cooperate due to complex contract structures.

The root causes of these issues can be traced to centralized and federated identity environments.

In centralized frameworks, identity is fragmented across several enterprises, which hold full control of users’ data. This intrinsic centralization of user datasets represents a ‘honeypot’ for cyber attacks.

Federated environments on the other hand keep user information fragmented across several enterprises (which also control this data), and just like centralized frameworks, these environments remain vulnerable to large-scale hacks.

Decentralised identity supersedes both these frameworks and offers clear value to telecoms by achieving the following:

  • Identity is portable across enterprises

  • User information is stored in an user’s wallet or secure cloud

  • The user remains in control of their own data

  • The very trait of decentralization disincentivizes malicious attacks due to their futility

In such a decentralized environment, the telecoms industry can further benefit from:

Seamless access to digital services

Blockchain-based solutions streamline the user experience by simplifying the sign-up and sign-in processes. Users just need to prove their identity once with a trusted third party. Then they can reuse it to access public and private sector services.

Enhanced security

Users are more secure because they aren’t managing passwords. Businesses are more secure because they no longer control honeypots of descriptive PII (personally identifiable information).

Cost savings

Costs may be reduced for customer onboarding, data management and security, and lifecycle management.

Built-in privacy

Decentralized identity systems are private by design, giving users full control of how their identity is shared. These systems also simplify account setup and access at all participating providers, eliminating the need for login ID and passwords.

New opportunities

Digital identity will open opportunities for new products and new business models.

Reduced risk of fraud

Identity fraud is reduced because there are no login IDs and passwords to steal and reuse.

Portable authentication

Digital identity is intrinsically linked with the concepts of authentication and portability. Mobile devices ushered in a new era of authentication-on-the-go. More and more people use their mobile phones to pay for goods, present boarding cards or tickets at airports, train stations, etc., display e-tickets for theme parks, and many other functions. These solutions were made possible because mobile devices are affordable, ubiquitous, and more importantly, portable.

In each and every one of the scenarios listed above (and any other where an individual uses a mobile device for authentication purposes), a person is making an identity claim, which is implicitly accepted by the third party (airlines, turnstyle staff, hotel receptionists, etc.), who trusts that the person presenting that boarding pass or QR code representing a theme park package is who they claim to be. Often, the individual is asked to produce some form of additional, physical identification (passport, national identity card, driver licence, etc.) to back up the claim, and so the third party can substantiate it, and allow the individual to pass through the boarding gate, enter the park, or checked into the hotel.

A government-sponsored initiative to provide every citizen with a portable digital identity would remove much of the friction incurred when requesting or accessing services. And within the context of MNOs, digital identity frameworks can address the issue of identity fraud.

Blockchain as a key to opening up new markets for telecoms: Mobile banking

Decentralized ledger technology (DLT), or blockchain, has disrupted a long list of industries and business models so far, and it’s likely to continue to do so for a long time to come.

The telecoms industry relies heavily on data exchange, which calls for security, integrity, and reliability to keep the network functioning and viable. And at the center of this network and data exchange are the users themselves. MNOs serve millions of people every day, providing connectivity and enabling businesses to thrive the world over, and the implementation of blockchain solutions can not only simplify these operations, but also open up new markets and avenues for telecoms providers.

Mobile banking is among the fastest growing sub-sectors within the finance industry. Statistics predict that by 2024, more than 3.6bn people will use online and mobile banking facilities. Gone are the days where customers were forced to endure long queues at their nearest branch, and most people would agree that moving away from brick-and-mortar banks is a good thing.

But this transformation did not happen overnight. It has taken about a couple of decades for technology to be advanced and resilient enough to facilitate the creation of a mobile banking infrastructure where customers can manage their finances through a smartphone. Blockchain is now part of this innovative trend thanks to decentralized identity and payment management solutions, which can link biometrics, and other identification methods, to a unique identifier associated with an individual. Biometrics (fingerprints, iris scanning, voice recognition, etc.) are virtually impossible to replicate or ‘fake,’ so using such a solution would drive fraudulent activity when opening bank accounts or managing payments to almost zero.

Atala PRISM brings trusted identities for improved network security, seamless data management, and banking opportunities for new markets

Atala PRISM is a scalable, cost-efficient, decentralized identity platform that offers ready-made solutions for telecom providers. Atala PRISM leverages blockchain technology to reduce fraud through built-in privacy and enhanced security. Combined with seamless access to both public and private services, the solution cuts costs related to customer onboarding, data management and security, and lifecycle management. This opens up opportunities for new products and business models.

The telecoms industry could benefit from Atala PRISM’s personal data and controlled access to third parties services, and enable one-click online registration and SSO login experience. This solution would also allow users to own and selectively share their personally identifiable information (PII) and verifiable credentials. The end-user mobile app transforms into a “personal data vault” with built-in control of how third parties can access the data.

How can users take advantage of this “personal data vault”? They can receive their digital identity and data, store it in multiple places, and search through it. They can securely share their digital ID and data with one or more entities, or revoke access to it if necessary.

Atala PRISM has partnered with World Mobile Chain (WMC) to enable open finance in Tanzania first and then across Africa.

To learn more about Atala PRISM and discover the opportunity decentralized identity can offer your telecom business, contact us at business.development@iohk.io.