The document discusses four hacks to mitigate breach risk under the GDPR. The first hack is to embrace the core tenants of GDPR such as privacy by design and data minimization. The second hack is to reduce risk with multi-factor authentication (MFA) by requiring multiple factors for authentication. The third hack is to improve the user experience of authentication with transparent authentication methods like device pairing. The fourth hack is to secure the entire customer journey.
8. AGENDA
4
WHAT TO KNOW ABOUT THE GDPR?
EMBRACE THE CORE TENANTS OF GDPR
HOW MFA REDUCES YOUR RISKS
9. AGENDA
4
WHAT TO KNOW ABOUT THE GDPR?
EMBRACE THE CORE TENANTS OF GDPR
HOW MFA REDUCES YOUR RISKS
ADDING SECURITY, NOT FRICTION
10. AGENDA
4
WHAT TO KNOW ABOUT THE GDPR?
EMBRACE THE CORE TENANTS OF GDPR
HOW MFA REDUCES YOUR RISKS
ADDING SECURITY, NOT FRICTION
SECURE THE WHOLE CUSTOMER JOURNEY
16. 6
General Data Protection Regulation
Unified, Pan-European legislation
Affects 500m people
What Is The GDPR?
17. 6
General Data Protection Regulation
Unified, Pan-European legislation
Affects 500m people
Applies to all who process EU subject data
What Is The GDPR?
19. 7
Rules for the processing of personal data
What’s in the GDPR?
20. 7
Rules for the processing of personal data
Rules for the free movement of personal data
What’s in the GDPR?
21. 7
Rules for the processing of personal data
Rules for the free movement of personal data
Protects fundamental personal rights & freedoms
What’s in the GDPR?
22. 7
Rules for the processing of personal data
Rules for the free movement of personal data
Protects fundamental personal rights & freedoms
Especially right to the protection of personal data
What’s in the GDPR?
24. Privacy by Design and Data Minimization
8
Top Five Operational Impacts
1
25. Enhanced Requirements around Consent for Processing
Privacy by Design and Data Minimization
8
Top Five Operational Impacts
1
2
26. Enhanced Requirements around Consent for Processing
Privacy by Design and Data Minimization
8
Top Five Operational Impacts
1
2
Data Security and Breach Reporting3
27. Enhanced Requirements around Consent for Processing
Privacy by Design and Data Minimization
8
Top Five Operational Impacts
1
2
Data Security and Breach Reporting3
Pseudonymization4
28. Enhanced Requirements around Consent for Processing
Privacy by Design and Data Minimization
8
Top Five Operational Impacts
1
2
Data Security and Breach Reporting3
Pseudonymization4
Consequences for Violation5
39. Personal Data Protection
Birthday: 19 B BY
Government ID: 733-5
Shoe Size: 38
User Profile
Name: Luke Skywalker
Email: luke@lars.com
Address: Lars Homestead
Phone: 849-1138
40. Personal Data Protection
Birthday: 19 B BY
Government ID: 733-5
Shoe Size: 38
User Profile
Name: Luke Skywalker
Email: luke@lars.com
Address: Lars Homestead
Phone: 849-1138
41. Personal Data Protection
Birthday: 19 B BY
Government ID: 733-5
Shoe Size: 38
✅ Data Minimization
User Profile
Name: Luke Skywalker
Email: luke@lars.com
Address: Lars Homestead
Phone: 849-1138
42. Personal Data Protection
User Profile
Name: Luke Skywalker
Email: luke@lars.com
Address: Lars Homestead
Phone: 849-1138
Tokenizer
45. User Profile
Name: Gpz5S9xb9V07X
Email: jx8RuyLyAh4bG9j8x
Address: HXsfgdACIyPYKL
Phone: y4eAnsxzXR3fhAR
Personal Data Protection
Tokenizer
User Profile
Name: Luke Skywalker
Email: luke@lars.com
Address: Lars Homestead
Phone: 849-1138
46. User Profile
Name: Gpz5S9xb9V07X
Email: jx8RuyLyAh4bG9j8x
Address: HXsfgdACIyPYKL
Phone: y4eAnsxzXR3fhAR
Personal Data Protection
Tokenizer
User Profile
Name: Luke Skywalker
Email: luke@lars.com
Address: Lars Homestead
Phone: 849-1138
✅ Pseudonymization
47. 🔒 Secure Data
Environment
User Profile
Name: Gpz5S9xb9V07X
Email: jx8RuyLyAh4bG9j8x
Address: HXsfgdACIyPYKL
Phone: y4eAnsxzXR3fhAR
Personal Data Protection
Tokenizer
User Profile
Name: Luke Skywalker
Email: luke@lars.com
Address: Lars Homestead
Phone: 849-1138
48. 🔒 Secure Data
Environment
User Profile
Name: Gpz5S9xb9V07X
Email: jx8RuyLyAh4bG9j8x
Address: HXsfgdACIyPYKL
Phone: y4eAnsxzXR3fhAR
Personal Data Protection
Tokenizer
User Profile
Name: Luke Skywalker
Email: luke@lars.com
Address: Lars Homestead
Phone: 849-1138
✅ Data Security
50. • 63% of confirmed breaches stemmed from
compromised credentials
2017 Verizon Data Breach Report
51. • 63% of confirmed breaches stemmed from
compromised credentials
• 81% of hacking-related breaches involved either
stolen or weak passwords
2017 Verizon Data Breach Report
63. MFA REQUIRES MULTIPLE “FACTORS”
Something you
HAVE
Something you
ARE
Something you
KNOW
64. MFA REQUIRES MULTIPLE “FACTORS”
Something you
HAVE
Something you
ARE
Something you
KNOW
65. MFA REQUIRES MULTIPLE “FACTORS”
Something you
HAVE
Something you
ARE
Something you
KNOW
66. MFA REQUIRES MULTIPLE “FACTORS”
B I G Q U E S T I O N : H OW TO M A K E M FA D E L I G H T F U L?
Something you
HAVE
Something you
ARE
Something you
KNOW
74. DEFINING MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E AU T H E N T I C AT I O N
Something you
KNOW
Something you
ARE
Identity
verified
75. DEFINING MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E AU T H E N T I C AT I O N
Something you
KNOW
Something you
ARE
Identity
verified
77. DEFINING MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E AU T H E N T I C AT I O N
Something you
KNOW
Something you
ARE
Something you
HAVE
78. DEFINING MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E AU T H E N T I C AT I O N
Something you
KNOW
Something you
ARE
Something you
HAVE
79. U N I F I E D , S I M P L I F I E D A N D P E R S O N A L I Z E D M FA F O R A N Y M O B I L E A P P
LAUNCHKEY
80. U N I F I E D , S I M P L I F I E D A N D P E R S O N A L I Z E D M FA F O R A N Y M O B I L E A P P
LAUNCHKEY
81. U N I F I E D , S I M P L I F I E D A N D P E R S O N A L I Z E D M FA F O R A N Y M O B I L E A P P
LAUNCHKEY
82. U N I F I E D , S I M P L I F I E D A N D P E R S O N A L I Z E D M FA F O R A N Y M O B I L E A P P
LAUNCHKEY
✅ Data
Minimization
99. Account-to-
Device Pairing &
Risk Evaluation
Persistent
Session
Token
Login
User
Access
Customer
Access
Login
How Challenge Deferment Works
D E V I C E - B A S E D AU T H E N T I C AT I O N F O R B E T T E R C U S TO M E R E X P E R I E N C E
100. Match Grant
Access
Account-to-
Device Pairing &
Risk Evaluation
Persistent
Session
Token
Login
User
Access
Customer
Access
Login
How Challenge Deferment Works
D E V I C E - B A S E D AU T H E N T I C AT I O N F O R B E T T E R C U S TO M E R E X P E R I E N C E
101. Match Grant
Access
Account-to-
Device Pairing &
Risk Evaluation
No Match
or
Risk Signals
• Rooted
• Jailbroken
• Anomalies
• Watchlist
• Tampering
• Emulator
Persistent
Session
Token
Login
User
Access
Customer
Access
Login
How Challenge Deferment Works
D E V I C E - B A S E D AU T H E N T I C AT I O N F O R B E T T E R C U S TO M E R E X P E R I E N C E
102. Match Grant
Access
Account-to-
Device Pairing &
Risk Evaluation
No Match
or
Risk Signals
• Rooted
• Jailbroken
• Anomalies
• Watchlist
• Tampering
• Emulator
Persistent
Session
Token
Login
User
Access
Customer
Access
Login
Step-Up
***
How Challenge Deferment Works
D E V I C E - B A S E D AU T H E N T I C AT I O N F O R B E T T E R C U S TO M E R E X P E R I E N C E
103. Match Grant
Access
Account-to-
Device Pairing &
Risk Evaluation
No Match
or
Risk Signals
• Rooted
• Jailbroken
• Anomalies
• Watchlist
• Tampering
• Emulator
Persistent
Session
Token
Login
User
Access
Customer
Access
Login
Device
Registration
SUCCESS
Step-Up
***
How Challenge Deferment Works
D E V I C E - B A S E D AU T H E N T I C AT I O N F O R B E T T E R C U S TO M E R E X P E R I E N C E
104. Match Grant
Access
Account-to-
Device Pairing &
Risk Evaluation
No Match
or
Risk Signals
• Rooted
• Jailbroken
• Anomalies
• Watchlist
• Tampering
• Emulator
Persistent
Session
Token
Login
User
Access
Customer
Access
Login
Device
Registration
SUCCESS
Step-Up
***
How Challenge Deferment Works
D E V I C E - B A S E D AU T H E N T I C AT I O N F O R B E T T E R C U S TO M E R E X P E R I E N C E
105. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXT
PAIRINGS
USER 1 ACCESS
106. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 1 ACCESS
PAIRINGS
107. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 1 ACCESS
+10
SCORE
PAIRINGS
108. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 1 ACCESS
Shopping
Resources
News
+10
SCORE
LOW RISK = Frictionless
Consumer Experience
PAIRINGS
109. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 2 ACCESS
PAIRINGS
110. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 2 ACCESS
0SCORE
PAIRINGS
111. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 2 ACCESS
USERNAME
&
PASSWORD
0SCORE
MEDIUM RISK= Moderate
Friction
PAIRINGS
112. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 3 ACCESS
PAIRINGS
113. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 3 ACCESS
-10SCORE
PAIRINGS
114. CLEARKEY
A N E N G I N E F O R C O N T E X T A N D R I S K
DEVICE ID
GEOLOCATION
DEVICE INTEGRITY
ADDITIONAL
DEVICE CONTEXTUSER 3 ACCESS
MFA
Challenge
-10SCORE
HIGH RISK=
Step-Up Authentication
PAIRINGS
145. Balancing
Compliance
and User
Experience
Privacy by Design
Data Minimization
Data Protection
High Identity
Assurance
Transparent
Authentication
Mobile Multifactor
Authentication
Pseudonymization
Change-Tolerant
Recognition
146. Balancing
Compliance
and User
Experience
Privacy by Design
Data Minimization
Data Protection
High Identity
Assurance
Transparent
Authentication
Mobile Multifactor
Authentication
Risk Insight
Pseudonymization
Change-Tolerant
Recognition
147. Balancing
Compliance
and User
Experience
Privacy by Design
Data Minimization
Data Protection
High Identity
Assurance
Transparent
Authentication
Mobile Multifactor
Authentication
Reputation
Risk Insight
Pseudonymization
Change-Tolerant
Recognition