Nowadays, more and more people complete their daily tasks online. Consequently, with the world going digital at such a fast pace, it becomes challenging to manage online identities.
Cybercriminals have managed to develop sophisticated techniques to successfully impersonate both people and companies. So, it’s evident that there’s a strong need for effective identity verification solutions, such as biometrics, to help prevent online fraud.
Tell us about your story. What did the development of IDEMIA look like?
IDEMIA came about from bringing together two companies (OT/Morpho), each with their own corporate cultures that fit together perfectly and then turned into the world market leader spanning all identity technologies. This merger gave us a critical mass that matters in our market, the wherewithal to invest and deal with some customers and partners, and the clout to act on our value chain.
Today, I would describe IDEMIA as a European company with a global reach and multicultural roots. Our people come from 80 different countries and speak 32 different languages. Staff multicultural diversity is one of our biggest strengths, that’s why we’re constantly on the lookout for talent in France and abroad.
Today we have nearly 15,000 employees working to unlock the world and make it a safer place based on state-of-the-art identity technologies.
In over 180 countries, hundreds of governments and thousands of companies, including some of the world’s most illustrious and famous brands, trust us to take care of their critical tasks. Backed by our technologies, our customers can supply ID documents, and check and analyze identities thereby accelerating and securing access controls, connectivity, ID document use, payments, public security, and travel. Our technologies meet their needs across the board and give them watertight security.
Can you introduce us to what you do? What are your main fields of focus at the moment?
I am currently vice president at IDEMIA, responsible for the cryptocurrency and blockchain business. This means that I am working to make IDEMIA an even more forward-looking company than it is today, especially via Web 3 technologies.
At IDEMIA, we sincerely believe in the complementarity of the physical and digital worlds, and we know that financial services are above all based on trust. As bank and FinTech customers, but also public transport users, increasingly benefit from digital services and mobile payment solutions, they want to be assured that their data remains protected.
By combining tokenization and blockchain-related techniques with identity verification and authentication technologies, we offer financial service providers a comprehensive approach to protecting all payment methods and ensuring that all customer journeys are reliable, fast, and convenient, from the physical to the digital world.
What technology do you use to ensure secure and frictionless identity verification?
Two examples come to mind to answer your question. The first is our BChain card, our hardware crypto wallet. It allows you to securely store and transfer your cryptocurrencies. BChain solves a common problem with other physical wallets – the complexity, requiring the user to enter a PIN code on a two-key pad or to locate information on a tiny screen.
BChain is a mobile-first solution: you simply need to tap your BChain card on the back of your smartphone to authorize a transaction. The solution is highly secure thanks to the use of a government-grade certified secure chip. In addition, BChain features a fingerprint reader embedded in the card. So, if you lose it, nobody else can use it. And of course, your biometric information will never leave the card to protect your privacy.
Thanks to IDEMIA's global footprint, we can ensure that the product can be ramped up for mass deployment. This is a ready solution for over 100 million coming cryptocurrency users.
The second is our F.CODE card. Its use is similar to the BChain card, but this time for traditional payment, such as credit or debit. F.CODE adopts an easy-to-use biometric authentication procedure, which makes traditional transactions faster and more secure, as the cardholder no longer needs to enter a PIN code or sign. This solution takes advantage of biometric technologies and ensures security by storing all biometric data in the card chip and not in a remote database. In the same way that biometric sensors on smartphones allow unlocking by the touch of a finger, a biometric sensor on the F.CODE card allows payment authentication using the fingerprint sensor on the card surface.
How did the recent global events affect your field of work? Have you noticed any new security issues arise as a result?
Financial institutions are currently undergoing an unprecedented transformation and are looking for multi-channel strategies to enrich their relationship with their customers. This transformation is caused by a multitude of reasons. It is a very interesting environment, where many new players compete.
Regarding cryptocurrencies, Bitcoin started everything and imposed its authority on the market. It was nowhere and everywhere at the same time and it redefined our vision of sovereignty. The private sector took quite a long time to propose a coherent response. They decided to oppose Bitcoin with stablecoins – a set of digital cryptocurrencies pegged to real-world currencies. It was very new to see important corporate actors from the private sector competing in a sovereign role with states in issuing money.
Overall, the digital sphere is quickly developing through a lot of other innovative concepts. The expansion of the metaverse, for example, implies that we will be soon able to spend our tokens in a parallel digital world. This new aspect will also be very challenging for regulators.
At IDEMIA we support all these innovations. Thanks to our payment and banking technologies, banks, FinTechs, payment networks, merchants, and transport operators can modernize their services and offer their customers secure and innovative journeys. We want to accompany the market and the regulation, and there is a lot to do in this sector.
Why do you think some companies fail to acknowledge the risks they are exposed to?
Cryptocurrencies and blockchain are revolutions, as the Internet once was years ago. Therefore, understanding the stakes and the innovation brought by these technologies can be a very difficult task, mainly because very few people have extended knowledge on the topic.
Indeed, most companies are used to working with intermediaries, like banks or sovereign states. Cryptocurrencies aim to bypass these intermediaries, on which all our habits are based. Companies will then need to adapt efficiently to address this new environment.
I believe that there is a real educational task to be done on this subject so that the entire private sector can update itself and adapt to this revolution. This is what we are trying to do with our clients so that they can take the measure of the matter and consider it a major subject.
What are the most common ways threat actors use in an attempt to bypass various access control measures?
Of course, the cryptocurrency industry is a huge transformation, but this success has also attracted fraudsters. Some have mounted cyber-attacks against companies storing Bitcoins, like the famous Kucoin hack in 2020. Others have themselves created companies before leaving with the funds deposited by their clients, such as the $2.2 billion stolen by the managers of Africrypt or the $2 billion stolen by Thodex.
For these reasons, many users prefer to keep control of their cryptocurrencies, storing their private cryptographic keys themselves. It's often even said that if you don't own the keys, you don't own the coins. But storing the keys yourself creates another risk of having them stolen. We know that a computer or a smartphone is vulnerable to many attacks. We work to tackle these issues efficiently so that cyberattacks do not prevent the development of new ways of considering everyday payment.
In this age of ever-evolving technology, what do you think are the key security measures and practices everyone should adopt?
In taking steps to secure and frame the cryptocurrency sector, the priority must be to respect the original philosophy of Web3 – decentralization, traceability, and protection of personal data – while bringing unique expertise in security. The aim is not to distort the DNA of the Web3 sector and the characteristics that make it disruptive.
There is an interesting debate going on around regulation everywhere in the world. In Europe, the recent updates on the Market in Crypto Assets (MiCA) and the Transfer of Funds Regulation (TFR) have shown a growing disconnect between the regulator and the industry.
MiCa insists on the dramatic growth of the sector which has once reached over $3 trillion in capitalization and fears that cryptos could be used by Russia to evade sanctions. TFR on the other hand thinks that crypto assets are all about freedom, should not be regulated at all, and that too much regulation will decimate the European crypto industry.
However, there is no doubt a compromise can be found. Regulation is needed for the sector to be healthy, but it should be progressive and adapted to the youth of the industry, to its potential.
The current risks are still limited: the liquidity depth of the markets does not allow, for example, massive sanction evasion. This is why in Europe, like elsewhere, we should be ready to support a responsible innovation with adequate regulation.
What do you think the future of access control is going to look like? Do you think the use of biometric technology is going to become commonplace?
Today, biometrics is the only way to ensure that you are who you claim you are. No one else in the world can have the same fingerprints, the same iris, the same face shape as yours, even your twin. That's why biometrics has become more and more important in our daily lives. For example, our faces can help us avoid passwords and codes to unlock our phones. This represents real progress, and this phone example shows how much this technology can spread easily and quickly.
Regarding the payment sector, biometrics seems to be the next logical evolution, by bringing ease and safety to users. This is why we think that the use of biometrics can be widely spread in the coming years.
Also, there is a growing demand from governmental actors for solutions that cover a wide range of uses. That includes traditional issues such as border control, public safety, protection of sensitive sites, and forensic investigations, as well as new security issues such as antisocial behavior, or law enforcement mobility.
Share with us, what’s next for IDEMIA?
To get ready for tomorrow’s world, we have to make sure that all involved parties are properly equipped to verify people’s identities as transparently, securely, and reliably as possible, throughout their lives.