MEF CEO Dario Betti spoke with Karl Kilb, CEO of MEF Member Boloro, a specialist in authentication solutions, about how to overcome the security vulnerabilities of the Internet and mobile using multi-channel authentication.
Dario first asked Karl about the different challenges and threats on the Internet. These are extremely serious as the Internet is a public network that was not built to be a secure platform but to disseminate information quickly. This makes it inherently vulnerable to cyberattack and fraud implying that there needs to be a separate and secure way to ensure our online activities are not compromised.
Watch the Interview in full
Despite happening for many years, the prevalence of cyberattacks became more serious in April and May 2021, including cyberattacks against the US Government, Microsoft, Google, Colonial Pipeline, and others. President Biden reacted by issuing an Executive Order on May 12th 2021 for new solutions to stop cyberattacks, breaches, and fraud. The time period for solutions was 180 days.
Boloro approached the Biden Administration, as well as the Federal Communications Commission, Congressional leaders and others within the federal government, with a new multi-factor and multi-channel authentication solution that avoids the Internet by using “flash messaging” over the secure signalling channel. Boloro also discussed this approach with the US Competitive Carriers Association, demonstrating at the annual convention in Phoenix in September 2021 how to use Boloro Authentication to layer on top of Internet-based applications, providing out-of-band security.
The Internet is inherently vulnerable as a public network and a single point of failure. Boloro Authentication is both multi-factor and multi-channel, separating authentication from the Internet with flash messaging on the secure signaling channel.”
Dario raised the issue of why authentication needs to go beyond traditional channels? Karl’s view is that entering logins and passwords on the Internet is too easy to compromise. Applications are open to attack by fraudsters using malware. Traditional app or web-based forms of authentication are vulnerable and easy to compromise. Security patches are temporary, and more attacks follow, so more patches are needed. Security needs to be a real “lock and key” that is not only multi-factor but multi-channel, layering on top of the Internet in a manner that is separate from the Internet.
Multi-channel means not doing everything all in same place, thereby avoiding a single point of failure. For example, when using a banking application or making an e-commerce payment, the user may enter a login on a browser, but then a mobile phone message would appear via the cellular network’s secure signalling channel requesting a secret credential to be entered in the out-of-band message. This is a layer above the Internet and device operating system and does not touch the Internet or the OS. Boloro Authentication uses the same secure channel as the Amber Alert Emergency System in the US, which is currently used for hurricanes and other warnings in a geographic area.
Boloro has developed a patented process that allows for instantaneous two-way communication on that secure channel, providing a secure message on the phone that does not touch the operating system. Boloro allows authentication of a transaction on the phone without any data being entered into the browser, and the “flash message” instantly disappears after being responded to. With no trace of the message on the Internet or the OS, the message cannot be hacked. The message never touches the Internet, which is a public network, and it never touches your operating system, which can be subjected to malware. The message is a point-to-point connection via a secure mobile network operator channel. The process has been certified by the GSMA and Karl believes that it offers considerable revenue opportunities to mobile network operators using the Boloro APIs. The mobile phone is also a personal device and people tend to have it with them. Boloro Authentication is compatible with all mobile phones, including smart and feature phones, and the licensee can host the APIs and all of their own data, making it ideal for PSD2 and GDPR.
The flash message also has further security applications in the defeat of SIM swaps and avoiding the fraud that this entails. It will avoid the scenario of a phone being hacked and fraudsters taking control of it and its data. With operating at a layer above the Internet, there is no means of gaining access. Karl believes that the time is right to tackle cybersecurity head on and leverage innovative systems that can halt fraud in its tracks. Organisations will be ready to pay for additional security to defend their systems and this in turn creates a revenue opportunity for better protection and the defence of identity. Boloro is already working with MNOs in many markets and ready to work with operators, connectivity aggregators, and others worldwide.
For more information, please see the full recording of the interview.