In a payments market where we are all increasingly burdened by multiple usernames and passwords, Ellie Chambers meets SecureKey – the Canadian company that’s letting you log in how you want, when you want, and keeping your personal information safe and private at the same time
It is estimated that we each have between 40 and 50 accounts that require login details – at the very least a username and password. Whether it’s your LinkedIn, Facebook, Twitter, or your bank account or PayPal, you have to set up login details and then remember them.
Go deeper with GlobalData
But now a Canadian company is offering a solution. SecureKey is working with players including MasterCard, Visa, Canadian banks and telcos to provide a service that allows users to connect to their accounts easily, but without compromising their security or privacy.
The problem
Will Giles, senior vice president of product management and emerging payments at MasterCard Canada, agrees that multiple logins are frustrating. He says: "Many commerce sites ask you to log in, set up a user ID and password.
"After a while you’ve done a lot of these and you’re not going to remember them. And you start using the same passwords over and over again, which actually reduces the security. So we wanted to find something where you could use one ID, one password and get access to many merchants."
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThis problem is worsened by the fact that, with the huge take-up of smartphones, many customers now want to access payment sites on their mobiles.
Giles says: "On the PC, filling in your username, your login information, your shipping address and then your card information is cumbersome.
"When you get to a smaller screen, where everyone is headed, the interface is very challenging to type a lot on, so we wanted a solution that would address that as well. Essentially we wanted it to be fast, secure and simple."
SecureKey’s director of product marketing, David Mahdi, is even more burdened by logins than the rest of us. He says: "I carry at least 70 accounts and it’s pretty frustrating to have to deal with."
He goes on to say that the solutions that have been produced so far mostly tend to create further problems. He says: "There are all these little tokens and all these little things but they just don’t play well in our day-to-day lives.
"We’ve seen things like the little tokens glued to people’s laptops, we’ve seen people take smartcards – where you have to stick the card in the laptop the card to log in – stick them in and then cut the end off and put tape over it. You can never underestimate what users will do to get into their accounts."
The solution
In a world where we have multiple forms of ID, it is hugely frustrating that if you are missing just one, you may be unable to access a service. But SecureKey has produced briidge.net, a way by which users can user one credential to access multiple sites and accounts.
Madhi says: "It’s called bring your own credentials. So I want to be able to go somewhere, I don’t want to have to bring anything with me – I have all these forms of ID, I should be able to use these to log into my service.
"We offer a cloud-based user-centric authentication service, letting users pick the credential they want and use it to get into the service they want seamlessly and easily.
"For example; we allow Canadians to log into the Canadian government site to pay their taxes, something you only do once a year. You have a username and password; everybody forgets it, including me.
"But now, when you go to log in you can click on a button that says ‘let me pick my credential.’ And you can pick Bank of Montreal, Scotia Bank, TD Bank and log in with one of your bank credentials instead of this obscure Canadian government one."
The principle is the same for MasterPass, MasterCard’s bring your own credential service. When visiting the sites of participating merchants, users can click ‘Pay with MasterPass’ to use their MasterPass credentials.
Privacy
One of the main attractions of briidge.net is that no private information is exchanged. In the aftermath of Edward Snowden’s revelations about US government surveillance, it is hard to overstate how attractive this makes SecureKey to US companies.
Mahdi says: "The bank knows you are using the credential but doesn’t know what you are logging into. And the government knows you are logging in with a certified credential, but they don’t know whose.
"Analysts are really excited by this, because they look at what Facebook is doing and when you use your Facebook ID to log in to things, Facebook knows and they make money out of it.
"That’s OK – but it might not be OK for high assurance things like paying your taxes or paying into your retirement fund – you probably don’t want Facebook to have that information."
Security
Another of SecureKey’s key values is security. The key to letting a user sign in with ease is to identify them as quickly and as confidently as possible. Mahdi says that, on average, it takes someone hours to realise they’ve lost their wallet, whereas they usually realise within a matter of minutes if their phone goes missing.
He says: "The phone is a powerful identifier and it can identify you in many ways. Our belief is that we could use the hardware that’s in your device and uniquely identify you by your device. Rather than putting in a long password you could put in a short PIN and it identifies your device and logs you in.
"briidge.net strongly identifies the device and it puts this together with your PIN code. The bank checks if they are together, and if they are not it won’t let the transaction through. So if I steal someone’s code or password, and go to use it on a different machine, it won’t work."
The future
As well as providing access to 120 Canadian government sites, SecureKey has its sights set on moving into other markets. The US Postal Service is already using a version of briidge.net called the Federal Cloud Credential Exchange (FCCX), brokering user access to government sites including social security and department of health.
Madhi says: "Something has to change here. If you look at modern day enterprises and organisations there’s a whole movement going on; consumerisation and bring your own device. That’s being able to say ‘I want to bring my iPhone to work, I want to bring my Mac to work.’
"And IT organisations have changed. But nothing has really changed on the consumer side; there are still all these logins.
"But we believe something has to change and something will change. It’s something called bring your own credentials."
