Biometric marketing leaders, do your firm’s product marketing publications require the words of authority?
John E. Bredehoft of Bredemarket, the biometric product marketing expert.
Can John E. Bredehoft of Bredemarket—the biometric product marketing expert—contribute words of authority to your content, proposal, and analysis materials?
I offer:
30 years of biometric experience, 10 years of product marketing expertise, and complementary proposal and product management talents.
Success with numerous biometric firms, including Incode, IDEMIA, MorphoTrak, Motorola, Printrak, and over a dozen biometric consulting clients.
I’m going to discuss the acronyms CMMI and NSS, which I’ve kinda sorta discussed before but never in combination. (And as an added bonus I’ll discuss one more acronym.)
Capability Maturity Model Integrated (CMMI)
Back in February and in April I made passing references to CMMI, which stands for the Capability Maturity Model Integration. But I only mentioned it in passing because my experience is with the older Capability Maturity Model (CMM).
Imagen 4.
Who manages the CMMI?
Information Systems Audit and Control Association (ISACA)
Back in March and in April I either explicitly referenced or implicitly quoted from ISACA, which is the Information Systems Audit and Control Association.
“CMMI was originally developed at the Software Engineering Institute, a federally funded research and development center within Carnegie Mellon University.”
Imagen 4.
Thus ISACA governs all CMMI-related activity, including assessments and certifications.
Which brings us to…
National Security Systems (NSS) and National Security Solutions (NSS)
‘Cause you know sometimes acronyms have two meanings.
When a foreign-owned company wants to do business with the sensitive parts of the U.S. federal government, they have to set up a set up an entity that is free from foreign ownership, control, or influence. This is FOCI, a bonus acronym for you today.
Imagen 4.
In the biometric world, there are two notable FOCI-mitigated subsidiaries of foreign companies:
IDEMIA National Security Solutions (NSS), a subsidiary of the primarily U.S.-owned IDEMIA. Primarily, but not exclusively, because a small sliver of IDEMIA is French-owned.
“IDEMIA National Security Solutions (NSS), a subsidiary of IDEMIA, the leading provider of secure and trusted biometric-based solutions, is proud to announce that it has successfully earned re-certification at level 3 of ISACA’s Capability Maturity Model Integration (CMMI®).”
Imagen 4.
You’ll recall that the CMMI levels go up to Level 5. So IDEMIA NSS is not at the maximum CMMI level, but Level 3 is impressive enough to issue a press release.
IDEMIA NSS’ extensive federal government work dictates that it maintain a number of certifications and conformances. CMMI gives the government agencies assurance that IDEMIA NSS provides its products according to specific quality and process improvement standards.
I hate to use the overused t word (trust), but in this case it’s justified.
“Scammers are aware that people are more likely to open and read a text message rather than an email The open rates for text messages are more than 90% while the open rates for emails is less than 30%. In addition, many email providers have filters that are able to identify and filter out phishing emails while the filtering capabilities on text messages is much less. Additionally, people tend to trust text messages more than emails. Text message also may prompt a quick response before the targeted victim can critically consider the legitimacy of the text message.”
Who can provide remote supervised identity proofing?
“NextgenID Trusted Services Solution provides Supervised Remote Identity Proofing identity stations to collect, review, validate, proof, and package IAL-3 identity evidence and enrollment data for CSPs operating at IAL-3.”
And there are others who can provide the equivalent of IAL3, as we will see later.
How do you supervise a remote identity proofing session?
“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times.”
But that doesn’t matter with me now. What matters to me is WHEN we need remote identity proofing sessions.
Governments aren’t the only entities that need to definitively know identities in critically important situations.
What about banks and other financial institutions, which are required by law to know their customers?
Now it’s one thing when one of my Bredemarket clients used to pay me by paper check. Rather than go to the bank and deposit it in person at a teller window (in person) or at an ATM (remote supervised), I would deposit the check with my smartphone app (remote unsupervised).
Now the bank assumed a level of risk by doing this, especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.
But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check. Actually, none of my clients has ever written me a million dollar check. (Perhaps I should raise my rates. It’s been a while. If I charge an hourly rate of $100,000, I will get those million dollar checks!)
So how do financial institutions implement the two types of IAL3?
“If you need to initiate a funds transfer payment, an authorized signer for your account may also initiate funds (wire) transfers at any Chase branch.”
Note the use of the word “may.” However, if you don’t want to go to a branch to make a wire transfer, you have to set up an alternate method in advance.
Remote supervised
What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do? Every breath you take? And every move you make? Etcetera.
It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers. For example, Incode’s Developer Hub includes several references to a video conference capability.
To my knowledge, Incode has not publicly stated whether any of its financial identity customers are employing this video conference capability, but it’s certainly possible. And when done correctly, this can support the IAL3 specifications.
Why to use IAL3 for financial transactions
For high-risk transactions such as ones with high value and ones with particular countries, IAL3 protects both the financial institutions and their customers. It lessens the fraud risk and the possible harm to both parties.
Some customers may see IAL3 as an unnecessary bureaucratic hurdle…but they would feel differently if THEY were the ones getting ripped off.
This is why both financial institutions and identity verification vendors need to explain the benefits of IAL3 procedures for riskier transactions. And do it in such a way that the end customers DEMAND IAL3.
To create the content to influence customer perception, you need to answer the critically important questions, including why, how, and benefits. (There are others.)
And if your firm needs help creating that content, Underdog is here.
Visit https://bredemarket.com/mark/ and schedule a time to talk to me—for free. I won’t remotely verify your identity during our videoconference, but I will help you plan the content your firm needs.
If the subject of identity proofing is remote, how do you supervise it? Here’s what NIST says:
“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times. Additionally, the components of the remote identity proofing station (including such things as keyboard, fingerprint capture device, signature pad, and scanner, as applicable) should be arranged such that all interactions with these devices is within the field of view. This may require more than one camera to view both the applicant and the room itself.”
I’m going to limit my thoughts to two of the four changes that Integrated Biometrics mentioned.
Decentralized systems
When I started in the biometrics industry in 1994, an automated fingerprint identification system (AFIS) was usually a centralized system. Tenprint and latent examiners at the state capital (there was no federal IAFIS back then) would work in buildings at or near a huge minicomputer that held the state’s fingerprint records. Perhaps there may have been a few remote tenprint and latent workstations connected by modem, and perhaps there were some livescan stations scattered around, but for the most part these client/server systems had a single server in a state computer room. (Well, except for the Western Identification Network, but WIN was ahead of its time.)
Fast forward 30 years, and while this model may work in the United States, it may not work elsewhere.
What if you don’t have internet or cellular communications? (Yes, cellular. Modern edge devices are a topic addressed in the Integrated Biometrics article that I won’t go into here.)
Or what if the communications are so incredibly slow that it would take forever to submit a search to the capital city, and return results to the originator?
This is where decentralized systems come into play. Rather than requiring everyone to ping the same central hub, the biometric database is distributed and synchronized among multiple servers in multiple locations.
Or maybe you’re getting ahead of me here and realizing that “servers” is too limiting. What if you could put all or part of a biometric database on your smartphone, so you can search a captured biometric against a database immediately without waiting for network communication time?
Such decentralized systems were impossible in 1994, but they are certainly possible today. And IB360 lets partners build their own biometric systems with decentralization and synchronization.
Speaking of building…
Demand for speed
As I mentioned, I’ve been in the biometric industry since 1994, and although my early years were spent in a pre-contract proposals role, I’ve seen enough post-contract deployments to know that they take a long time. Whether you were dealing with Printrak, NEC, Sagem Morpho, or the upstart Cogent, it would take many months if not years to deploy a fingerprint system.
For the most part, this is still true today with “pre-made” systems from NEC, IDEMIA, Thales, and the others.
And it’s also true if you decide to deploy your own “custom-built” fingerprint or biometric system from scratch.
Either way, there is a lot of engineering, integration, and orchestration that must take place before a system is deployed. You can’t take an AFIS for Bullhead City, Arizona and deploy it in Anaheim, California…or the state of Tennessee…or the nation of Switzerland. You need to perform months of tailoring/configuration first.
Integrated Biometrics asserts that waiting years for a biometric system is far too long.
Other changes
I’ll let you read the Integrated Biometrics article to learn about the other two evolutionary changes: more powerful hardware (I’ve alluded to this), and a myriad of use cases.
All of these changes have impacted the biometric market, and prompted Integrated Biometrics to introduce IB360. To read about this modular software suite and its benefits, visit the IB360 product page.
Bredemarket 