This offer is made possible thanks to the availability of data from mobile carriers and, of course, the consent of the customer.
With Mobile ID, operators can limit identity fraud, optimise how online accounts are created and make user identification more reliable.
Carrier data as a source
Mobile ID is a B2B2C solution (selling an offer to a business that is targeted to the end-customer) that includes four products: Form ID to automatically fill in an online form, Home Verify to obtain instant proof of address, Match ID to check the consistency of information provided by a user and SIM Verify to manage the risk of SIM card fraud. Mobile ID can be integrated with the service provider’s customer experience. The user moves through three stages: identification, consent in accordance with GDPR (General Data Protection Regulations), data retrieval and sharing. Orange already uses Mobile ID resources during the registration process for its mobile banking service, Orange Bank. But the service is compatible with many sectors: banking transactions like e-commerce, insurance, transport and social networks.
Building a simple and secure experience
Frederic Reboulleau, Data Products and AI Director at Orange, launched the project in the Group. He explains: “The two challenges were to improve customer experience and give the customer the confidence to share this data. This is mainly reflected in how authentication is carried out and how consent is provided. You can’t pretend that you’re making life easier for users and then ask them for a username and password, which they don’t know most of the time”. With Mobile ID, different mechanisms are at work: customers receive an SMS with an identification code when connecting via Wi-Fi and they are automatically authenticated on the carrier’s network when they are using 3G/4G mobile. In terms of security, network enhancement involves authentication partitioning, dedicated solely to data sharing so as to avoid the potential for compromise that comes with general authentication.
At the core of identification is personal data
GDPR — four letters that crop up whenever personal data is mentioned, a potentially tricky topic. In the case of Mobile ID, several consent rules linked to different scenarios have been set. For example, there is one-time consent for the bank and it can last for 12 months in other situations. In short, consent can be set for a specified period of time, with the need to be explicit and flexible for the customer, but also not onerous for the service provider.
The development of Mobile ID, with the coordination of AF2M (Association française pour le développement des services et usages multimédias multi-opérateurs), has led to unprecedented collaboration between carriers. “This technology is already being used to some extent in North America. We have sought AT&T partners’ support in Europe. Once properly developed, we approached Bouygues Telecom and SFR in order to share our knowledge. We wanted to start collaborating so that we could bring this technology out. Because in addition to the technical challenges, Mobile ID is now faced with the challenge of spreading the good news to the market. To do this, we had to unite the players and create an ecosystem”.
Aggregators, technical and commercial intermediaries
A series of APIs have been developed internally by each carrier. To build closer relationships with service providers, the choice was made to work with aggregators, such as, DQE Software, Néthéos, Infobip, Capadresse and Payphone, all of which boast large customer portfolios across all sectors. In addition to simplified management via a single contract, this avoids the complexity of service provider integration. Orange and its partners are currently working with five aggregators in France and are aiming for ten in 2020. Orange is also considering the opportunity to develop Mobile ID technology elsewhere in Europe.
The carrier, a leader in matters of identity
For a player like Orange, the issue at Mobile ID is twofold, as explained by Laure Jouffre, Digital Identity, Personal Data, Security Innovation Director: “There is, of course, an internal objective, because extending the use of this data goes hand in hand with our multi-service strategy. It is also a question of adding value to our identity as a carrier. By providing our customers with a simple and secure personal data experience, we are increasing their trust in us and we are securing our place in this new market. It is a logical step in line with Orange’s purpose, which is to give everyone the keys to a responsible digital world”.