Page created by Harry Curry


FOREWORD                                                                                            4

1.0 MOBILE IDENTITY                                                                                 6

2.0 FINANCIALLY MOBILISED OMNIPRESENT CONSUMERS                                                     27
   2.1 The ‘Omnipresent’ Mobile Consumer                                                            27
   2.2 The Confluence of Identity, Privacy and Security – this is now one conversation, not three   30
   2.3 “Identity of Things”, “Privacy”, “Internet of Trust”                                         32

3.0 MOBILE IDENTITY RESEARCH                                                                        34
   3.1 Methodology                                                                                  34
   3.2 Financial Services Executive Study                                                           35
		     3.2.1 Drivers of Existing Identity Systems and Processes                                     35
		     3.2.2 Changes to Investments in Identity Systems and Processes                               36
		     3.2.3 Institution Identity Strategies and Responsibilities                                   36
		     3.2.4 Trust and Third-Party Identity Providers                                               38
   3.3 Mobile Identity Consumer Study                                                               39
		     3.3.1 Authentication Method Descriptions                                                     39
   3.4 Federated Identity                                                                           40
   3.5 Second Factor Authentication                                                                 41
   3.6 Mobile Digital Signature                                                                     43
   3.7 Incremental Appeal of Authentication Methods                                                 44

    FINANCIAL SERVICES INSTITUTION                                                                  46
   4.1 Identity Technology Key Developments and Roadmap                                             46
   4.2 Authentication in a Interconnected Financial Services World                                  49
   4.3 Federated Identity in a Interconnected Financial Services World                              54
   4.4 Mobile Digital Signature in an Interconnected Financial Services World                       56
   4.5 Mobile ID = Mobile Number + Device + Behaviour                                               58
   4.6 Mobile Threat Defence                                                                        60
   4.7 Secure Omni-Present Intelligent Identity                                                     62

5.0 CONCLUSIONS                                                                                     65

6.0 ABOUT THE AUTHOR                                                                                66

7.0 ACKNOWLEDGEMENTS                                                                                67

8.0 NOTES & REFERENCES                                                                              68


               Welcome                      This report is a look into generational
                                            change – particularly as it affects Gen
               It’s my pleasure to          X and Y, who together make up half of
               present the tenth in         the global population2. Their adoption
                                            of mobile digital technology will both
               my series of financial       expose institutions to risk and create
               services industry thought    opportunity. My central argument
                                            is that mobile digital technologies
               leadership reports:          have changed how these generations
               Mobile Identity –            prefer to be identified. The trust
               The Fusion of Financial      paradigm has shifted from having to
                                            prove who we are, to being recognised
               Services, Mobility           for who we are. Both our identities
               and Identity. For this       and our consumption of financial
               report, we developed         services are now inextricably fused
                                            with our mobile device, which is why
               some unique research         mobile identity is a critical issue and
               methodologies that           why this research is so timely.
               allowed us to discover       In just seven years, since the advent
               some fascinating new         of the smartphone, these devices
                                            have become the primary means
               information about how        for consumers to access financial
               financial institutions can   services. This inflection point has
               unlock the trust needed      forever changed the industry. We are
                                            now transitioning to an ‘omnipresent’
               to digitally engage the      customer engagement model,
               ‘no-finapp-phobic’1          characterised by expectations
               Gen X and Ys.                of predictive, personalised and
                                            presence-based financial application
                                            experiences that are part of the
                                            fabric of our increasingly
                                            interconnected lives.

                                            But just as the mobile device
                                            has become our gateway to the
                                            financial services world, it has also
                                            become the source of new risks for
                                            both individuals and institutions.
                                            Cybercrime has become the domain
                                            of industrial-strength perpetrators
                                            who are often highly organised,
                                            highly skilled, abundantly resourced
                                            and keen to exploit any points of
                                            weakness in the internet and the
                                            devices and systems connected to
                                            it. This seismic shift in the nature of
                                            cybercrime requires us to reimagine
                                            identity and its role in securing our
                                            personal lives, our information,
                                            our institutions and the services
                                            they offer.

In my last report ‘Analyse This, Predict   Lastly, we present a vision for secure,
That – how institutions compete and        intelligent omnipresent identity
win on analytics’, I emphasised that       in the interconnected financial
data analytics brings new risks to         services world. Here, we both explain
financial institutions, particularly       some world-leading technological
around the appropriate use of              developments, including those that
personal information. Critically,          Telstra has directly invested into, and
I argued that a new customer               discuss the role that next-generation
engagement model is required – one         identity, access management and
that ensures that analytics enhances       security technologies can play in
value, whilst also reinforcing the         helping your institution map out its
trust that consumers place in their        trust journey.
financial institutions. Since then,
growing numbers of major security          We show that mobile identity is a
breaches have been reported –              fundamental enabler for innovation,
unfortunately, the insufficient            and – just as importantly – that
protection and monitoring of               mobile identity is critical to the trust
customers’ personal information has        relationships that will unlock access
been behind many of these.                 to many wonderful new experiences
                                           that will be created as mobile
This study across seven countries          financial services continue to evolve.
within the Asia Pacific region, Europe
and America explores our changing          The insights presented in this report
attitudes towards the identity of          were only made possible by the
individuals and mobile devices. We         generous participation of industry
begin by introducing a ‘Generational       and research partners, to whom I am
Acquisition/Digital Engagement             sincerely grateful.
Matrix’ that illustrates how an            We welcome the opportunity to
institution’s future growth prospects      provide you and your management
can be determined by its ability to        team with an in-depth briefing
firstly acquire and then digitally         on what these insights mean to
engage Gen X and Y, and the wallets        your institution. At the back of this
they control. Against this strategic       document, we’ve provided a list of
backdrop, we then consider the             contact numbers. Please also visit
technological impact of mobility and
identity. We then present the results      for further information.
of research into financial services
executives and consumer attitudes
towards a range of identity topics
                                           Rocky Scopelliti
and interactions that can be enabled
by mobile devices, and analyse             Global Industry Executive – Banking,
the impact these would have on             Finance & Insurance
consumers’ relationships with their
financial services institutions.           Telstra Global Enterprise Services

1.0 M
         obile Identity
              Key Insights

    The financial services industry          within five years, digital sales may     and the US) on the topics of identity
    is moving from an age of digital         account for 40 per cent or more4 of      and security. What we learned is that
    disruption to one of digital survival.   new inflow revenue to institutions in    for the financial services industry to
    For example, in markets such as          the most progressive geographies         transition into this new mobile digital
    the US, Accenture predicts that          and customer segments. (This is          era, significant developments in the
    full-service banks could lose            predicted to be highest in Europe,       trust paradigm are required to attract
    approximately 35 per cent of their       reaching 50 per cent by 2018.) The       and engage Gen X and Y and provide
    market share by 2020 to “Pure            battle is about relevance – digital      them with the security they desire.
    Plays” – whether online or mobile –      relevance – and the people who will
    and up to 25 per cent of US banks        decide the winners are Gen X and Y,      Here are the top ten insights that we
    could disappear completely during        who today account for approximately      believe financial institutions need
    that same period3. Neo-banks (e.g.       half of the world’s population and are   to know and consider to succeed in
    Simple, Moven, GoBank, and Bluebird)     the custodians of existing wealth and    their identity transformations.
    were reported to have secured nine       wealth creation into the future.
    per cent of the US market in 2013.
    McKinsey & Company analysis              We analysed information from 318
    suggests that banks that are digital     financial services executives across
    laggards could see up to 35 per          the Asia Pacific region, Europe and
    cent of their net profit eroded, while   the US and 4,272 consumers across
    winners may increase profits by          seven countries (Australia, Singapore,
    40 per cent or more. They predict that   Indonesia, Malaysia, Hong Kong, UK

1. T
      he battle to acquire and digitally engage Gen X and Y is on.
     The Online Pure Plays’ are ‘winning wallet’ but is it now the
     Mobile Pure Plays’ turn

“Up to half of the world’s                                 In my report last year, we presented                        In order to understand how exposed
                                                           the Competitive Growth Model that                           an institution is to ‘Generational
banks will disappear                                       featured two major trends: firstly, the                     Recession’ or how well it is performing
through the cracks opened                                  inter-generational wealth transfer                          on ‘Generational Transformation’,
up by digital disruption                                   from the ageing baby boomer and                             we rate the institution based on the
                                                           pre-boomer generations to Gen                               dynamics of its generational profile
of the industry.”                                          X and Y and secondly, technology                            (Generational Index) and digital
- Francisco Gonzalez                                       proliferation as Gen Z – the digital                        channel adoption (Digital Index)
                                                           natives – are introduced to financial                       compared with the industry average
Rodriguez, Chairman                                        services. These trends have created                         (with an index of 100 being the
and CEO BBVA, 2015                                         a disruption zone for new entrants                          industry average). We also consider
                                                           to squarely focus their propositions                        a third factor measuring what is at
                                                           on Gen X and Y. We have now further                         risk – in other words, the net worth
                                                           developed this model to create a                            of the customers concerned. In this
                                                           Generational Acquisition/Digital                            case, we use Average Footings ($AUD)
                                                           Engagement Matrix. This enables                             or dollars held in traditional banking
                                                           us now to assess the relative                               products at the institution5. Using
                                                           performance of institutions and                             the Australian banking market, we
                                                           how they are transforming their                             analyse how some institutions are
                                                           businesses in response to                                   performing (see Figure 1).
                                                           these trends.

Figure 1: Generational Acquisition/Digital Engagement Quadrant
- Australian Market
                                                                              Generation Index

                        Attractive                                                    140                                                        Transformed
                                                                                                                           ING DIRECT

                                                                                                    ANZ                           $64K
                                                                                      120                                                $78K
                                                                                                                 NAB                            UBANK
                                                                              CBA     110                 $73K
   Digital Index                                                                      100
                   70                       80                   90                         100                      110                  120                  130
                                                                                       90         $66K
                         Total Building Societies   $59K          $47K                            Westpac    $48K
                                                                Total Credit Unions
                                     $51K   Bendigo Bank

                        Recession                                                      60                                                           Engaged

Sources: Roy Morgan Single Source, July – December 2014; Telstra Research 2015

1.0 M
         obile Identity
              Key Insights (CONT.)

    Transformed Quadrant – the
    institution attracts Gen X and Gen Y
    customers as well as engaging with
    them via digital channels.

    Based on this index, the Online Pure
    Plays – UBank (an online division of
    NAB) and ING Direct – are relatively
    outperforming the other Australian
    banks listed and considered
    ‘Transformed’ in our quadrant
    classifications. All the major banks
    (NAB, ANZ, CBA, Westpac) fall within
    the standard deviation and are close
    to the average; however, NAB and ANZ
    are clearly attracting a greater size of
    wallet (average 14 per cent) compared
    with CBA and Westpac.

    Recession Quadrant – the institution
    struggles to attract Gen X and Gen Y
    consumers or engage with them via
    digital channels.

    At the opposite end, in the ‘Recession’    Engaged Quadrant – the institution       UBank and ING Direct are relatively
    quadrant, are Bendigo Bank and the         engages customers via its digital        new entrants in the Australian
    community institutions displayed           channels but it struggles to attract     market. UBank was established in
    collectively as Total Credit Unions and    Gen-X and Gen-Y consumers.               2006 and ING Direct in 1999 – both
    Total Building Societies. Attracting the                                            use eVerification processes for
    younger demographic is a well-known        Credit Union Australia (CUA) has made    on-boarding new customers online.
    challenge for this part of the industry.   good progress with digitally engaging    In that short period of time, they
    The average age of a Credit Union          its customers and is positioned in the   have acquired approximately two
    customer in Australia is 51.5 years,       ‘Engaged’ quadrant. However, like the    million customers and penetrated
    compared with 42.5 years for banks6.       other community-based institutions,      6 per cent of Australia’s Gen X and
    By comparison, the community-              CUA hasn’t attracted Gen X and Y and     Y population. This demonstrates,
    based institutions have the lowest         has the second-lowest size of wallet.    firstly, how quickly digital can move
    average size of wallet, ranging            Attractive Quadrant – the institution    a market, and secondly, how digital
    between 24 per cent and 40 per             attracts Gen-X and Gen-Y consumers       relevance translates into customer
    cent lower than the best performer,        but struggles to engage with them via    acquisition. The question now is:
    UBank. The results indicate that           digital channels.                        what will happen now that we have
    players in this quadrant are most                                                   moved into a mobile first financial
    exposed to inter-generational              Of interest is the absence of            services world? If the developments
    wealth transfer.                           any player in this quadrant in           in the US market referred to earlier,
                                               the Australian market, perhaps           together with the global FinTech
                                               suggesting that digital is a necessary   phenomenon, are anything to go by,
                                               precondition to attract Gen X and Y.     then we can anticipate the ‘Mobile
                                                                                        only Pure Plays’ will change the
                                                                                        game once more.

2. The basis of identity and security is trust. Establishing trust is
                           paramount – despite customers trusting financial institutions
                           more than other organisation types, few are very satisfied with
                           their current institution’s security performance

   “Trust is ours to lose, though                                                              forms – paramount is the trust that                        The basis for identity and security
                                                                                               finances are secure (critical for 53                       is trust – trust that the holder of the
   it is (also) ours to protect.                                                               per cent), but almost as important is                      personal information will keep it safe
   If we mess up that trust                                                                    security of personal information (52                       and secure and not disclose details
   through this transition and                                                                 per cent). Trust is also reflected in the                  without authorisation. In a positive
                                                                                               need for confidence in the institution                     result for financial institutions,
   find our way to not having                                                                  to provide security and privacy (50                        they are viewed as the type of
   guided them to think that                                                                   per cent), and the institution’s overall                   organisation most trusted to manage
                                                                                               reputation for data security (48 per                       personal information – even ahead
   we are always going to be                                                                   cent). These factors are important to                      of the Government (except in
   there to protect them,                                                                      consumers irrespective of the country                      Singapore, where the Government
   we are going to lose them.                                                                  in which they live.                                        is most trusted).
   If we don’t protect that                                                                    Yet when we compare to how satisfied                       Mobile operators rank high in the
   trust, it’s game over.”                                                                     consumers are with these same                              list in Table 1, just ahead of internet
                                                                                               important factors, fewer than half                         retailers (who are particularly
   - Richard Davis, President                                                                  of all consumers state that they                           positively perceived in the UK).
   and CEO US Bancorp, 2015                                                                    are ‘very satisfied’ with their main                       Social networks and Google are the
                                                                                               financial institution. This indicates a                    least trusted, despite the plethora
   When it comes to financial institutions,                                                    disconnect between what consumers                          of personal information already held
   trust is critical for consumers and                                                         want from their institutions when it                       by such organisations.
   is the most important driver of                                                             comes to security and what they are
   choice when it comes to choosing an                                                         currently getting (see Figure 2).
   institution. Trust comes in multiple

   Figure 2: Drivers of Satisfaction/Choice of                                                                                                            Table 1:
   Financial Institution (Global)                                                                                                                         Most Trusted Identity
                                                                                                                                                          Institutions (Global)
                                               Higher importance, lower satisfaction                        Higher importance, higher satisfaction
                                                                                                             Level of trust to keep my                    Most trusted organisations with personal
                                                                                                             finances secure                              information – average rank
Importance of factors when choosing a
 financial provider (% very important)

                                         50                  Confidence in the security and      Level of trust to keep                                    1   Your bank or financial institution
                                                           privacy of financial interactions     personal data secure
                                                                                                                                                           2   Government or semi-government body
                                                               Provider’s reputation for                                    Speed of access to
                                         45                                data security            The degree of control     my accounts                  3   Mobile operator/communication services provider
                                                                                                    allowed over my
                                                                                                    financial products                                     4   Internet retailers, e.g. eBay, Amazon
                                         40                                                                                                                5   Specialist identity provider
                                                                        Clear data security              Easy to use self-service tools to
                                                                        policies                         manage financial activities                       6   Your mobile handset manufacturer
                                                                                                                                                           7   Postal service
                                                                                                 Convenience of providing my
                                                                                                 identity to access my accounts                            8   Mobile App stores
                                         30               Being able to speak with a
                                                          preferred/ trusted advisor                                                                       9   Google

                                               Lower importance, lower satisfaction                          Lower importance, higher satisfaction         10 Social networks
                                              35                                 40                          45                                      50
                                                        Satisfaction with main financial provider (% very satisfied)

   Source: Telstra Research 2015

1.0 M
          obile Identity
               Key Insights (CONT.)

       3. C
           onsumers are more willing to share personal information with
          financial institutions than other types of institutions
          – even their DNA, particularly as their wealth increases

     “Confidence in the banking              Figure 3: Willingness to Share Personal Information
     industry is on the rise, and            with Financial Services Institution
     trust in customers’ own                                                                               Information willing to share with a financial provider
     financial services providers                                                                         Personal information
                                                                                                                                                           68                             22           10
     is high. But customers                                                                                  (e.g. date of birth)
                                                                                                                  Legal identity
                                                                                                                                                      58                            25               16
     are on the move, with                                                                                       (e.g. passport)
                                                                                                           Employment details
     unprecedented access to                                                                                 (e.g. salary level)
                                                                                                                                                     52                        28                 20

     competing banks and new                                                                                      Credit history                     51                        29                 19
                                                                                          Behaviours with other organisations
     types of financial service                                                             (e.g. record of paying bills on time)
                                                                                                                                                 47                           30                 23

     providers. Banks must earn
                                                                                                                  Legal records
                                                                                                          (e.g. criminal history)
                                                                                                                                                46                        28                    26

     the highest levels of trust in                                                                           Biometric details
                                                                                                              (e.g. fingerprints)               42                        34                     24

     order to retain customers,                                                                          Social network profile           26                    30                       44

     win more business and                                                                                          DNA profile          24                 28                           48

     create genuine loyalty.”                                                                                                   0%             20%          40%          60%             80%              100%

     EY Global Consumer                                                                                                                Would share              Unsure         Would not share

     Banking Survey, 2014                    Source: Telstra Research 2015

     The fact that consumers are willing     We found those with more to invest are more willing to ‘do what it takes’ to ensure
     to trust their financial institution    security. A staggering 47 per cent of those with a net worth of more than US $1
     with personal information (above        million would share their DNA profile with a financial provider (see Figure 4).
     all others) places institutions in
     a place of privilege. In fact, one in   Figure 4: Willingness to Share Personal
     five consumers would be happy to
     go as far as sharing their DNA if it
                                             Information with Financial Services Institution
     would help secure their financial and   (by Net Worth $ (Total Investments & Assets – Debt))
     personal information (see Figure 3).
                                                                                               Willingness to share information with financial providers
                                                                                                                                                                                               Personal information
                                                                                         60%                                                                             59                    Legal identity
                                                Willingness to share (top 2 box agree)

                                                                                                                                                                         53                    Employment details
                                                                                                                                                                         46                    Credit history
                                                                                                                                                                                               Behaviours with
                                                                                                                                                                                               other organisations
                                                                                                                                                                                               Legal records

                                                                                                                                                                                               Biometric details
                                                                                                                                                                                               Social network profile

                                                                                                                                                                                               DNA profile

4. R
     obust authentication methods improve customer satisfaction,
    but institutional performance varies significantly – this gives the
    leaders a distinct competitive advantage

“Since launching in Australia   When asked how happy they are             This is important not only because
                                with their main financial institution’s   it is a key driver of institution choice,
ING Direct has gained the       authentication methods overall,           but also because it strongly
advocacy of our customers       only 42 per cent of consumers are         influences advocacy. Taking
by delivering customer-         ‘very satisfied’, but this does vary      consumer ratings of financial
                                by country. Hong Kong consumers           institutions across all seven
focused products and            are the least satisfied with their        countries, and directly comparing
services. We are now looking    institutions, with just 14 per cent       customer satisfaction with
                                being ‘very satisfied’. Singapore         the institution’s identity and
to leverage the trust they      and Malaysia fare only slightly           authentication methods and the
have in us to become their      better, with 22 per cent and 30 per       Net Promoter Score (NPS) for the
primary bank.”                  cent respectively happy with their        institution as a whole, yields a very
                                institution’s authentication methods.     strong correlation coefficient.
- Simon Andrews,
Chief Operating Officer,
ING Direct, 2015
1.0 M
              obile Identity
                                            Key Insights (CONT.)

         Figure 5 below shows the top two                                      authentication methods. While direct                 for ‘easier grading’7), the correlation
         financial services institutions in                                    comparison between the countries is                  between the data sets is almost
         each country, based on customer                                       difficult due to cultural tendencies for             perfect for these institutions
         satisfaction with identity and                                        survey ratings (the US is well-known                 (see Figure 5).

         Figure 5: Advocacy/Satisfaction with Authentication Methods
         (Global Top 2 Per Country)
                                       10             20                       30                 40                      50                        60             70

                                 50                                                                                                                                USAA
     Likely to Recommend (NPS)

                                                                                                                               ING Direct
                                 30                                                             PT AXA Mandiri
                                                                                             Financial Services                             Fidelity Investments
                                 10                                                                                       Asia
                                                       OCBC               Maybank                  NatWest
                                                   POSB/DBS          Citibank Berhad

                                 -30              The Hong Kong and Shanghai
                                                  Banking Corporation
                                                DBS Bank

                                                                           Satisfaction with identity and authentication methods

         Source: Telstra Research 2015

         The US is a clear leader on both
         dimensions and USAA’s recent
         biometrics developments (see Case
         Study 3) may explain the very high
         satisfaction levels. Of interest also
         is ING Direct in Australia, who not
         only lead the Transformation Index
         (see Figure 1), but have a
         clear advantage in their NPS/
         Authentication Satisfaction

         The significant variation in
         performance by institutions within
         each country studied leads us to
         conclude that the opportunity exists
         for institutions to differentiate using
         identity and authentication methods
         that provide high levels of security
         for personal information.

5. I dentity theft is impacting Gen X and Y, particularly as their
     wealth increases, and many think it’s the institution’s fault
     – this will inevitably lead to customers defecting

“Good cybersecurity                        Figure 6: Identity Theft (Global)
practices are not a minority                           Proportion of consumers that have experienced identity
sport for technologists                                              theft personally or indirectly
only.” - Andrew Gracie,                                         51
Executive Director,                                                        46
Bank of England, 2015                                 38                            38
                                                                                              32        31
Security of finances and personal                                                                                  29
information is not just a key
acquisition driver; it is also essential
for retaining customers. Specifically
referring to digital interactions with
financial institutions, almost one in
five consumers (19 per cent) claim to
have personally experienced identity               Total    Indonesia Malaysia     USA        UK      Singapore Australia   Hong Kong
theft or to feel their identity has been
compromised, and (23 per cent) know
someone to whom this has happened.
Critically, 40 per cent of them believe
it was the institution’s fault. The net
impact is that around two out of every                                     Fault for identity theft
five consumers (38 per cent) have
experienced digital security failings,
either personally or indirectly. In                                                                Entirely my fault
Malaysia and Indonesia this rises to
half of all consumers – 51 and 46 per                                                              Mostly my fault
cent respectively (see Figure 6).
                                                                                                   Joint fault between me and
                                                                                                   the provider
                                                                                                   Mostly the provider's fault

                                                                                     17            Entirely the provider's fault

                                                                                                   Neither my fault or
                                                                     18                            the provider’s

                                           Source: Telstra Research 2015

1.0 M
          obile Identity
                Key Insights (CONT.)

     Of further concern, it seems that          Figure 7: Identity Theft High Net Worth (Global)
     those with the most to invest
     are the most likely to experience                                          Experience of identity theft/being compromised
     security failings with digital financial
                                                 have experienced
     transactions – over a third (35 per          Proportion who
     cent) of consumers with a net worth
     of more than US $1 million have                                40%
     personally experienced such                                                                                                                 35
     a situation (see Figure 7).                                    30%



The financial services industry is               loss (75 per cent) as being the most
well aligned on matters concerning               significant impact for customers.
customers and identity theft.                    Sixty three per cent of consumers
Institutions across all regions and              agree and ranked it as their number 1
business types ranked financial                  concern (see Figure 9).

Figure 9: Perceived Consumer Concerns with
Identity Theft by Institutions
                            Potential impacts of identity theft

           Feeling of personal violation    9%

                    Reputational impact     9%
            (social media, credit rating)
        Inconvenience (re-establishing      7%
      identity across service providers)

                          Financial loss                                      75%

Consumer Concerns with Identity Theft (Global)
       Concern on impact from identity theft – ranked

      1      Financial loss                                               63%

      2      Inconvenience of resolving                                   11%
             Feeling insecure about other/future
      3      personal information stored                                  10%

      4      Feeling personally violated                                  10%

      5      Reputation impact                                              7%
Source: Telstra Research 2015

1.0 M
          obile Identity
             Key Insights (CONT.)

       6. P
           asswords are a flawed authentication method
          – and everyone knows it

     “The whole notion of             Consumer concerns about security,         If that were not concern enough,
                                      coupled with common usage of              we see that a quarter of consumers
     passwords is based on            passwords across financial and other      (25 per cent) physically write their
     an oxymoron. The idea is         digital accounts, would suggest that      passwords down, presenting an even
     to have a random string          consumers carefully manage their          greater risk to security. Only one in
                                      passwords to ensure they are as           ten (12 per cent) uses a password
     that is easy to remember.        secure as possible. As is very well-      manager and one in 20 (5 per cent)
     Unfortunately, if it’s easy to   known, this is definitely not the case.   use a random password generator
                                                                                (see Figure 10).
     remember, it’s something         Almost half (44 per cent) of
     non-random. And if it’s          consumers have a small number
                                      of passwords that they use multiple
     random, then it’s not easy       times across their digital identities,
     to remember.”                    and one in five (18 per cent) use just
     - Bruce Schneirer,               one common password across all
                                      digital accounts (see Figure 10).
     Author, 2008

Figure 10: Managing Passwords
                           Password management                                                 Methods to generate or remember passwords

         44%                                                                                                 I remember
                                                                                                           my passwords                                     74%

                                                                                                        I physically write
                                                                                                     my passwords down                   25%

                                                                                     I save my passwords in my browser so
                                22%                                                      they complete them automatically            19%
                                                                     16%                               I keep an electronic
                                                                                                     list of my passwords          14%

                                                                                                I use a password manager
                                                                                                    to store my passwords          12%

 I have a small number   I have a lot of I have one common  I have a unique                               I use a random
                                                                                                      password generator      5%
      of passwords     passwords but use    password I use password for each
                     some more than once multiple times        situation

Source: Telstra Research 2015

Alongside this, most consumers                               financial services institution.
(60 per cent) also admit that they do                        14 per cent don’t even change
not change their password as often as                        passwords, while only one in five
they should; when they do, it is usually                     (20 per cent) report proactively
because they are prompted by their                           changing their passwords (see Figure 11).

Figure 11: Changing Passwords
                    Frequency of changing password                                         Reason for changing passwords

                     32%              32%                                                                                                      Financial
                                                                                             When the provider forces me to                                28

                                                                                             When the provider recommends that I do                        21

                                                                                             I proactively change my passwords                             20
                                                                                             When I remember to                                            17

Much less often   less often     about as often    more often much more often
                                                                                             I do not change my passwords                                  14
 than I should  than I should    than I should    than I should than I should

Source: Telstra Research 2015

1.0 M
             obile Identity
                                              Key Insights (CONT.)

                                7. There is a disconnect between usage of authentication methods
                                    and their perceived security strength. The industry still thinks
                                    customers prefer passwords – it’s time to look to authentication
                                    methods that garner greater trust

        “We want to identify                                                               When we ask consumers how strong                           Complex passwords and the provision
                                                                                           they perceive each authentication                          of personal information, the most
        people for who they are,                                                           method’s security to be in terms                           commonly used methods, are both
        not what they remember.”                                                           of protecting their personal and                           viewed as having significantly lower
        - Ajay Bhalla,                                                                     financial information, it is clear that                    security than biometric options –
                                                                                           there is a significant disconnect                          particularly fingerprint scanning,
        CEO, MasterCard, 2015                                                              between the methods commonly                               eye scanning, facial recognition and
                                                                                           used and consumer confidence in                            two-factor authentication options
                                                                                           their security.                                            (see Figure 12).

        Figure 12: Authentication Methods – Usage & Perceived Strength (Global)
                                         Higher usage,                                                                                                                                   Higher usage,
                                         lower confidence                                                                                                                            higher confidence
                                60                                                           Complex password
     % Consumers using method

                                50                                           Personal information

                                                                                Four-digit PIN
                                30                                                               Six-digit PIN
                                                                                                                 Proof of ID   Two-Factor Authentication
                                20                                                Proof of address
                                                                                                                                    Hardware token                                   Fingerprint
                                                                                                                                                                            Eye       scanning
                                10                                                                                                                       Face recognition scanning
                                         Lower usage,                                                                                                                                     Lower usage,
                                         lower confidence                                                                                Voice recognition                            higher confidence
                                     0                      10                        20                         30                 40                     50                   60                        70
                                                                                                          Perceived strength of confidence

        Source: Telstra Research 2015

Fingerprint scanning is perceived         Table 2: Authentication Methods
to be the strongest method of
authentication in Australia, Malaysia     – Usage & Perceived Strength (by Country)
and Singapore, while the US and
Hong Kong rate eye scanning as
the most secure method; Indonesia
and the UK believe strongly in facial         Fingerprint scanning        55     30     69      51        41       39           67

recognition. These three biometric            Eye scanning                32     31     58      32        32       39           73
methods achieve at least two of the           Face recognition            41     23     77      22        24       57           52
top three security ratings across all
                                              Voice recognition           30     10     38      22        26       34           48
markets. Use of a hardware token
appears in the top three for Hong             Hardware token              39     26     45      27        30       39           35
Kong and Singapore, while two-                Two-Factor Authentication   45     25     50      28        34       32           35
factor authentication rates highly in
                                              Proof of ID                 34     14     26      13        16       24           42
Australia, Malaysia and Singapore
(see Table 2).                                Complex password            28     14     49      23        15       32           29

                                              Six-digit PIN               21     6      24      15        9        24           26

                                              Four-digit PIN              10     3      22      13        9        16           23

                                              Proof of address            16     9      20       9        9        13           19

                                              Signature                   14     7      19       9        11        8           18

                                              Personal information        12     4      20      10        6        13           15

                                          Source: Telstra Research 2015

Despite the shortcomings of               Figure 13: Customer Identity Methods via
password or PIN schemes outlined
in point six, most of the financial       Mobile Devices (Total Institutions)
services industry executives (56                Which of the following methods do you predict your customers will expect
per cent) still predict that their                 to be able to access via mobile device to establish identity with your
customers will want to use these               organisation when accessing online financial services or mobile applications
methods to access financial services
or applications through mobile                                                               Biometrics (voice recognition,
                                                                                             fingerprints on devices or facial
devices (see Figure 13). These findings                                                      recognition)
were consistent across all regions.             2%               7%
Interestingly, Pure Play Online/Mobile        1%       4%                                    User ID & password or PIN user
                                                                                             ID & password or PIN
Banks, Neo-banks and FinTechs                                                  25%
were the only class of provider                 5%                                           Know your customer (100-point ID)
who believed customers would
prefer another method (specifically                                                          Hardware token (including tokens that
biometrics) over passwords or PINs.                                                          can be reused at any number of sites)
Offsetting this finding, however, is
                                                                                             Digital signature (e.g. SIM card
the fact that one in four (25 per cent)                                                      on mobile phone)
predict biometrics becoming the
preferred access method.                                                                     One-time password (via an SMS or
                                                                                             from a mobile app)

                                                               56%                           Mobile app, with no extra
                                                                                             authentication step (after registration)

                                          Source: Telstra Research 2015

                                          If financial institutions are to provide the level of security that consumers are
                                          looking for, and for customers to trust that their financial and personal information
                                          will be kept safe, it is time to look to authentication methods that will aid this.

1.0 M
          obile Identity
            Key Insights (CONT.)

      8. The financial services industry recognises that it has
          underinvested in identity and security-related capabilities
          – but this about to change

     “The attackers didn’t even     The dominant view in the industry is          respond to today’s evolving security
                                    that the current investment in identity       threats (see Figure 16). PwC reported
     need to get into the bank’s    systems is less than appropriate              that investment in security by financial
     services; once they got into   (62 per cent), with 9 per cent of             services institutions has been stalled
     the network, they learned      respondents seeing significant                at four per cent of total IT budgets for
                                    underinvestment (see Figure 14).              the past seven years. However, our
     how to hide the money          This finding is consistent with a             research suggests this is about to
     transaction activities         global PwC study8 that found a lack           change – 87 per cent of respondents
                                    of investment over the past two years         anticipate that their institution’s level
     behind particular actions.”    means that many financial services            of planned activity and investment
     - Sergey Golovanov,            institutions are falling behind the           in customer identity will increase,
     Kaspersky, 2015                market in implementing up-to-date             with 27 per cent of those predicting a
                                    processes and tools to detect and             significant increase (see Figure 15).

                                    Figure 14: Current Activity & Investment Level
                                    (Total Institutions)
                                            Which of the following best describes your company’s level of
                                               activity and investment related to customer identity?

                                                             9%               Significantly less than appropriate/
                                                                              current investment

                                                                              Somewhat less than appropriate/
                                                                              current investment
                                                                              At appropriate/ current investment level

                                                                              Somewhat more than appropriate/
                                                                              current investment level

                                                                              Significantly more than appropriate/
                                                            11%               current investment level

                                    Source: Telstra Research 2015

Figure 15: Planned Activity & Investment Level
(Total Institutions)
         Which of the following best describes your company’s level of
         planned activity and investment related to customer identity?
                                12%                            Significant decrease

                                                               Some decrease

                                60%                            No change

                                                               Some increase

                                                               Significant increase

Source: Telstra Research 2015

Figure 16: Falling Behind in Security Safeguards 2013- 2014
  2014    2013

                           66%                           61%                                      59%                                         59%
                                73%                       64%                                        74%                                           67%
Secure access-                        Threat                          Active monitoring/ analysis of             Require third-parties to comply
control measures                      assessments                     information security intelligence          with our privacy policies

                        59%                             58%                                       58%                                         58%
                          63%                             65%                                           67%                                         71%
Penetration                           Vulnerability                   Risk assessments on                        Intrusion-detection tools
testing                               assessments                     internal systems

                       57%                              57%                                        57%                                       56%
                           66%                                71%                                          63%                                60%
Employee awareness                    Security audits                 Incident response-process to report        Risk assessments on third-
training program                                                      and handle breaches to third-parties       party vendors
                                                                      that handle data

Source: PwC 2015

1.0 M
          obile Identity
            Key Insights (CONT.)

      9. To the ‘no-finapp-phobic’ Gen X and Ys, the mobile has now
          become the primary access device for financial services
         – more secure, mobile-based identity is a key part of the solution

     “Enhanced customer             As the smartphone becomes the             Consumers do, of course, want
                                    default access method for many            security and privacy from their
     engagement, data analytics     financial accounts (globally, 51 per      smartphone app, but some also value
     and a mobile-first approach    cent of consumers access day-to-day       convenience, speed of access, user
     are the three key trends       accounts through their smartphone.        experience and flexibility. Ideally
                                    - see Section 2 Figures 22, 23 and 24),   an app must offer a great user
     that will dominate retail      can it actually help provide the          experience and flexibility in managing
     banking. My first touchpoint   authentication solutions and security     financial accounts – and that includes
                                    reassurance that consumers are            the authentication method the app
     when I look to engage with     looking for when accessing their          will use to ensure security and privacy
     a bank is with the app.”       financial accounts?                       (see Figure 17).
     - Andrew Milroy, Vice
     President ICT Research
     Frost & Sullivan, 2014

Figure 17: Smartphone Banking App Features
                                Importance rank of factors when using a smartphone app (% top ranked)



                                                                                                           8%                       8%

   Security of access              Privacy                  Convenience           Speed of access    User experience              Flexibility
    (ie only you can       (your personal details           (how easy it           (how quickly        (how user-         (what you can do with the
  access the account)          are protected)               is to access)         you can access)     friendly it is)    account once you access it)

Source: Telstra Research 2015

The most commonly used                                   perceived security levels. Two-factor      its release in recent flagship devices
authentication methods for accessing                     authentication is already used by          like the iPhone, but it is only used
smartphone apps today are complex                        one in five consumers (19 per cent)        for accessing financial accounts
passwords and four-digit PINs                            globally – more in Singapore (51 per       in six per cent of cases on average
(six-digit PINs in some markets                          cent) and Malaysia (42 per cent), but      and seven per cent at best in Hong
including Indonesia, Singapore, and                      fewer in the US (15 per cent) and UK       Kong. Similarly, other biometric
Malaysia). As we saw earlier (see                        (16 per cent). Fingerprint scanning        authentication methods are only used
Figure 12) these are methods with low                    has gained some traction following         by a select few currently (see Figure 18).

Figure 18: Smartphone Authentication Methods (Global)
                                               Authentication methods used on smartphone app
                  Complex password                                                                                                            43%
                        Four digit PIN                                                                             32%
          Two-factor authentication                                                     19%
                Personal information                                                  18%
                         Six digit PIN                                               18%
Providing your mobile phone number                                          13%
                     Hardware token                              9%
                Fingerprint scanning                       6%
                Providing proof of ID                4%
          Providing proof of address                4%
                  Signature (written)               3%
                    Face recognition            3%
                    Voice recognition       2%
                        Eye scanning       1%

Source: Telstra Research 2015

1.0 M
          obile Identity
                Key Insights (CONT.)

       10. M
            obile authentication methods are highly appealing and can
           have a very strong business impact including acquisition,
           retention or defection. Gen X and Y are even prepared to pay
           for this security, particularly those with the most to lose

     “USAA is committed to                        Table 3: Appeal of Authentication Methods (Global)
     cutting-edge solutions
                                                                                                                           B. Second          C. Mobile
     to make our members’                                                                                A. Federated
     financial transactions                              Appeal of concept                                    45                   61               52
     as secure as possible.                              “Extremely appealing/somewhat appealing”

     The use of multifactor                              Likelihood to use concept
                                                         “Extremely likely/somewhat likely”
                                                                                                              41                   60               49
     authentication through                              Impact of satisfaction
                                                                                                              41                   55               46
     biometrics is one of the                            “Much more satisfied/a little more satisfied”

     most effective ways to                              Likelihood to recommend provider
                                                         “Would recommend 8-10”
                                                                                                              27                   35               29

     increase security protection                        Likelihood to consider new provider
     as traditional passwords                            concept
                                                         “Much more likely to consider/a little more
                                                                                                              38                   50               42

     become increasingly                                 likely to consider”

                                                         Likelihood to switch to concept
     obsolete.” - Gary McAlum,                           provider
                                                                                                              37                   48               42
     USAA’s Chief Security
                                                         “Much more likely to consider/a little more
                                                         likely to consider”

     Officer, 2015
     As part of our consumer research
     study, we tested the consumer appeal
     of three identity authentication
                                                  Table 4: Appeal of Authentication Methods
     methods: Federated Identity, Second-         (by Country)
     Factor Authentication and Mobile
     Digital Signature. All methods proved                                                       A. Federated           B. Second Factor    C. Mobile Digital
                                                         Appeal scorecard – top 2 box            Identity               Authentication      Signature
     feasible options for institutions to offer
     their consumers. At a global level, it
     is clear that the Federated Identity,               Australia                                       42                   63                   46
     two-factor authentication and mobile
     digital identities that we researched               Hong Kong                                       36                   54                   35
     all hold strong appeal for consumers.
     There is also a high likelihood of use,             Indonesia                                       61                   77                   70
     and such authentication methods
     would help to improve satisfaction,                 Malaysia                                        48                   78                   55
     acquisition and retention of
     consumers (see Tables 3 and 4).                     Singapore                                       43                   70                   47

                                                         UK                                              40                   59                   41

                                                         USA                                             44                   58                   53

                                                  Source: Telstra Research 2015

Second Factor Authentication – is         Federated Identity – the idea of using
the most appealing concept tested         a single set of personal credentials
across all countries. In particular, 78   registered with a bank, mobile
per cent of respondents in Malaysia       operator or identity provider to use
found the concept appealing, 77           across multiple financial services in
per cent in Indonesia, 70 per cent        a one-click process was also highly
in Singapore and 63 per cent in           appealing to more than half of all
Australia. This aligns with consumer      consumers across all countries. At
awareness – 72 and 62 per cent            the recent Mobile World Congress,
of respondents in Singapore and           Jon Fredrik Baksaas, Chairman of
Malaysia respectively were aware of       the GSMA (Group Special Mobile
two-factor authentication, with the       Association), predicted that by
lowest awareness in the USA (45 per       the end of 2016, one billion users
cent) and Hong Kong (47 per cent).        worldwide will be authenticating on
This may suggest consumers are            a platform that offers a single
more comfortable with authentication      sign-on feature9.
approaches they already know and
that significant education on other       Indonesian respondents, in particular,
approaches may be required before         reported that all three approaches
consumers find them appealing.            had high appeal. This may suggest
                                          unmet demand for such methods
Mobile Digital Signature – was the        of easing security concerns or may
second most appealing concept in          point to a cultural tendency to be
most markets, with Hong Kong being        positive when responding to
the exception.                            research questions.

1.0 M
          obile Identity
                 Key Insights (CONT.)

     Consumers are somewhat split over                      However, a significant proportion of                 a little extra for peace of mind – half
     whether they would be willing to pay                   consumers would be prepared to pay                   of those with a net worth of more than
     for such enhanced authentication                       a reasonable fee for such a service.                 US $1 million indicated a willingness
     methods. More than half consider                       For example, an annual fee ranging                   to pay for such services (see Figure 19).
     authentication to be the institution’s                 between US$3 and US$20 (depending
     responsibility – arguably, this view is                on the market) would be acceptable
     reasonable, given the potential positive               to many (see Figure 19). Also clear is
     impact on satisfaction, retention and                  that the more that consumers ‘have to
     acquisition for the institution.                       lose’, the more willing they are to pay

     Figure 19: Propensity to Pay for Authentication Methods
     (Globally and by Country)
                                                                                                    Median price willing to pay for annual fee –
                               Willingness to pay a fee                                                 average of three concepts ($USD)
     55%                                                                           $25
                                                                        51%        $20                                                               $17
                                                                        48%        $15                                         $13         $13
                                                                                   $10                              $8

                                                                                    $5     $3

     35%                                                                            $0
2.0 F inancially Mobilised
    Omnipresent Consumers
           Fusion of Financial Services, Mobility and Identity

In this section, we take a look at        Figure 20: Unique Mobile Subscribers (m)
how mobility, financial services and
identity have become inextricably                                                                                                     4,334
                                                                                                                                4,236 9,179
                                                                                                                          8,723 8,960
                                                                                                                          4,134                 Sub-Saharan Africa
linked, and have set the scene for                                                                        8,153
Omnipresence-based experiences.                                                                   3,745
                                                                                                  7,800                                         North America
                                                                                          7,385                                                 Middle East and
                                                                                  6,886                                                         North Africa
2.1 The ‘Omnipresent’                                                     3,225
Mobile Consumer                                           2,799
                                                                                                                                                Latin America

                                                2,566                                                                                           Europe
The societal and economic benefits        2,344 4,665
                                          4,039                                                                                                 Commonwealth of
of mobility help explain the                                                                                                                    Independent States

unprecedented growth we have                                                                                                                    Asia Pacific

witnessed over the past decade so
that today 3.4 billion people subscribe
to mobile services10. According to
the GSMA, this growth is predicted
to continue at 3.5 per cent through       2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020

to 2020, connecting 56 per cent of
the people on earth (see Figure 20).        11.3%                                           4.2%
                                          2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020

Our unquenchable thirst for mobile
services is further predicted to            7.7%
                                            CAGR 2008-2013                                  3.5%
                                                                                            CAGR 2013-2017

remain unabated at a device level with
                                            CAGR 2008-2013                                  CAGR 2013-2020
a CAGR of 4.2 per cent, from a current
global SIM penetration that currently     Source: GSMA Intelligence
stands at 95 per cent and over
124 per cent in developed markets
(see Figure 21).
                                          Figure 21: Unique Mobile Connections (M)
                                          (M, Excluding m2m)
                                                                                                                          8,723 8,960           Sub-Saharan Africa
                                                                                                  7,800                                         North America
                                                                                          7,385                                                 Middle East and
                                                                                  6,886                                                         North Africa
                                                                  6,029                                                                         Latin America
                                          4,039                                                                                                 Commonwealth of
                                                                                                                                                Independent States

                                                                                                                                                Asia Pacific

                                          2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020

                                            11.3%                                           4.2%
                                            CAGR 2008-2013                                  CAGR 2013-2017

                                          Source: GSMA Intelligence

2.0 F inancially Mobilised
         Omnipresent Consumers
                        Fusion of Financial Services, Mobility and Identity (CONT.)

     This large-scale growth in mobile                                             Figure 22: Percentage of Total Interactions in
     services has directly translated into
     the adoption of mobile banking. 2014                                          Last Quarter, 2014
     was a landmark year in banking,                                               100%
     ushering in the age of mobile banking
     with mobile devices now being the                                               80
     most preferred way for consumers to
     engage with their bank. According to
     a report by Bain & Company11, more
     than 50 per cent of interactions with
     banks are conducted through mobile
     devices in 18 of the 22 countries it
     surveyed (see Figure 22).

     The significance of this development                                             0
















                                                                                                                                                                                                                                                                      Hong Kong




     is eclipsed by the time it took to
     achieve. Bain & Company’s report
     details a worldwide surge with 19
     per cent year-on-year growth in                                                                    Mobile (smartphone/tablet)                                                      Online                                  ATM                                  Phone                            Branch
     consumers’ use of mobile banking
     applications (see Figure 23).
                                                                                   Source: Bain/Research Now NPS surveys, 2014

     Figure 23: Percentage of Respondents Who Used
     Mobile Banking Apps in the Last Quarter

                                           59       58         58
                                                                                                         47                  45              44               43        42          41
       40                                                                                                                                                                                            39
                                                                                                                                                                                                                                            31                30
       20                                                                                                                                                                                                                                                                                                     19








                                                                                      Hong Kong














                                                                    Developing country                                                    Developed country                                              2013
     Source: Bain/Research Now NPS surveys, 2014

Mobile has also become a key enabler              top five bets, that by 2030, two billion
of socioeconomic development in                   people will be storing money and
developing nations, improving the                 making payments on mobile devices
financial inclusion of unbanked                   (referring to the developments
and under-banked communities                      underway in unbanked and under-
and fuelling economic growth. This                banked communities)15.
is illustrated by significant year-
on-year growth in markets such as                 The rapid growth in mobile
Indonesia, Thailand and India. Of                 banking interactions reflects the
the 2.5 billion people in lower and               unprecedented scale and pace of
middle-income countries that are                  consumer behavioural change. There
unbanked12, one billion have access to            has been much commentary over the
a mobile phone13. At the end of 2014,             years on the shift from branch-based
there were more than 255 mobile                   interactions to online (PC), but now we
money services in 89 countries; in                need to observe the shift from online
nine of those markets, there are                  to mobile paving the way for a new
more mobile money accounts than                   Mobile Pure Play era (see Figure 24).
bank accounts14. In their 2014 annual
review, the Bill and Melinda Gates
Foundation predicted, as one of their

Figure 24: Mobile Interactions as a Percentage
of Total Interactions
                                                                           Mobile exceeds online

                                                           Australia                  Online exceeds mobile
                                               China     US
 35                                      Spain       UK
 25                             Hong Kong

                                                       Japan India            Indonesia            Canada
       5                  15                      25                  35                     45             55 %

                               Online interactions as a percentage of total interactions
                                                        2013       2014
Source: Bain/Research Now NPS surveys, 2014

2.0 F inancially Mobilised
         Omnipresent Consumers
                Fusion of Financial Services, Mobility and Identity (CONT.)

                                                                                               2.2 The Confluence of Identity,
                                                                                               Privacy and Security – this is now
                                                                                               one conversation, not three

                                                                                               Identity, privacy and security have
                                                                                               converged. Author David Birch18
                                                                                               highlights that traditional concepts
                                                                                               of identity and money are changing
                                                                                               due to the technological evolution
                                                                                               of social and mobile networks, and
                                                                                               that these will enable the creation of
                                                                                               new infrastructure that can enhance
                                                                                               both privacy and security. He further
                                                                                               argues that identity is neither singular
                                                                                               nor fixed and that a person’s personal
                                                                                               or social identity evolves and changes
                                                                                               throughout a person’s lifetime – unlike
                                                                                               legal identity, which is mostly fixed.

     Mobile broadband is predicted             • View banks as relatively                     Accordingly, we need to consider a
     to grow at a staggering CAGR                 undifferentiated compared                    flexible triage model for identity that
     of 15 per cent to 5.9 billion                with alternative providers                   adapts to the individual, interaction
     connections by 202016 and this               (e.g. new type of bank);                     and institution (see figure 25). This
     trend will only gain momentum                                                             is particularly important for those
     through the coming years.                 • Own the most financial services              institutions taking a lifetime, life
                                                  products (mean products owned                stage or lifestyle-based management
     This behavioural change                      is 11.5);                                    approach. This model must take
     challenges traditional approaches                                                         a long-term view of customer
     to segmentation, as mobility              • Most active in opening and closing
                                                  accounts (71 per cent opening and            relationships and suggest we provide
     increasingly influences consumers’                                                        flexibility to accommodate evolving
     expectations of interactions,                22 per cent closing accounts in past
                                                  year; 34 per cent with alternatives          privacy needs throughout our lives.
     engagements and experiences                                                               It must also foster trust.
     with financial services providers.           to their primary provider);
     Research reported by EY in its 2014       • Most likely to experience
     Global Consumer Banking Survey17             problems requiring assistance,
     illustrates this point. The report
     highlighted eight global segments
                                                  with great returns if resolution             Figure 25: Identity
                                                 is highly satisfying;
     that represent shifting consumer                                                          Triage Model (Lifetime,
     sentiment. The ‘Upwardly Mobiles’         • Value advice whether in person,
                                                 on the phone, over video chat or via
                                                                                               Lifestage, Lifestyle)
     segment, while only representing six
     per cent of the population, has some        self-service; and,
     very important characteristics,
                                               • Use the mobile channel much more
     such as:
                                                  often per week than other seven
                                                                                           Personal Identity (Lifestage)

     • Young (43 per cent 18 – 34 years,         segments (69 per cent).
                                                                                                                                           Legal Identity
        37 per cent 35-49 years) and,                                                                                                        (Lifetime)
                                               In light of this, it is hardly surprising
        highly educated (80 per cent college
                                               that this important segment reported
        graduates) with high household
                                               that ‘keeping personal information
        incomes (median $48,571) and the
                                               safe’ and ‘protecting financial
        most significant investable assets
                                               information’ were the most important
        of any segment (median $250,000);
                                               considerations in their relationship
     • Highest advocacy and trust             with their primary financial services
        (> 50 per cent);                       provider (as also shown in Section 1,
                                               Figure 2).                                                                  Social Identity (Lifestyle)

                                                                                               Source: Telstra Research 2015

The impact of identity theft on          The Obama administration has urged       In Europe, the European Union
consumers (outlined in Section 1)        lawmakers in the US to consider          General Data Protection Regulation
explains the widespread data             tightening cybersecurity at banks        is expected to be completed in 2015.
protection disclosure/notification       and other institutions, including        This will outline new requirements for
standards and legislative initiatives    mandatory public disclosure of any       firstly, issuing breach notifications to
underway. Recent developments in the     breach that compromised personal or      individuals and, secondly, conducting
US, Europe, Australia and Singapore      financial information and notification   risk assessments and audits into
indicate that regulators may impose      of affected consumers within thirty      how institutions handle personal
reforms to obligate financial services   days (Personal Data Notification and     information. These measures will be
institutions to implement revised        Protection Act).                         accompanied by proposed increased
security programs.                                                                fines for non-compliance19.

                                                                                  In Asia, the Singaporean Personal
                                                                                  Data Protection Act established new
                                                                                  standards for the collection, use and
                                                                                  disclosure of personal information.
                                                                                  Non-compliance is subject to
                                                                                  penalties up to USD$788,95520.

                                                                                  In Australia, the passing of reforms
                                                                                  to the Privacy Act in 2014 have seen
                                                                                  businesses face more onerous
                                                                                  obligations when handling personal
                                                                                  information, with penalties of up to
                                                                                  AUD$1.7million for a privacy breach.
                                                                                  Privacy regulation remains a constant
                                                                                  topic of public discussion, thanks
                                                                                  largely to the introduction of local
                                                                                  data retention laws and copyright
                                                                                  regimes, as well as community
                                                                                  concerns arising as a result of a
                                                                                  series of large-scale hacks and
                                                                                  data breaches. Further, in 2014 the
                                                                                  Australian Law Reform Commission
                                                                                  released its final report on serious
                                                                                  invasions of privacy in the digital
                                                                                  era. Recommendations included
                                                                                  the introduction of a variety of new
                                                                                  protections around the security of
                                                                                  information, including the mandatory
                                                                                  reporting of data breaches and the
                                                                                  establishment of a civil case of action
                                                                                  for privacy breaches.

2.0 F inancially Mobilised
         Omnipresent Consumers
                       Fusion of Financial Services, Mobility and Identity (CONT.)

     2.3 “Identity of Things”,                                            The sheer volume of data generated         verification and digital signing via
     “Privacy”, “Internet of Trust”                                       by the convergence of the mobility         Public Key Infrastructure (PKI). There
                                                                          revolution and the Internet of Things      is, however, no clear path for scaling
     The mobile device revolution has                                     is simply staggering. EMC predicts         well-managed PKI to the massive
     made us completely rethink our                                       the amount of data in this “digital        number of devices predicted in a
     approaches to identity and security.                                 universe” will grow to 44 zettabytes       mature IoT world.
     But before we’ve even adapted to                                     (44 trillion gigabytes) by 202021. The
     the new mobile-enabled world,                                        volume of data and the complexity          It isn’t only data volume that
     another potentially even more                                        of the IoT environment immediately         increases the threat surface that
     game-changing revolution is just                                     creates security, identity and privacy     must be managed. As Figure 26
     beginning – the rise of the Internet                                 challenges. IDC estimates that             depicts, the data that influences a
     of Things (IoT). In our previous                                     although 40 per cent of the data in        single financial services decision can
     report, “Analyse This, Predict                                       the digital universe warrants some         come from hundreds of devices and
     That: How Institutions Compete                                       level of enhanced protection, less         pass through numerous systems and
     and Win with Data Analytics”, we                                     than 20 per cent actually has any          platforms beyond the control of the
     showed that the most adaptive and                                    such protection22. In fact, today many     financial institution or the customer.
     forward-thinking financial service                                   edge devices in the Iot are relatively     Our frame of reference for community,
     organisations are already starting                                   unsophisticated devices with little        connectivity and commerce is
     to shape the delivery of financial                                   inbuilt capability to protect either       predicted to exponentially explode,
     services based on big-data-style                                     themselves or the data they produce        leading to a need for interconnected
     analysis of data from the Internet                                   from compromise. Essentially, we           identity. Given that IDC predicts that
     of Things. They are effectively                                      need robust and flexible mechanisms        over the next two years, 90 per cent
     becoming data-driven, software-                                      for establishing the “Identity of          of IT networks will have some form of
     defined businesses.                                                  Things”. Today, the most common            security breach that is IoT-related23,
                                                                          approaches involve the use of              a key (as yet unanswered) question is:

     Figure 26: Interconnected Identity
     Community                                                                     Connectivity                    Commerce

                                                                                 Smart mobile
       2.8 Billion smart mobile devices by 2018                                       devices

       515 Million sensors in wearables by 2017

       60-100 Sensors in cars today - 200 by 2020

       Virtually all new cars networked by 2025
       Up to 75% of vehicles autonomous by 2040                                       vehicles

       500 Smart devices per U.S. home by 2022
       Potentially 1 trillion sensors by 2025                                        buildings

       1.1 Billion smart meters by 2021

                                                                                  Smart cities
       7 Billion consumer M2M connections by 2023

                                                                                                               Third-party aggregators and processors

     Source: Telstra Research 2015 - 24, 25, 26, 27, 28, 29, 30, 31, 32

You can also read