MIDASThe MIDAS Alliance was created to Solve Payments Security Challenges Raised by Mobile Wallet Security industry collaboration seeks to create solution before August deadline for new payment rules While the introduction of the mobile wallet has created a lot of excitement across the retail and financial services industries, the European Central Bank (ECB) is pushing for greater security standards. When the ECB’s SecuRe Pay guidelines come into effect in August 2015, most current mobile wallets will not meet the security standards for online and in-store payments across Europe.

In response, a number of leading stakeholders in the information security community have joined forces to try and resolve this problem, through the MIDAS Alliance (www.midasalliance.org).  MIDAS stands for Mobile Identity Authentication Standard, and the alliance’s primary aim is to promote information security and authentication innovation through industry-wide collaboration.

One of the organisation’s founding members is Brian Kinch, a senior director of FICO, a global leader in anti-fraud software. “I believe this kind of information sharing is critical,” Kinch said “to prevent security breaches, we need to bridge the gap between what the regulators are seeking and what the financial services industry is doing.”  Fellow alliance member Jonathan Williams, a director of Experian, agreed. “It is very important to create innovative solutions that improve consumers’ protection from fraud and are cost-effective enough to be able to be rolled out across the industry,” Williams said. “I was delighted to be invited as one of the founders of MIDAS and explain the complex issues around biometrics, particularly as it is a fundamental requirement of SecuRe Pay,” said Matthew Silverstone, the CEO of Facebanx, a global leader in biometrics. “In the end the idea that the customer could choose from any one of four different biometrics — face, voice, eye and fingerprint — seemed the easiest solution from both a customer’s and a security perspective.” Kieran Hines, a financial services technology analyst at Ovum believes “there are huge opportunities to increase transaction security further by leveraging the inherent capabilities of smartphones in particular to capture and transmit additional information”.

The first public meeting of the MIDAS Alliance will be held at FICO’s London office in Hays Lane on the 10th July at 10.00 am. If you would like to join the alliance and help in bringing a better solution to the industry, please visit http://www.midasalliance.org/membership.html.

Personal membership is free. About MIDAS Alliance The MIDAS alliance is a global membership organisation that represents key stakeholders in the information security community. Our primary aim is to promote innovation through collaboration by creating an arena for knowledge sharing to help bridge the gap between the Regulatory and Industry outlook on preventing security breaches. New Security standards go way beyond anything on the market currently, and there needs to be understanding of the strictures that the industry will need to adhere to. The MIDAS Alliance will help develop payments standards to provide solutions for simple processes to prevent online fraud.

Press Officer MIDAS Alliance Royal Holloway Egham Surrey TW20 OEX Email: [email protected]

Cofounder member Brian Kinch, FICO commented on the new launch of MIDAS:  Fraud Fighters Need the MIDAS Touch for Info Sharing

There is one thing that everyone committed to thwarting criminal activity has in common: a desire to stop the bad folks from doing bad things. History has shown us that the three C’s of cooperation, collaboration and communication are key in highlighting where and how criminals are looking to act, and thereby helping to keep potential victims aware and vigilant. Knowledge, particularly shared knowledge, is power.

There are, of course, two views on the sharing of information – one that upholds the right for privacy and data security, one that prioritizes a joint approach to data security. When these views conflict, the privacy and data security argument will often prevail. But that might be changing, certainly in the UK with the controversy around the “Snooper’s Charter”.

I have no doubt that the collective interests of the “white hats” (those trying to keep us safe and secure) would be best served by liaison and appropriate, proportionate data sharing where necessary. This should be not just intra-sector or intra-industry but inter-sector and inter-industry.

Individual industries or sectors often have trade or collective member associations that do a great job of representing their constituents. Multi-sector discussions have proven far more difficult to broker satisfactorily. And yet the criminals are not constrained by the same divisions of geography, sector, industry or organization.

In the fight against fraud, and in deference to aggressive know-your-customer compliance requirements, most sectors are now finding themselves not just expected but compelled to properly authenticate who they are dealing with. Whether for application, concession, authorized access, value exchange or whatever, being able to assure that credentials are authentic – and ensuring proof of authenticity does not result in exposing credentials that can be nefariously repurposed if  intercepted – is exercising some of the greatest information security minds of our generation.

Today I took part in the Project CAMINO 3rd Experts Workshop at Royal Hollloway, University of London. I was part of an expert panel discussing the challenges of “Identity and Strong Authentication,” especially in light of changing requirements across the landscape of SecuRe Pay, eIDAS, Payment Services Directive 2, etc.

In this discussion, I brought up the MIDAS Alliance, a global organization that includes key stakeholders in the information security community from all sectors. MIDAS stands for Mobile Identity Authentication Standard, and the Alliance has the primary aim of promoting information security and authentication innovation through collaboration by creating an arena for knowledge sharing.

The MIDAS Alliance intends to help bridge the gap between the regulatory and industry outlook on preventing security breaches. It is being forged in the coming weeks to develop payments standards that will provide solutions for simple processes to prevent online fraud.

Most industry commentators have often referenced the absence of a “silver bullet” when dealing with criminals and, especially, identity or credential theft and remote payment fraud. While that remains true, the MIDAS Alliance and the cooperation it represents means that we “white hats” are finally able to take the fight back to the “black hats” on multiple fronts.

Brian-KinchAbout the author: Brian Kinch is a senior partner working with FICO’s global fraud clients. A seasoned fraud manager in the European banking industry, Brian was most recently head of customer account fraud at Lloyds Banking Group, where he initially designed and implemented the bank’s fraud management target operating model.

Source:  FICO