Two-factor authentication in the real world

British telecoms giant BT is looking to use its customers’ data to improve security and provide two-factor authentication in the real-world.

Speaking at a conference in London which focused on the next steps for the commercial use of data, Helen Procter, BT’s Legal Director, Data, Digital and Security, said the company was looking to ‘partner with organisations to protect your digital ID, to make it safer as you go around your world and interact with your bank and with your mobile phone company’.

Anti-fraud

“For example, if I am on holiday in France and I go to my bank and I want to get some money out, it would be great if the bank there could check with my mobile provider to ensure not only it is my bank card at that ATM but my phone is there as well. There should be some anti-fraud checking to ensure it is me at that ATM in France, authorise that the transaction is good and permit me to withdraw the money.”

Such a move would be the next step in two-factor authentication systems – the same technology used by many security-conscious service providers, including Penta – which partners with two-factor authentication specialist Duo.

Verify

With most two-factor authentication systems, a code is sent to an email address or mobile phone number when a user requests sensitive information – such as a password reminder – however, the technology does not verify exactly who the person requesting the information is.

“Different sectors can help each other and really innovate in a way where yes, we are using customers’ location data and using it for fraud protection. I think that is a good thing. People do not need to consent to this and they would expect us to try and look at ways where we can help an awful lot more in the future,” Procter said.

Strategy

The focus on new digital technologies to help prove identities is an area of focus for many businesses and governments, too. In fact, the UK has highlighted how it intends to use smartphone, biometric and passport information together to build better systems to prove people’s identities. However, its development of biometric databases has proved to be both controversial and confused, with critics describing the development as lacking strategy.

And as with the use of any client information, be it biometric, passport or even simply mobile phone number data, Ms Procter said it must be well regulated, with the clients’ best interests put first.

Governance

“Like many businesses, we are the custodians of data. There are lots of digital possibilities for us but good governance is key for us and not forgetting that we live and breathe as a business on customer trust. And that is something we would never want to jeopardise,” she said.

Proving identity

 Why two-factor authentication matters
 Penta partners with 2FA specialist
 Penta blog 

 UK Government’s identity crisis
 UK using technology to prove citizens’ identities
 Open Access Government