SlideShare a Scribd company logo
1 of 18
Download to read offline
© FIDO Alliance 2024 Confidential
© FIDO Alliance 2024 Confidential
1
FIDO Alliance
Paris Seminar 2024
ABANCA - Jose Manuel Valiño - CIO
Digital Identity is under attack
Spain is among the top 20 countries most affected by phishing attacks via
popular messaging apps such as Telegram and WhatsApp.
El top 5 de los vectores de ataque son, enlaces en correo electrónico/SMS,
domain spoofing, PDF adjunto, suplantación de marca y landing page para
obtención de credenciales, más populares como Telegram y WhatsApp..
“In 20 minutes I was robbed of €11,000": the
wave of scams that is forcing the
government to get its act together.
A PROBLEM FOR BANKS, MOBILE OPERATORS...
Technology
The rise of phishing in calls and messages has become a plague in Spain. The ministry is
asking operators, banks and security forces for ideas and mechanisms to stop it.
The top 5 attack vectors are email/SMS links, domain and
voice spoofing, PDF attachments, brand spoofing and
landing pages for credentials.
In this years fighting the fraud, several initiatives
have been launched.
Though 2FA strategies are been implemented using mainly SMS and phone calls, these are
still based on outdated protocols, being not strong enough and delegating some of the
responsibility to the final user.
Collaboration measures
Internal scope measures
• Deployment of 2FA strategies: SMS OTP
• Anti fraud tools
• Anti SIM swapping procedures
• SMS Protection Registry by MEF (Mobile Ecosystem Forum) tries to reduce impact of fraud
avoiding SMS fraud vectors, Direct Spoofing, through use of ‘Protected SID’ lists (avoiding no
legitime origins) and Impersonation, through use of ‘Denied SID’ list (ABNCA, AABNCA…)
• UK Registry launched in 2019, Ireland Registry launched in 2021 and Spain Registry launched
in 2022
It has not been enough….
The alliance against the evil empire...
Using the passkey standard, ABANCA keys provide the highest level of protection. It is impossible to
guess or reuse them, so they protect your private information from attackers.
Biometric data, such as fingerprint or facial recognition, is stored on the customer's mobile device
and is never shared with third parties including ABANCA.
New identity verification service based on the FIDO passkeys standard. Launched after years of research
by major players to prevent identity theft attacks.
It is easy to use, for the first time a security element has been designed with UX by design as a priority.
The access keys use the customer's locking system (such as fingerprint, face, or PIN to verify identity at
ABANCA, it works both as a password substitute (Passwordless) and/or as an MFA mechanism.
What is ABANCA Key?
Seamless User Experience
ABANCA Key Architecture
Core BM
Webauthn
Llave ABANCA
abanca.com
BD
Sistemas antifraude
In house development as core strategy
• Alignment with market standards
• Fault tolerant
• Low latency
• High availability
• Cloud Ready ABANCA
Comparing ABANCA implementation with FIDO UX Guidelines
ABANCA has successfully met all 10 UX guidelines set forth by the FIDO Alliance.
ABANCA Key users
100.000
Users with advanced protection
82.000
82%
3
Average usage per user
ABANCA Key roadmap and some data…
AUGUST 23 DECEMBER 23 JANUARY 24 FEBRUARY 24 MAY 24
Design and development of ABANCA Key Tests and improvements General roll out
Times
No technical or service incidents in customer roll out,CES (Customer Effort Score)
rating of 4.7
Problems to be solved
Are passkeys compatible with European privacy and data protection
regulations such as GDPR?
Android fragmentation has some compliance problems with the passkey
standard due to multiple flavours and customisations.
Are passkeys compatible with PSD2 and with the future PSD3?
© FIDO Alliance 2024 Confidential
© FIDO Alliance 2024 Confidential
18
Thank you

More Related Content

Similar to Digital Identity is Under Attack: FIDO Paris Seminar.pptx

Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009wegdam
 
Jack Wolosewicz, CYBERUS LABS
Jack Wolosewicz, CYBERUS LABSJack Wolosewicz, CYBERUS LABS
Jack Wolosewicz, CYBERUS LABSAMETIC
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech applicationnimbleappgenie
 
Micro Technologies India ltd
Micro Technologies India ltdMicro Technologies India ltd
Micro Technologies India ltdNehul Gupta
 
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - SymantecCybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - SymantecRapidSSLOnline.com
 
2008 Trends
2008 Trends2008 Trends
2008 TrendsTBledsoe
 
DWS16 - Connected Things Forum - IoT Frédéric De Mont-Serrat, Matooma
DWS16 - Connected Things Forum - IoT Frédéric De Mont-Serrat, MatoomaDWS16 - Connected Things Forum - IoT Frédéric De Mont-Serrat, Matooma
DWS16 - Connected Things Forum - IoT Frédéric De Mont-Serrat, MatoomaIDATE DigiWorld
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-defQafis
 
Netas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyNetas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyCagdas Tanriover
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
IBM Sametime and Facetime
IBM Sametime and FacetimeIBM Sametime and Facetime
IBM Sametime and FacetimeChris Sparshott
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020Ulf Mattsson
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationFIDO Alliance
 
The Future of Digital IAM
The Future of Digital IAMThe Future of Digital IAM
The Future of Digital IAMWSO2
 
2014 march falcon business fraud classification model (3attendees)
2014 march falcon business fraud classification model (3attendees)2014 march falcon business fraud classification model (3attendees)
2014 march falcon business fraud classification model (3attendees)jcsobreira
 
Bio Lock Exec 110329
Bio Lock Exec 110329Bio Lock Exec 110329
Bio Lock Exec 110329Martin Lum
 
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Money 2Conf
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35Felipe Prado
 

Similar to Digital Identity is Under Attack: FIDO Paris Seminar.pptx (20)

Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009
 
Jack Wolosewicz, CYBERUS LABS
Jack Wolosewicz, CYBERUS LABSJack Wolosewicz, CYBERUS LABS
Jack Wolosewicz, CYBERUS LABS
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
Micro Technologies India ltd
Micro Technologies India ltdMicro Technologies India ltd
Micro Technologies India ltd
 
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - SymantecCybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
 
2008 Trends
2008 Trends2008 Trends
2008 Trends
 
DWS16 - Connected Things Forum - IoT Frédéric De Mont-Serrat, Matooma
DWS16 - Connected Things Forum - IoT Frédéric De Mont-Serrat, MatoomaDWS16 - Connected Things Forum - IoT Frédéric De Mont-Serrat, Matooma
DWS16 - Connected Things Forum - IoT Frédéric De Mont-Serrat, Matooma
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-def
 
Netas Nova Cyber Security Product Family
Netas Nova Cyber Security Product FamilyNetas Nova Cyber Security Product Family
Netas Nova Cyber Security Product Family
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
 
IBM Sametime and Facetime
IBM Sametime and FacetimeIBM Sametime and Facetime
IBM Sametime and Facetime
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
What I Learned at RSAC 2020
What I Learned at RSAC 2020What I Learned at RSAC 2020
What I Learned at RSAC 2020
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric Authentication
 
The Future of Digital IAM
The Future of Digital IAMThe Future of Digital IAM
The Future of Digital IAM
 
2014 march falcon business fraud classification model (3attendees)
2014 march falcon business fraud classification model (3attendees)2014 march falcon business fraud classification model (3attendees)
2014 march falcon business fraud classification model (3attendees)
 
Bio Lock Exec 110329
Bio Lock Exec 110329Bio Lock Exec 110329
Bio Lock Exec 110329
 
Loqr
LoqrLoqr
Loqr
 
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
Top Cybersecurity Trends In 2022 - What Does The Future Hold For Anti-Scam & ...
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
 

More from LoriGlavin3

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptx
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptxFIDO Securty Key UX Guidelines Webinar Sept 2022.pptx
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptxLoriGlavin3
 

More from LoriGlavin3 (9)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptx
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptxFIDO Securty Key UX Guidelines Webinar Sept 2022.pptx
FIDO Securty Key UX Guidelines Webinar Sept 2022.pptx
 

Recently uploaded

Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideStefan Dietze
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 

Recently uploaded (20)

Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 

Digital Identity is Under Attack: FIDO Paris Seminar.pptx

  • 1. © FIDO Alliance 2024 Confidential © FIDO Alliance 2024 Confidential 1 FIDO Alliance Paris Seminar 2024 ABANCA - Jose Manuel Valiño - CIO
  • 2. Digital Identity is under attack Spain is among the top 20 countries most affected by phishing attacks via popular messaging apps such as Telegram and WhatsApp. El top 5 de los vectores de ataque son, enlaces en correo electrónico/SMS, domain spoofing, PDF adjunto, suplantación de marca y landing page para obtención de credenciales, más populares como Telegram y WhatsApp..
  • 3. “In 20 minutes I was robbed of €11,000": the wave of scams that is forcing the government to get its act together. A PROBLEM FOR BANKS, MOBILE OPERATORS... Technology The rise of phishing in calls and messages has become a plague in Spain. The ministry is asking operators, banks and security forces for ideas and mechanisms to stop it.
  • 4. The top 5 attack vectors are email/SMS links, domain and voice spoofing, PDF attachments, brand spoofing and landing pages for credentials.
  • 5. In this years fighting the fraud, several initiatives have been launched. Though 2FA strategies are been implemented using mainly SMS and phone calls, these are still based on outdated protocols, being not strong enough and delegating some of the responsibility to the final user. Collaboration measures Internal scope measures • Deployment of 2FA strategies: SMS OTP • Anti fraud tools • Anti SIM swapping procedures • SMS Protection Registry by MEF (Mobile Ecosystem Forum) tries to reduce impact of fraud avoiding SMS fraud vectors, Direct Spoofing, through use of ‘Protected SID’ lists (avoiding no legitime origins) and Impersonation, through use of ‘Denied SID’ list (ABNCA, AABNCA…) • UK Registry launched in 2019, Ireland Registry launched in 2021 and Spain Registry launched in 2022
  • 6. It has not been enough….
  • 7. The alliance against the evil empire...
  • 8. Using the passkey standard, ABANCA keys provide the highest level of protection. It is impossible to guess or reuse them, so they protect your private information from attackers. Biometric data, such as fingerprint or facial recognition, is stored on the customer's mobile device and is never shared with third parties including ABANCA. New identity verification service based on the FIDO passkeys standard. Launched after years of research by major players to prevent identity theft attacks. It is easy to use, for the first time a security element has been designed with UX by design as a priority. The access keys use the customer's locking system (such as fingerprint, face, or PIN to verify identity at ABANCA, it works both as a password substitute (Passwordless) and/or as an MFA mechanism. What is ABANCA Key?
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. ABANCA Key Architecture Core BM Webauthn Llave ABANCA abanca.com BD Sistemas antifraude In house development as core strategy • Alignment with market standards • Fault tolerant • Low latency • High availability • Cloud Ready ABANCA
  • 15. Comparing ABANCA implementation with FIDO UX Guidelines ABANCA has successfully met all 10 UX guidelines set forth by the FIDO Alliance.
  • 16. ABANCA Key users 100.000 Users with advanced protection 82.000 82% 3 Average usage per user ABANCA Key roadmap and some data… AUGUST 23 DECEMBER 23 JANUARY 24 FEBRUARY 24 MAY 24 Design and development of ABANCA Key Tests and improvements General roll out Times No technical or service incidents in customer roll out,CES (Customer Effort Score) rating of 4.7
  • 17. Problems to be solved Are passkeys compatible with European privacy and data protection regulations such as GDPR? Android fragmentation has some compliance problems with the passkey standard due to multiple flavours and customisations. Are passkeys compatible with PSD2 and with the future PSD3?
  • 18. © FIDO Alliance 2024 Confidential © FIDO Alliance 2024 Confidential 18 Thank you