Q+A with Jacques Pantin, CEO & Founder of Dictao
Can you tell us about Dictao?
Dictao is a software company specialised in security, we provide software for strong authentication, digital signature, proof management and secure archiving. We have a complete platform for securing transactions and access to services, and are present in all of the major French banks.
When did you join the Natural Security Alliance?
We joined the Natural Security Alliance in 2012.
Why did you join the Alliance?
We are working with many providers of what we consider to be key new authentication factors. In particular there is a strong move towards mobile and biometrics, and we think that the Natural Security Alliance has understood what the future trends of the industry are. There is already a biometric device on the Apple iPhone 5S for example, but in terms of convenience and security, it’s not enough. The Natural Security approach of being able to use a phone or personal device that connects to the small reader is a good development.
We are building quite a number of concepts involving biometrics, including working with large French Banks on facial recognition, voice recognition and of course the fingerprint approach of Natural Security.
What is your role in the Alliance?
We have extensive experience working with a number of form factors when it comes to authentication and can support many methods, from EMV card devices to passwords. For Natural Security this means we can support progressive deployment of the solution without having to switch all the banks’ merchant and consumer customer bases to new form factors, which would be expensive and time consuming. That’s what we sell to our customers, a smooth change and evolution of authentication. Our aim is to help link the authentication chain from start to finish.
In your opinion, what are the current issues the market is facing regarding strong authentication?
This world is quickly changing, the password is not strong enough and we have more and more fraud. All the banks understand now that they have to provide a strong authentication device for security purposes so the market is opening up. Creating volume is a major issue because banks, retailers, providers and users all need to be involved together to quickly build an adequate supplier/user base. Authentication is a complex process so it requires a complex eco-system to provide and implement a new system. This is why the approach of the Alliance is so good, it brings all levels of the chain together from the beginning of development.
What do you consider to be the key elements of an authentication method?
User friendliness, user friendliness, user friendliness, security is also important but user friendliness is the number one factor. As an example, we tested voice recognition because initially we thought the technology was very good. However, now we’ve tested it on the user base we’ve seen the drawn backs, for example it doesn’t work well in busy areas such as railway station.
What is the urgency for developing a new authentication method?
The authentication technology we are using today will probably be far too weak two years from now. So we have two years and, when you discuss this with French banks, the objective is to have an alternative authentication solution fully deployed between 2015 and 2020. Of course it is a long process, you cannot have instant deployment, but nevertheless we must start immediately. Presently we are developing pilots, it’s not talked about publically, but most of the large French banks will officialise plans 2015, because they will start to build up the solution and start to deploy. We have probably one year to convince them to use this Alliance approach.
What do you think are the biggest barriers to adoption of the Natural Security Standard?
The Natural Security Standard is a good approach and has many benefits as a form of strong authentication. However, the world is changing so quickly and that presents its own challenges when it comes to planning for the future. For example, the Standard uses the Zigbee protocol which is widely deployed now, but it is impossible to say that no new communication specifications will be developed in the next few years. We have to always be prepared for that and remain both proactive and reactive when it comes to technology.
The other problem we are facing is building the large supplier, merchant acceptance and end-user bases required for successful usage. It’s always a bit of a chicken and egg scenario to get things started and ensure a large number of merchants are accepting this new approach. That was the problem with EMV card acceptance, in the UK there are over 5million users, but in France there’s just 1million users which is not enough to persuade merchants to accept it.
How do you envisage the Natural Security Standard being used?
The solution can be used for everything from banking to online authentication and signature. We’re actually the number one electronic signature provider in France, and the Alliance devices are particularly good for signature because they provide a strong level of security.
How well does the Standard work for Privacy?
Privacy is more of a European problem, but the Alliance solution solves these problems for the individual very well. What is more difficult is that privacy needs to be ensured absolutely everywhere, it’s not enough to use an Alliance device to sign something on Facebook, because once information passes across privacy standards still need to be maintained. We’re tackling different levels of concern about privacy across the world. In Europe and France privacy is a big concern, in the US however, with the large players such as Amazon, I’m not sure they take as much care with privacy. We may be living in a very global era, but sometimes full unification is difficult.
What is are your next steps within the Alliance?
We are continuing to build demos and pilots because we need to continue testing and working on improving the devices we use. Currently we have a strong solution, but once we have really industrialised devices we can start deployment, for this we need product manufacturers. We are really a bridge between the device and framework as we have vast experience in carrying out the integration of a new device within the banking or healthcare sectors for example. We’re not the only ones, but we help complete the chain from provider to end-user.
When do you think the Natural Security Standard will come into use?
I think the specifications are good so now we need to work on deployment and a key part of this is ensuring we have enough volume and demand to keep the devices cheap enough. The approach of the Alliance bodes well for this because it has all types of players from the payments eco-system around the table to help reach the critical mass we need. We will be working hard for the next few years on this.