Jiří Kaplický

Challenges of client and device identification

Implementation and further development of client and client device identification solution in large and heavily regulated area brings lots of challenges. In the presentation I explain common issues that we have solved and that still must be solved while operating such a solution in Česká spořitelna. Most of these issues are related to common technologies and client privacy, therefore they are easily applicable to other industries than just banking (e.g. eCommerce, telco).

The initial part of my presentation describes the often contradictory motivation factors while implementing state-of-the-art device and client identification solution. One of the key requirements is non-intrusive, yet precise and persistent identification (aka fingerprinting) of client and his devices. Nevertheless the techniques, which enable these capabilities, are nowadays quite often actively blocked or even disguised in web browsers (see Privacy sandbox initiative in Chromium or Firefox Enhanced Tracking Protection), but also in mobile platforms (e.g. IMEI is inaccessible for third party apps starting from Android 10). Contemporary Fingerprinting solution must therefore use a combination of weaker, non-unique signals that may still in combination form unique, highly persistent identifier. These identifiers are not only volatile, but may also lead to a false client or device attribution. Some of the solutions add also biometrical signals to the mix, such as keystroke dynamics and mouse/finger movements (soft biometrics) which do not require knowing client consent, other use hard biometrics (e.g. fingerprint or iris texture).

The second part of my presentation focuses on issues that needed to be solved while implementing such solution in Česká and Erste Group. Mainly how we establish the delicate equilibrium between client comfort, legal, technical and business requirements.

Jiří is cyber security architect and cyber delivery lead in Česká spořitelna, and is responsible for solution delivery of complex projects in client security and data security. During more than 15 years in Information security, risk management and cyber solution integration Jiří has delivered several projects as an architect, team lead or manager. Jiří has spent most of his professional time on complex Data Security projects such as SIEM, DLP, Fraud Detection, AML and Approval processes implementation. Open technology adopter and evangelist with strong cross disciplinary interests.