Video and Slides
Is Mobile Identity still an opportunity for telcos?
Jesus Cruz Manjavacas, VAS Development Expert at PLAY
- What indeed is Mobile Identity?
- Which are the security threats and benefits for users and service providers that Mobile Identity could bring?
- The talk will give you a different view about this topic, from a mobile operator perspective. I will show you some production use cases currently used in our Play Identity GW, ending up by talking about which are the main challenges telcos have to still try to succeed, and how to monetize it.
Its great Jesus is back to present after his excellent presentation last year on Programmable Telecoms inside a Telco.
In this presentation Jesus reviews: Mobile Identity, its Benefits, Play’s Identity GW, some interesting Use Cases, how telcos can Monetize, and the Challenges.
Mobile Identity is not new, Play’s gateway was implemented in 2014. TeleSign a first mover in identity verification was founded in 2005. Today there are lots of mobile identity focused companies such as Prove, TeleSign, TruID, Boku, etc. The potential convergence of mobile identity and cloud identity is a topic discussed in my Programmable Communications Review at TADSummit EMEA Americas 2021.
Mobile Identity is secure online authentication and authorization where the SIM card, and the phone number related to it, is the user ID. And implementing web-centric protocols such as OAuth2/OIDC (Open Authentication Version 2 / OpenID Connect) ensures its easy for developers. The GSMA’s Mobile Connect did not gain most developers’ interest as it was designed with telcos not developers in mind. The GSMA should use the W3C for its Web related specifications, in my opinion.
Play’s Mobile Identity Gateway has been available sinec 2014 and implements OAuth2 (https://oauth.net/2/), OpenID Connect (OIDC) (https://openid.net/connect/), and Mobile Connect (GSMA product, https://mobileconnect.io/), with some variations according to an agreement between all Polish MNOs.
Jesus runs through a broad set of use cases, and the sad demise of USSD, it could have done so much. Then focuses on the key question of how do telcos make money? Clearly there’s lots of opportunity given the rising demand for 2FA, as well as many established companies in identity verification.
- It could replace or increase current SMS A2P related revenue, enhancing security. – A2P continues to grow, but is depreciated by the US NIST (National Institute for Standards and Technology), presenting secure SMS is an opportunity for carriers.
- Seamless authentication (Number Verify) is a valuable asset for Service Providers
- Mobile Identity enhance services providing additional user’s attributes to Service Providers. Attributes like SIM swap and other network information as location, roaming status, etc.
- Additional user info like subscriber scoring related to financial services, fraud risk, etc.
- Partnerships with integrators could attract more Service Providers and generate more successful use cases.
Then on the challeneges Jesus identifies:
- UX: currently the higher security is provided the lower UX. LoA3 methods (PIN or biometric) require user onboarding, account life cycle and user consent handling.
- Agreement with governments to become an Identity Provider. Mobile ID would be enhanced with official user identity (name, surname, date birth, etc.).
- Regulations, directives and other acts. To be able to share attributes user explicit consent is needed. How to engage users to accept such consent?
- eSIM: new use cases and threats
- Integrators, yes or no? Build a common SDK by some integrator losing a piece of the cake?
- More chances to succeed if all MNOs in given country (or group) implement MobileID
- Is it too late? – here Jesus shows there is business but given the challenge a stronger commitment is required.
In my view, Mobile Identity is essential for telcos to implement to protect their customers. There is no choice. For many of the cloud and enterprise opportunities, I think span of control means telcos will struggle to package and sell mobile identity as competitively as the likes of Prove, TeleSign, TruID, Boku, and the many other cloud identity providers. Cooperation between telcos is never fast or easy, and tends to focus on telco standards that the rest of the world do not use. Partnering is going to be an essential part of a telcos’ Mobile Identity strategy.