Mobile Connect enables convenient and secure authentication and identity verification for online services through mobile networks. It uses factors such as something the user has (their mobile phone and SIM card) and something they know (PIN or pattern) for multi-factor authentication without separate hardware tokens. Over 2.5 billion users globally can access the service, which supports a range of identity services including authentication, authorization, attribute sharing, and fraud prevention. Mobile network operators are well-positioned to provide these services due to their experience managing networks and user identity securely and privately.

1. Vertical Solutions &
Mobile Identity
David Andrzejek
VP Vertical Solutions, Apigee

2. ©2015 Apigee Corp. All Rights Reserved.
Not all your APIs have equal
business impact
2

3. ©2015 Apigee Corp. All Rights Reserved. 3
Accelerate your adoption of
high business impact APIs

4. High business impact APIs
4
Unlock the
most
critical
data
Deliver
high value
use cases
Drive
ecosystem
adoption

5. Apigee API Accelerators
5
Open Banking
Identity
Health

6. Banking and Mobile
Identity
Improving fraud detection & multi-factor
authentication
David Pollington
GSMA

7. Secure Authentication & Identification
services delivered by the Mobile Network
Operators
David Pollington, GSMA @ the Open Banking & PSD2
Summit, London, 19th May 2016

8. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
About the GSMA
The GSMA represents the interests of
mobile operators worldwide
Spanning more than 220 countries, the
GSMA unites nearly 800 of the world’s
mobile operators, as well as more than 230
companies in the broader mobile
ecosystem.

9. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Online privacy and security is the biggest threat to
sustainable digital growth
Personal Data – Mobile Connect9
The Challenge
Digital services rely on username + password or
social login to identify users
However
• Hard to remember for users
• Security and personal data breaches
• Difficult to prove identity digitally
Leads to abandoned log-ins and shopping carts
and online fraud

10. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Hardware tokens tip the balance too far
1. Costly to deploy
2. Inconvenient for the user
• Poor user experience (copying
the code across from the token)
• Necessity of carrying a different
token per service
Personal Data – Mobile Connect10

11. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Getting the balance right between convenience vs security
is of paramount importance
Personal Data – Mobile Connect11
Convenience
Security

12. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Solution: Authenticators intrinsic to the
mobile phone & network
Personal Data – Mobile Connect12
Something I
Know
Something I
Have
Something I Have
+
Something I Know
Something I Have
+
Something I Am
or
or
Locally-verified
+
Adaptive
authentication
Something I Have
+
Something I Know
+
Something I Am

13. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Mobile Connect: convenient alternative to passwords and
protects consumers’ privacy
Personal Data – Mobile Connect13
The key which unlocks
access to online services
• Authentication and Identity from a Regulated
Industry with strong KYC and privacy rules
• Backed by verified customer data
• Decades of experience in the secure
management of their networks and their
subscribers’ information
• Convenient and in your customer’s pocket

14. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
The global growth of Mobile Connect
Personal Data – Mobile Connect14
Apr May Jun Jul Sep Oct Nov Dec Jan Feb MarAug
42m
Australia
70m
Bangladesh
85m
Spain
178m
Peru Turkey
Argentina
Mexico
622m
Indonesia
Spain
China
France
Italy
2Billion
Malaysia
Bangladesh
Indonesia
Myanmar
Switzerland
Thailand
Philippines
Finland
China
Morocco
Egypt
Mexico
Pakistan
2.5Billion
Thailand
India
Sri Lanka
26m
Mobile Connect has grown at an exceptionally
rapid pace, and is available today to more than
2.5bn mobile users

15. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Mobile Connect enables Operators to support a
portfolio of services
Personal Data – Mobile Connect15
Mobile Connect
Authenticate
(LoA2)
Higher security
authentication
(LoA3)
Authorisation Identity Attributes
Authentication: authentication of an individual
Authorisation: authorisation of an action
Identity: verification of customer identity
Attributes: provision of customer information
Provides a solution
for PSD2
requirements
around Strong
Authentication
Mobile Connect
Identity & Attribute
products support
KYC validation
and mitigate fraud

16. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Mitigating account takeover attacks
Problem statement:
• Verify that a user request to their bank to
update MSISDN details is genuine
Solution:
• API call from Bank to Mobile Operator to verify
a number of customer details
• Operator can also provide contextual
information for Bank to use in spotting
fraudulent behaviour
Personal Data – Mobile Connect16

17. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.Personal Data – Mobile Connect17
Mitigating account takeover attacks
Contextual information for use in spotting fraudulent
behaviour
Set of signals that can be used by a Bank to catch a
multitude of fraud attack vectors thereby mitigating
against bank account takeover attacks
• Stolen/lost phone
• SIM swap
• Device change
• Unconditional call divert set
• Account activity

18. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Mobile network operators are ideal partners to provide
flexible, secure authentication & identity services
Personal Data – Mobile Connect18
• Regulated Industry: Mobile Operators adhere
to strong KYC and privacy rules
• Possess verified customer data
• Decades of experience in the secure
management of their networks and their
subscribers’ information

19. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
API documentation & sandbox:
https://developer.mobileconnect.io
Personal Data – Mobile Connect19

20. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA
If you would like more information, please contact
GSMA via mobileconnect@gsma.com
GSMA London Office
T +44 (0) 20 7356 0600
www.gsma.com/personaldata
Follow the GSMA on Twitter: @GSMA
Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.

21. Copyright © 2016 GSMA. The Mobile Connect logo is a trade mark registered and owned by the GSMA.
Decoupled architecture; consistency towards SP (single
API); utilisation of open standards (OpenID Connect)
Personal Data – Mobile Connect21
MNO
Tablet/desktop
Service access request
Service Provider
Authentication
request
Identity GW
SIM applet protocol (CPAS8)
AuthN
server
SIM
applet
Consistent
user
experience
Consistent SP
experience
SIM
applet
Smartphone
app
SMS+URL USSD
Builds on Web standard OAuth 2.0
ETSI TS 102 204

22. Thank You