FB pixel

Criipto CEO’s phishing tales make for a wild ride at Authenticate 2024

Talk on data security, digital wallets, passkeys hijacked by Romanian gangs
Categories Access Control  |  Biometrics News
Criipto CEO’s phishing tales make for a wild ride at Authenticate 2024
 

Copenhagen-based firm Criipto was recently acquired by the parent company of Norwegian BankID, which runs Norway’s digital identity infrastructure. So its CEO, Niels Flensted-Jensen, speaks from a true multiplicity of perspectives in his talk at Authenticate 2024, in which he covers the differences between data center security and a truly secure population – via Romanian gangs, his wife’s susceptibility to phishing scams, sports betting and cast iron cars.

Flensted-Jensen’s main thesis is that “phishing is a big thing,” and that too much focus is being put on cybersecurity at the back end. “Regulators, all the attacks and such, are keeping our attention away from the phishing,” he says. “People are not breaking into our data centers. They’re cheating our users out of their money.”

He recounts the Norwegian smishing case of Romanian gangs that sent out SMS messages claiming to be from Norway’s department of motor vehicles, which allowed them to steal digital identities. This is followed by an account of how his wife, an art historian, was tricked by an online phishing scam posing as a Norwegian bank.

Flensted-Jensen notes the prevalence of digital ID in Scandinavian society, and says the ideal of standardization (which he claims is achieved in his native Denmark’s digital ID) also leaves verification processes open to fraud. “Digital identity succeeds when it looks the same no matter where it goes.” But that makes it “ripe for phishing.” FIDO passkeys are a potential answer.

Usable, affordable security for all trumps ‘cast-iron cars’ that make few safe

Over a black slide with the text “Intentionally left black,” Flensted-Jensen swerves to weigh the benefits of good security for many versus great security for some – i.e., those who can afford it. “Legislators tend to lean toward great security, without understanding that means security for fewer people. If we did that for transportation, we would have cars made of cast iron and going 20 miles an hour or something.”

The advancement of biometrics, mobile identity and client side cryptography means “we can do things on our devices that in the past we would have had to do in the data center.” Decentralized identity wallets can house verifiable credentials issued by trusted sources, which can then be presented to relying parties. But there are regulatory snags: for example, attestation is a problem with synched passkeys that leverage the cloud.

For web wallets, Flensted-Jensen says usability leads to adoption. But on top of usability, you need economic force, engaging industries wherein high frequency use makes sense on a cost-revenue level. He gives the (ethically iffy) example of online sports betting, where addictive behaviors necessitate repeated logins. “People that do sports betting, like it or not, they do it a lot. They sign in every day, use it for authentication day in and day out, every second hour when they go and check if Manchester United won that game.”

In near-conclusion, Flensted-Jensen sums up his main arguments (somewhat) tidily. In terms of regulations, “regulators for phishing more than they do. They should think about building for the masses, not for the few German politicians that need high security. And they should think hard about UX.” He also offers a manifesto of sorts: “stay in the browser, and stay out of the walled gardens of the app stores!”

BankAxept AS, the operator of Norway’s national payment system and its largest digital identity, BankID, acquired Criipto ApS in September 2024. The move was prompted by interest in what Øyvind Westby Brekke, CEO of BankID BankAxept, calls Criipto’s “unique and developer-friendly integration platform.”

Related Posts

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biden executive order prioritizes privacy-preserving digital ID, mDLs

In one of his last official acts as President, Joe Biden on Thursday issued a robust new executive order (EO)…

 

Problem with police use of facial recognition isn’t with the biometrics

A major investigation by the Washington Post has revealed that police in the U.S. regularly use facial recognition as the…

 

Sri Lanka considers another tender to solve passport crisis

Sri Lanka’s government is likely to open another tender for e-passports after a legal dispute caused a backlog of thousands…

 

Age assurance gets warm early response from U.S. Supreme Court

The U.S. Supreme Court appears to be leaning toward support for Texas’ age assurance law, as it weighs a host…

 

State of passkeys 2025: passkeys move to mainstream

More than 1 billion people have activated at least one passkey according to the FIDO Alliance – an astonishing number…

 

Ofcom publishes highly anticipated age assurance statement

Ofcom has published its Age Assurance and Children’s Access Statement. The much-anticipated statement includes guidance on “highly effective age assurance”…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events