Who’s on the other end of your digital transaction?
John SculleyChairman of the Board, IdenTrust
Building Trust Into the Supply ChainMarch 20, 2006
2Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Why standards are increasingly critical
Existing and impending regulatory requirementsSarbanes Oxley (SARBOX)AML (Anti-money laundering)SEPAMIFIDPrivacy laws
The proliferation of overlapping and/or competing standards
Geography or product specificContinued activity and focus around industry-specific standards variants
3Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Corporations and Banks need teamwork
Corporations are ready to move toward more consistent standards
But they are not certain that their banks are ready to support them
Banks are also ready to moveBut have not been asked to do so by their corporate clients
Both groups agree that their biggest challenges are internal –Getting the required staff, resources and attention
4Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Disruptive change is often the catalyst for a shift in strategic focus – changing the game
Game Changers
Apple1980’s
Innovation
Dell1990’s
Standards
versus
5Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
The shift in strategic focus will drive standards on to a predictable path
FirstCuriosity
SecondUseful
ThirdUbiquitous
Time
The Adoption Curve
6Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
VS
Defining the Right Problem
Pepsi market researchPlastic bottle developmentUPC, DPP, bar codeStandardized merchandizingFood chains, mass merchandizing and drug chains
7Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
1990’sidentity
proprietary driven
2000’sidentity
standards driven
Creating new sigma curves...
8Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Re-invention of work
Assumptions:Commoditization of almost everythingDecentralized approvals and decisionsVirtual organizations and ubiquitous broadbandProductivity driven by project teams and real time communications
9Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Business problem - verified connections
Business is conducted through people and companies without a personal connection
Need to verify and authenticate the participants and sites involved
Global interoperability requires a standardized way to verify connections
10Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
The unknown is painful
Lack of interoperability limits anticipation and global fraud tracking
Result:Fraudulent account openings and closings
Phishing, pharming and corporate payment fraud
Fraudulent public sector procurements
Unqualified and unauthorized resources
Information exchange hampers trapping criminals
11Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
How painful is it?
Estimates of corporate fraud start at $1.2 billion in the US alone (Gartner 2003)
After 10 years, STP still means straight to printer
Fraudulently opened corporate accounts and lack of audited provisioning restrict expansion of e-commerce
12Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
No silver bullet
There is no single answer for all identity needs
Collaboration is key to success and requires globally interoperable standards
No Single Solution Provider Solves No Single Solution Provider Solves the Entire Endthe Entire End--toto--End ProblemEnd Problem……It Takes A VillageIt Takes A Village
13Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
A standardized approach to account opening and management is a first step
The TWIST bank mandate working group proof of concept brings true interoperability to the new account opening process
Globally accepted identities, issued and authenticated by the banks, will simplify account opening and maintenance globally
Identity secured cross border payments generated from an authenticated account secures the integrated financial and logistical supply chains
14Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Business needs a “Trust Village”
Global & Domestic Financial
Transactions
Global & DomesticDefence & SecurityRelated Warnings &
Information
Medical InformationExchanged Globally & Domestically
Global SupplyChain Data &
DocumentationPharmaceutical Information &
Warnings
Authenticated Communications
Legal InteroperabilityLegal Interoperability
15Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Comprehensive Identity Management Requires a Spectrum of Trust
Increased Level of Trust
Incr
ease
d So
phis
ticat
ion
Incr
ease
d So
phis
ticat
ion
IdentityControlIdentityControl
OperationalImprovementOperational
Improvement
EncryptionEncryption
RiskManagement
RiskManagement
ComplianceCompliance
16Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Truly securing payments cross border varies across four key ingredients
NoneNoneGloballyGlobally
ConsistentConsistent& Regulated& Regulated
VettingVetting
StorageStorageSW OnlySW Only HW OnlyHW Only
Validation & UseValidation & UseBatched OfflineBatched OfflineWeb LogonWeb Logon
Real Time OnlineReal Time OnlineDigital SignatureDigital Signature
Reliance & RepudiationReliance & RepudiationNoneNoneLegally Binding Legally Binding
& Global& GlobalNonNon--RepudiationRepudiation
17Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Trusted identities: key ingredients
StorageStorage
Validation& Use
Validation& Use
VettingVetting
Reliance &RepudiationReliance &
Repudiation
Standardized, globally interoperable, secure supply chains musthave:
18Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
IdenTrust - global, interoperable, bank-endorsed identity blueprint…
Secure data centersConsistent manufacturing processEfficiency
OperationalOperationalOperationalOperational
Highest levels of technical securityIdentities all work the same wayCompliant with industry standards TechnicalTechnicalTechnical
Global contractual frameworkContracted liability modelDispute resolution
LegalLegalLegalPolicyPolicyPolicyPolicy
KYC consistencyFATF complianceInteroperability across financial entities
19Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
IdenTrust extends current market’s approach to Trusted Identities
Increasing Complexity
Incr
easi
ng R
isk
Incr
easi
ng R
isk
IdenTrustIdenTrust
“Transaction Control”• High on encryption, confidentiality• High on identity quality, authenticationCurrent Market
“Session Control”• High on encryption, confidentiality• Low on identity quality, authentication
20Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
IdenTrust provides standardized Trusted Transactions like Visa/MC
Card Issuer Card Authorization
Card Holder Merchant
TrustedTransactions
Powered by Credit Card Associations,e.g. VISA, Mastercard, etc.
Third-Party Provider that operates the network, establishes standard, and ensures complianceThird-Party Provider that operates the network, establishes standard, and ensures compliance
Certificate Issuer
Certificate Issuer
CertificateValidationCertificateValidation
Certificate Holder
Certificate Holder Relying PartyRelying Party
TrustedIdentities
Powered by
21Copyright ©2006 IdenTrust, Inc. All Rights Reserved.
Conclusions
Trusted Identities are mandatory for opening new accounts and making payments globally
Vetting, Validation and Use, Storage, Reliance and Repudiation are key to Trust the supply chain
There is no single solution to identity management
IdenTrust and its partners provide a comprehensive approach
22Copyright ©2006 IdenTrust, Inc. All Rights Reserved.