Welcome to FindBiometrics’ digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today:
Microsoft Azure to Require MFA Starting July 2024
Starting in July 2024, Microsoft Azure will mandate multi-factor authentication (MFA) for all users as part of its Secure Future Initiative that aims to enhance security and prevent unauthorized access on the cloud computing platform. The initial rollout will target Azure admins, PowerShell, and Terraform users, while excluding Azure-hosted apps, websites, and services. End users will be impacted only if they access the Azure portal or use PowerShell and Terraform to manage resources. Microsoft Entra ID will offer various MFA options, including Microsoft Authenticator, SMS, voice calls, and hardware tokens, allowing admins to customize settings based on user signals like location, device, role, or risk level.
How AWS and FIDO Laid the Foundation for Footprint’s $13M Series A
KYC and authentication startup Footprint has secured a $13 million Series A funding round led by QED Investors, with participation from existing investors like Index Ventures, Lerer Hippeau, and Operator Partners, and new investors Neo and Animal Capital. Footprint aims to focus on identifying good actors through a centralized network of verified identities. The funding will be used to enhance its product, launch a fraud suite, and expand identification methods. Footprint’s solution integrates KYC, authentication, and fraud detection into a single rules engine, reducing friction while maintaining security. The technology stack includes a decision and rules engine, document and selfie-based verification flows, and secure vaulting infrastructure powered by AWS Nitro Enclaves, ensuring enhanced privacy and security. Co-founded by Eli Wachs and cryptography specialist Alex Grinman, Footprint leverages advancements like AWS Nitro Enclaves and the FIDO2 alliance’s standards for secure authentication.
EU Digital Wallet Framework Gets an Upgrade
The European Union’s Digital Identity Wallet Architecture and Reference Framework (ARF) has been upgraded to version 1.4.0, enhancing usability, security, and interoperability. Key updates include the inclusion of eSIM and SIM cards as Secure Elements (SE) for managing cryptographic keys, leveraging existing smartphone infrastructure. The framework also details the use of Secure Cryptographic Devices (SCD) and Qualified Signature Creation Devices (QSCD) for high-level security, and incorporates hardware-based solutions like Trusted Execution Environments (TEEs) and Hardware Security Modules (HSMs). Strong biometric authentication methods are emphasized, with standards ensuring compliance with privacy regulations. Enhanced GDPR compliance guidelines, robust lifecycle management processes, and refined certification criteria further support secure and efficient digital identity management.
Thales to Lead Africa’s First ISO-compliant National Digital ID Wallet Project
Mauritius is set to become the first African country to implement a fully interoperable digital ID wallet based on ISO standards, through a partnership with Thales and Harel Mallac Technologies (HMT). Over a 10-year contract, Thales will provide a modular Identity Management System for eID card issuance and a Digital ID Wallet for mobile devices, allowing citizens to register for digital IDs in person or remotely. The Digital ID Wallet will include virtual versions of the national ID card and other documents like birth and marriage certificates, enabling access to government e-services and electronic document signing. The initiative aligns with Mauritius’s 2030 digital transformation strategy, aimed at developing a high-income, innovation-driven economy through enhanced digital infrastructure, e-government services, and support for the tech sector.
YouTube Has Become a Platform for Deepfake Fraud: Avast
A new report from Avast highlights YouTube as a significant platform for phishing attacks, malware, and fraudulent investment schemes, with a particular focus on Lumma and RedLine malware. These threats use YouTube to direct users to scam landing pages and malicious software. Avast researchers identified a rise in deepfake videos, where compromised high-profile accounts propagate cryptocurrency scams using fake videos and comments. The report outlines five exploitation methods: personalized phishing emails, compromised video descriptions, hijacked channels, fraudulent videos, and social engineering tactics to distribute malware. The report coincides with the INTERPOL Global Financial Fraud Assessment, underscoring the urgent need for increased vigilance against sophisticated cybercriminal techniques.
Google Pay Gets Biometric Upgrade
Google Pay has introduced several updates to improve the online shopping experience on Chrome and Android, including support for biometric payment authorization. Users can now see their credit card benefits during checkout, helping them choose the best card based on perks like cash back or travel points. This feature is available for American Express and Capital One cards. Google Pay has also expanded its “buy now, pay later” options by integrating with Affirm and Zip, allowing installment payments on more websites. Additionally, Google Pay now simplifies card verification by allowing users to confirm details using biometric methods such as fingerprints or facial recognition, or their screen lock PIN, instead of typing security codes.
TSA Starts Accepting Mobile IDs at New Orleans Airport
Louis Armstrong International Airport (MSY) in New Orleans has joined 27 U.S. airports accepting mobile driver’s licenses and ID cards through apps like LA Wallet at TSA checkpoints. Announced by Louisiana Governor Jeff Landry and New Orleans Mayor LaToya Cantrell, the initiative aims to enhance security and streamline the travel experience. Passengers can use their mobile IDs by tapping their phone or scanning a QR code in the app, though physical IDs are still required as a backup. Louisiana is the eighth state to offer digital IDs compatible with TSA scanners, following states like Arizona, California, and Colorado.
Hong Kong Privacy Watchdog Halts Worldcoin Operations
Hong Kong’s privacy watchdog, the Office of the Privacy Commissioner for Personal Data (PCPD), has ordered Worldcoin to cease operations in the state following a three-month investigation. The probe revealed that Worldcoin collected unnecessary and excessive biometric data, including face and iris images from 8,302 individuals, without providing essential documents in Chinese or clarifying whether data submission was mandatory or voluntary. Despite Worldcoin’s adherence to robust encryption methods and privacy measures, the PCPD found the data collection process unfair and in violation of the Privacy Ordinance. Worldcoin expressed disappointment with the decision, emphasizing its compliance with data privacy laws and commitment to secure biometric data handling.
—
May 24, 2024 — by Tony Bitzionis and Alex Perala
Related News
Microsoft Azure to Require MFA Starting July 2024
Google Cloud to Get Mandatory MFA by 2025
Badge Brings Post-password Mindset to CyberArk Network
DHS Unlocks $279.9M for FY24 State and Local Cybersecurity Grant Program- NIST’s Digital ID Lead Highlights PKI, Passkeys for Federal Cybersecurity
Clever Launches Classroom MFA for K-12 Cybersecurity
Follow Us