Thank you very much, everyone.
I'll speak briefly about SecureKey. We provide authentication and identity solutions in working with banks and governments. I have a brief PowerPoint presentation to give us some perspective on the future of digital commerce.
First of all, I'd like to start with the challenge. Consumers must identify themselves today on every channel in order to achieve continuity in the experience online. Whether mobile or web, the identity challenge is even greater. Merchants must ask users to create a new user name, password, or other token to make repeat visits easier to grow their relationships. This creates separate log-in passwords for each retailer and creates frustration and abandonment risk.
Unlike in the physical world where one credential or a credit or debit card works at multiple retailers, each online site has a dedicated approach. If online and in-store experiences are to converge, users must be able to replicate the one credential to many retailer relations. In short, consumers need to be able to bring their own credentials. We call this BYOC. Our challenge is to ultimately enable consumers to visit their favourite retailers using credentials that they remember and trust.
Online approaches today are being done in silos and are handled by each organization differently across channels, creating different experiences and outcomes, forcing users to create new passwords at each site and to download new mobile apps. Passwords get reused from site to site, so when Joe's Flowers gets hacked, we hear in the news that it was Facebook, but in reality it was the weaker site that allowed the password to be compromised.
The PCI has set standards on payment-card data, but has not created interoperability in allowing merchants to exchange data. The experience and degree of data protection varies with each implementation and is a card-centric experience rather than a user-centric experience. These silos result in gaps that have exposed consumers to social engineering and other threats, resulting in fraud and other losses.
Cross-channel credentials require a crisp identity. Consumers expect consistent experiences. A converged approach to digital identity where consumers can use their credentials across channels and organizational boundaries eliminates friction and fraud. What if I could use my TD credential at Canadian Tire or my Shoppers Drug Mart log-in at Costco? What if I could do this without losing the ability to share attributes in my control and without limiting my ability to have a relationship with those organizations that I choose?
An example of this in action is the work that SecureKey is doing in Canada. Consumers are using their existing bank and telco credentials to access over a hundred government applications. It is a user-centric experience that enforces strong authentication while enforcing blinding properties to prevent leakage of privacy information. In Canada alone over a million people use this system today. It's a great proof-point that this idea of bringing your own credential is appealing to consumers.
Let's talk about how this transition to a user-centric approach can be applied to payments. The old-world approach was effectively a walled garden. The credit card was dominant. The data ran over the credit card's network. Every participant—the bank, the merchant, the acquirer—participated according to rules governed and controlled by the credit card industry. Now we're moving away from homogenous dedicated networks toward a great diversity of networks and ecosystem participants.
Payments now travel through many parties on shared networks. Digital and mobile wallets are proliferating. Bell, Rogers, Telus, RBC, TD, and CIBC have recently announced mobile payment strategies. Each is using different approaches, different technologies, and different approaches to security and risk. In addition, the online world has brought together new competitors that have capitalized on the disruption. Over 120 million people today use PayPal for online checkout. Amazon is the world's largest e-tailer, with over 100 million users.
A lack of standards has resulted in many high-profile breaches, most notably in the U.S. due to scale, exposing tens of millions of credit cardholders to fraudsters. The market needs a better standard for consumer data security. In shifting away from individual merchant-owned repositories and providing an on-demand framework for merchants to access consumer data from trusted sources—banks, issuers, digital wallets, or identity attributes—an open-identity ecosystem is the foundation.
Governments can help by paving the way to clarify rules of engagement surrounding an online equivalent to the know your customer practices used by banks, creating the open-identity and payment ecosystem where users are centric to the model, enabling how they authenticate, what happens to attributes, which devices they use, and creating auditability and traceability.
Just as the Internet was disruptive to payment brands, the smartphone is disruptive to the payment process. The smartphone enables a new model that is user-centric.
This model enables extensible trust networks that let users mix and match between authentication credentials and payment brands. Strong and open authentication standards take advantage of mobile devices and secure hardware and dedicated channels for the consumer. Privacy is a core component. The user has control over when and what data is shared.
In short, what this amounts to for consumers is agency. Instead of being a passive consumer of the technology, they are an active participant in the next payment network.
Finally, here are some of the things that we believe are required for a success in evolving payments technologies: user choice and convenience supporting multiple channels and converged approaches; thinking about online, in-store, and person-to-person payments as a single way of communicating; being conscious about the trend of bring your own device involving the consumer at the root of consumer identity; open standards; security; privacy; industry mandate for broad acceptance; and a supportive framework for regulation.
Thank you.