The second edition of the Digital Security Congress was held on June 16 in Madrid, organized by IFAES, a Spanish professional training entity which also organizes other reference events like INVESTructuras and CapCorp. This time, the congress brought together over 700 delegates and 60 speakers to address the latest trends and developments in the security of digital connections and transactions.
The success of the first congress was reflected in the attendance figures at this year’s edition and the range of participating companies: large banks including Santander, BBVA and CaixaBank as well as other sector leaders like Renfe and NH Hoteles were represented.
In this post we take a look at the main issues discussed at the second Digital Security Congress as well as the outcomes of various debates centered around digital identity issues.
This post is also available in Spanish.
In which areas must companies ensure security of connections and transactions for users and customers?
A quick look at the event programme and the titles of the sessions is all that is needed to determine in which 3 areas companies are investing time and money to further guarantee customer security:
- Digital payments: NFC, Tokenizing, HCE, Cardless, ePayments, mPayments, mPOS, PCI compliance, SEPA, Wallets Mobile, Contactless, OEMPay, P2P payments, etc.
- eID: authentication, biometrics, electronic identification, cyber security, Single Sign On (SSO), etc.
- Mobility: BYOD, IoT, M2M, Wearables, Cloud, Apps, etc.
From analyzing these areas and the related topics, it is easy to conclude that the main security threats to digital economy all revolve around reliability of transactions and cybercrime.
Current technologies have already made a significant contribution to securing transactions and interactions between businesses and consumers, and at the Digital Security Congress two of these were giving particular mention: voice authentication and biometric security systems.
The digital identity debate
Since it is increasingly common to see businesses, opportunities and activities springing up in online environments, resolving the issue of online authentication is at the more pressing. This very issue was addressed during the session "Effective digital credentials are key for customer loyalty" on how to verify user identity to ensure safety during transactions as well as prevent phishing.
During the session, it was revealed that there is still a long way to go in terms of technologically evolving payment and verification processes, a topic that has progressed little in recent times and in which the two-step authentication process --supported by biometric or multi-factor technology-- is not widespread yet.. What still dominates in this field is the single type verification, often referred to as “single sign-ons.”
In another session entitled "Best practices in advanced identity management and access control" the same issue was raised in the context of companies who should be meeting the data protection standards set out in the the new EU regulatory framework. The talk also made reference to how Mobile ID can be used to verify people’s identity in mobile environments.
All sessions relevant to digital identity concluded that there was a strong need to combine simplicity and security in any identification and authentication systems.
Signaturit in the context of digital identification
At Signaturit we believe that our advanced electronic signature fits within the current debate on digital identification , since being advanced means that our solution serves to unequivocally identify the signer, as it is stipulated in the new European eIDAS Regulation of July 1.
The eIDAS Regulation unifies the legal framework on electronic identification and trust services for electronic transactions in Europe, which includes advanced electronic signature tools. An “advanced electronic signature” must meet the following requirements:
- “it is linked to the signatory in a unique way;
- it permits the identification of the signatory;
- it is created using a means that the signatory can maintain under his sole control;
- it is directly linked to the data collected during the signing process in such a way that any subsequent change to the data is easily detectable”.
Our solution strictly complies with these 4 requirements and is thus a solution to the issue of verifying the customers’ identity in any registration process. In addition, we ensure the security and privacy of personal data transmitted through our platform, because our solution follows the same security standards as banks and government agencies as well as complying with EU legislation on the protection of personal data, namely Directive 95/46/CE and Regulation (EU) 2016/679.
If you are interested in trying Signaturit, you can do so now for free by signing up for our full-access 14-day trial.
This post is also available in Spanish.
- A big leap in the eIDAS journey: new trust services for a Single Digital Market.
- How can SMEs secure their business against cybercrime?
- Technologies to transform the relationship between businesses and consumers in 2016.