AT&T's Bid to Intertwine Its Services with Mobile Banking Apps
Verizon has upgraded its user authentication service with an ambitious goal in mind: to be the steward of consumers' online identity, the gateway to every site with which a consumer engages.October 15
Discover Financial Services (DFS) has joined the Fast Identity Online Alliance, or FIDO, a group of companies working to develop new standards for online authentication.December 17
Several Canadian banks have taken on the challenge of managing and protecting their customers' user names and passwords across banking and government sites. U.S. banks are invited to join a similar pilot starting in the U.S.December 2
AT&T would like to partner with banks on their mobile banking apps, providing a range of hosted services from call recording to videoconferencing to geolocation services to mobile identity verification.
The telecom launched its first product in this vein, a mobile identity toolkit, in late December. In a way, it is following the footsteps of Verizon, which debuted a mobile identity offering in October.
But the technology and approach the two companies are taking are somewhat different.
AT&T is producing a set of APIs that lets banks and third-party providers hook some of its basic services into their mobile apps. These services include communications (including call recording), videoconferencing and the use of user location and account information (including mobile identity).
A bank could use the new mobile identity toolkit in a few ways. One would be to ease the process of account opening (for, say, mobile banking or a loyalty program) by pre-populating online forms with basic information obtained from the customer's AT&T account (such as name, address, phone number and email address). In addition to faster account opening, this could provide the bank a small measure of comfort in knowing its customer data matches AT&T's records.
To increase security, the bank could also draw upon AT&T's device identity service, which registers users' mobile devices and then ensures at the time of a transaction that the device ID matches that of the device the user originally registered. For another layer of security, the bank could also incorporate AT&T's geolocation service, to make sure customers' physical locations match that of the transactions on their account. These services are all opt-in.
Verizon's approach to mobile identity also uses device ID. Bank customers would need to register their mobile device with Verizon when signing up for online or mobile banking. Then the transaction authentication process would require the customer to scan a QR code using the device or enter a one-time password sent to the device.
A catch to both offerings is that bank customers don't all use one network. In addition to AT&T and Verizon, they use Sprint, T-Mobile and smaller, lesser-known carriers.
However, Laura Merling, vice president of Ecosystem Development and Platform Solutions at AT&T, says there are a number of third-party aggregators who combine data from different telecom providers, and that the telecom giants themselves are starting to work together on this.
"We've been working with carriers to align on how this works," Merling says. "Do we have the same API set? Do we return the same results? For instance, do we reference birth dates the same way?"
AT&T has worked with the GSMA, a group of mobile operators, to develop a standard format for account details.
"Step two is getting other carriers to do it, step three is getting it adopted as a global standard," Merling says.
While it sounds unlikely that fierce competitors like AT&T and Verizon would share customer information, Merling says it's not.
"It's coopetition," she says. "For us to achieve all of this, we've got to find a way to work together. We've been doing it at AT&T through foundries where we bring in partners and customers to work on projects jointly. If we work on stuff together, the intellectual property is both of ours."
The carriers are working together to make sure their data fields match. "It's only to our advantage to work with them and collaborate," she says.
A couple of years ago, the GSMA started an effort to work on APIs carriers could create together. "It was too big we tried to get 40 carriers to agree on something; it wasn't working very well," Merling admits. "We believe that if we go carrier to carrier, and prove out we can do it with one and then another and another, that's easier than trying to get 40 people in a room who all believe they have the best idea."
Telecom providers are not the only group trying to make a business out of mobile and online identity and authentication. The FIDO Alliance, a group of mostly technology vendors, is trying to hammer out a standard for online authentication.
And the U.S. Postal Service is piloting a centralized service for managing citizens' online IDs that banks are encouraged to join, to become gatekeepers for their customers' online personas.