Trust Frameworks and Interoperability

Working Group

22nd July 2020

Nick Mothershaw, OIX
Agenda
 Update on other working groups
 Principles
o Confirmation of consumer principles only
o Mapping Principles to the Trust Framework guide
• At what level would this be useful?
 Trustmarks
o Survey Feedback
o Draft document review
 Next Steps
Update on other
Working Groups
 Fraud control dimensions
REGISTRATIO LOGON ACCOUNT HELPDESK
N UPDATE
DIGITAL / Per-2- DIGITAL DIGITAL / Per-2- DIGITAL / Per-2-
Per Per Support
Fraud Education, Awareness and Per
User
Fraud Reporting and dealing with Detected Frauds

Legal Considerations
Relying Party

Broker
Fraud Fraud
Controls Controls
ID Provider
Management
Internal Risk
Information
Sharing

Evidence
Fraud

Fraud P2P ID Fraud P2P ID P2P ID

Authentication
Fraud Authentication
Fraud
Authentication
Verifier Controls Controls Controls Controls

Fraud P2P ID Fraud P2P ID Fraud P2P ID

Authentication Authentication Authentication
Controls Controls Controls

Eco-system Party-to-party Web-app-web Fraud Primary Fraud Secondary

party Trust: role based User ID Theft: Controls Controls Controls Controls
Device-device
 Where Applied

DIGITAL Person-2-Person CHANNEL

Control Type Control Sub Type Description

REGISTRATION LOGON ACCOUNT UPDATE HELPDESK REGISTRATION LOGON ACCOUNT UPDATE HELPDESK WEBCHAT PHONE FACETOFACE VIDEOCHAT TEXT EMAIL

Fraud controls
Checks to establish any known links fraud pre/post registration or in the new evidence being provided. Should include a y y y y y y
Known Fraud Y Y
check on if the individual has been a victimof fraud.
Cross sector data Participating organisations submit fraud cases to a central database, which is then searchable by participating
sharing scheme organisations at point of need, flagging where names, addresses, contact details, financial details etc. have been Y
e.g. Cifas NFD involved in fraudulent conduct previously
Supplier specific Data sharing offered by suppliers of fraud control software, allowing sharing of relevant data items across other users of
Y
sharing schemes the software - e.g. Iovation device identifiers

Internal screening Checking supplied data against data already held by the organisation marked as fraudulent e.g. Local Hunter/SIRA Y

Y Y
E-Mail E-mail, linked to known fraud, suspicious domains

Y Y
Account Takeover Compromosed Credentials associated with known fraud

Evidence Y Y
Evidence presented/being updated is known to be assicated with known fraud, synthetic Identity, comprmised Identity
Verification
Y Y
Device Risk Can the device be linked to other registrations, or to known fraud/suspicious device characteristic. Y Y

Known Device for Y Y

Positive: Can the incoming transaction be bound to the previous registration device Y y
User
Y Y
Fruadulent or
Negative: current or new device linked to know fraud/suspicious device characteristic Y Y Y
Other Users Device

New Device for Y Y

Uncertain: new device not previously linked to account Y Y
User
Inconsistent / unusual / high-risk data against data available, e.g.: Y Y
•IP; Timezone; Keyboard language;
Device Anomalies Y Y Y
•Phone-on-desk; Battery level; OS
Etc…

Malware/session
Check device for malware and session/connection risk e.g Trusteer or Retrust Y Y
risk check

? Y Y
Anomaly Detection Are the discrepancy's in key information, location (inc. liveness test of biometric image capture). Y Y (partially)

y (update/step-up) Y Y
SIM Swap Verification that the number/device has not been compromised. Y

Inconsistency Checking supplied data against data already held by the organisation fromprevious applications/accounts e.g. Local Y
Y
screening Hunter/SIRA
Y
Call acoustics check Checking that the call acoustics match the situation provided by the caller/phone/location e.g Pindrop Y Y

Liveness check Check image provided is live/not a stock image, check voice is live Y Y

CRA/Electoral roll
Validating address history/financial conduct provided against data held at CRAs/on the electoral roll Y Y
check

Synthetic Identity A number of differnet elements of the ID not fitting together correctly will indicate an synthetic ID.

Veolocity Detection Velocity Thresholds need to be set. Consideration needs to be given to multiple users legitimately sharing one device.

Y
Credential Stuffing Number, velocity of attempts

Y
Device frequency Flag multiple connections from the same device in a short space of time

Data attribute
Check repeated rapid presentation of the same data attribute e.g. IP, mobile, email address
frequency

Fraud Networks Creation and scoring of networks of potentially fraudulent IDs or attempts to create IDs.

Evidence Verification Verification of (the change to) account/user evidence. Is the new evidence linked to any other transactions, known fraud. Y Y

Liveness Indicator(s) that physical presentation is “live” and not a static copy or forgery Y

Document Y
Physical examination of document - either by human or scanner Y
inspection
Check with
Check documents against details held at issuing body Y
issueing body
Check evidence
Read chip to match data on documents against those held on the chip Y
against chip
Algorithm
Ensure algorithmcorrelates to data on the document Y
validation
Failure (repeated) User fails an evidence check that they should pass. This could be indicaive of a fraid attempt. Especially repeated failure.
of Evience Checks Mitigating action is required.
Behavioral
Behaviour of individual not ‘realistic’ or linked to other registrations/known fraud Y Y Y
discrepancies and Risks
Data Entry
e.g. Data entry characteristics (typed / copy-paste/ speed / tapping / how device is held) Y Y
Inconsistency
Behavioural
Validate device interaction against known behaviour Y
biometric check

Bot Checks Bot checks (e.g. reCaptcha) Y Y

Y Y Y Y
Physical behaviour
Voice stress/tone, nervousness/confusion/agitation Y
risk indicators

Checking of external data sets to highlight any areas of increased fraud risk – e.g. mortality, redirection, email address
Risk indicators Risk indicators Y Y Y
age etc.
Compromised
Use of common or compromised credentials Y Y Y
Credentials

Mortality e.g. mortality Y Y Y

Gone Away check Check if the individual is a known 'Gone Away' at the address Y Y
Mail redirection/
Check mail is not being held back fromthe given address Y Y
keepsafe check
Phone contract
Check recency of contract inception Y Y
age check
Email age check Check recentcy of email address creation Y Y

Email Risk Email is judged to be froma risky source Y Y Y

Relationship check Check known connections to other people/companies e.g. HooYoo Y Y

Fraud Hotspots Address or device is in a geographic fraud hot-spot.

Adaptive Initiation by the fraud control systems of additioanl authetnciation steps in the ID Authentication process to migitate
Authentication fraud risk detected.
Step Up
Credential re-validation, including KBV, document checking etc. Y Y
Transactions
ID Proofing and Authentication -
Interoperability
• Framework / Scheme Interoperability Scoring Approach applicable across the whole trust
framework
• Exploration
END-Tof the application
O-END of thisMA
INTEROPERABILITY approach
TRIX to ID Proofing and Authentication

Gather Establish Establish

Evidence User Authentication
Trust intheEvidence Trust intheUser

Proofing Identity Assurance

Evidence Trusted Trusted Monitor Assured
Authentication Identity
andClaims Evidence User Risk
Identity
Validation Verification Authenticators Binding
Risk

Technical
*** **** ** *** **** ** *** **** ** *** ***
Syntactic ** *** *** ** *** *** ** *** *** ** **
Semantic
*** ** ** *** ** ** *** ** ** *** ***
Organisational
**** *** **** **** *** **** **** *** **** **** ****
Legal **** ** ** **** ** ** **** ** ** **** ****
Governance *** **** ** *** **** ** *** **** ** *** ***
User
Principles
Consumer Principles

CONVENIENCE CONTROL
• An ID I set up can be used in lots of different places - I • It’s my ID and data.
don’t need different IDs to access different kinds of • I need to agree who my data is shared with and what is
services, unless I choose to do so. shared.
• I need to know where I can and cannot use my ID. • I can see a record of this, and request for it to be returned
• I need to understand why I am sometimes asked for and removed if I want.
further verification of my ID.  • I can change my data a any time and can choose who is
informed of that change.
• My data will only be used in ways I have agreed to.

CHOICE CONFIDENCE
• I can choose who manages my ID for me and change this • I need to know my ID and data is safe from ID fraud and
at any time. those who might use it illegitimately.
• I can have more than one ID. • If something goes wrong, I need to know I will be OK, and
• My IDs are free. the problem will be resolved.  
Consumer Principles
What do eco-system participants do to support?
Principle Principle Element Relying Party TrustMark (on half Broker IdP Evidence Verifier
of Scheme /
Framework)
CONVENIENCE An ID I set up can be used RP shows the Shows the user Lists all the RPs Show the user that Show the user that
in lots of different places - I TrustMark so users where they can use contracted to it to the ID has the the evidence verifier
don’t need different IDs to know they accept their ID. the consumer. Trustmark – explains is operating within
access different kinds of their ID what this means. the Trustmark –
services, unless I choose to explains what this
do so
means.

I need to know where I can Shows the user Needs to show a list Needs to show a list
and cannot use my ID. which ID of sectors and RPs of sectors and RPs
Assurance(s) it the ID can be used the ID can be used
accepts with? with?
I need to understand why I Needs to explain this
am sometimes asked for to the user when
further verification of my ID.  step up occurs.

CHOICE I can choose who manages RP should show Lists the different ID Shows who the Supports ID change
my ID for me and change which IdPs are providers. alternative ID to new IdP. Includes
this at any time. preferred / accepted providers are. transfer of some ID
for new registration Allows users to Info Package data,
when a user wants to transfer data but not transfer of ID
change. (attributes?) from in whole. (This is a
one IdP another, Nice-to-have in a
subject to ID more mature
Proofing. market).
I can have more than one Explains the users User should be able
ID. can have more than to close their ID at
one ID. any time
My IDs are free. Explains that IDs are Re-iterates IDs are
free. free. 9
 Consumer Principles
What do eco-system participants do to support?
Principle Principle Element Relying Party TrustMark (on half of Broker IdP Evidence Verifier
Scheme / Framework)
CONTROL It’s my ID and data. Explains that a users PII Explains that a users Explains that a users PII Explains that a users PII
belongs to them, but the PII belongs to them, belongs to them, but the ID belongs to them, but the ID
ID Evidence assets are but the ID Evidence Evidence assets are not Evidence assets are not
not theirs. assets are not theirs. theirs. theirs.
I need to agree who RP audit trail required. Explains Audit Trail of who Gathers and records Records consent.
my data is shared RP could have time IDPs share ID data consents to share with RPs
with. limited use of data (per with, but not the and Evidence Verifiers.
open banking 90-day detail.
rule) – user needs to be
informed.
I can see a record of Removes consumer data Explains Brokers data removal Shows historic RP consents Shows historic IdP consents
this, and request for it on request, informing from RPs and allows user to request and allows user to request
to be returned and the user of the removal. removal?
removed if I want. consequences of doing IdP sends a request to the
so. RP to remove data?
OR
IdP presents the user a link
to the RP site where the RP
tells the user how to delete
their account.
I can change my data RP must subscribe to Explains Sends Alerts to RPs Allows user to change and Verifies changed data.
at any time and accepts change of data choose who to alert, from ss
choose who is and updates their list of RPs who subscribe to
informed of that records this service.
change.
My data will only be Prohibited from selling Explains Enforces Gathers permission if Records consent.
used in ways that I data. relevant.
have agreed to

10
Consumer Principles
What do eco-system participants do to support?
Principle Principle Element Relying Party TrustMark (on half Broker IdP Evidence Verifier
of Scheme /
Framework)
CONFIDENCE I need to know my ID Implements Fraud Explains Implements fraud Implements fraud Implements fraud
and data is safe from ID Controls? controls controls controls
fraud and those who Should any fraud
might use it monitoring be done
illegitimately.  at the Trustmark
level?
If something goes wrong, Explains. Explains. Provides help and Provides help and Provides help and
I need to know I will be Points to help and redress services. redress services. redress services.
OK, and the problem will redress service. Points to help and
be resolved.   Other obligations? redress service.

Points to ultimate
redress and
complaint service at
Scheme / Framework
level.

11
Other levels of support

We could map principles to individual

framework requirements, particularly in the
user service section of the framework

12