Mobile operators back standardised device-based ID authentication

The 'Mobile Connect' tool, launched last year by global mobile operators' association the GSMA, is already offered by 17 operators in 13 countries including China, Malaysia, Nigeria and Egypt.

However, the GSMA has announced that Vodafone is to offer the technology to its customers in the UK, Germany and elsewhere in Europe. Deutsche Telekom will also support the Mobile Connect scheme in Germany and the identity tool will also be provided by Bouygues Telecom and Orange in France.

Users create a single identity through the Mobile Connect system which is then used as a means of authentication for access to online services, including banking, health and government services. It removes the need for consumers to remember and input personal login details each time they wish to access those services, GSMA said.

“Mobile Connect is designed to simplify consumers’ lives by offering a single, trusted, mobile phone-based authentication solution that addresses the vulnerability of online passwords, while also respecting online privacy,” Anne Bouverot, director general of GSMA, said. "The industry has made important progress in rolling out the service around the world, giving users control over their own data and enabling consumers, businesses and governments alike to interact and access online services in a convenient, private, and trusted environment."

GSMA chairman Fredrik Baksaas, chief executive of Telenor, discussed Mobile Connect in a speech at the Mobile World Congress in Barcelona earlier this week. He said that mobile industry would ensure Mobile Connect can integrate with services offered by service providers through "common and consistent interfaces", according to a statement by Telenor. However, Baksaas said it was up to the service providers to "offer seamless and convenient solutions to consumer", it said.

Technology and payments law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com, said banks and other payment service providers (PSPs) might be reluctant in the short term to adopt Mobile Connect or other "centralised solutions" on identity verification.

"It would be a risk based decision for a bank or PSP," McFadyen said. "They would ask themselves whether Mobile Connect could do what they do either better or at a lower net cost when balanced against possible increases in fraud levels. PSPs are responsible for the cost of fraud and unauthorised transactions and so always want to keep that level low."

"Take Barclays for example – it has gone to the length of putting in place the device-based PINsentry tool rather than relying only on security built into its apps. I suspect that in the short term we’ll see major PSPs sticking with their home grown solutions but in time there may well be a move to centralised solutions like Mobile Connect with challengers taking the lead. The question lies in – how much of a differentiator or competitive advantage is security?" he said.

The proposed new EU Payment Services Directive (PSD2) contains a significant stiffening of rules on payment service user authentication, with the purpose of ensuring that PSPs can be confident that the people using their services are who they say they are.