Let’s talk about digital identity with Josselyne Abarca, Gerente General y socia fundadora de Seguridad América.

A note for our English-speaking listeners: this week’s episode is in Spanish, talking about the challenges of digital identity in Latin America with Josselyne Abarca, CEO and founding partner of Seguridad América. You can read the transcript in English – scroll down to below the subscription links.

[En español]

Las empresas y organizaciones están migrando todos sus servicios al ámbito digital y uno de los desafíos con los que se encuentran es certificar o ratificar la identidad de las personas que ingresan en sus sistemas y servicios.”

Josselyne AbarcaJosselyne Abarca es Gerente General y socia fundadora de Seguridad América. Josselyne se encuentra ligada a la seguridad y autenticación digital desde los tiempos de VeriSign, donde comienza su carrera comercial.

Para Josselyne, uno de los mayores retos en América Latina es la necesidad de proveer a los usuarios con una identidad global, robusta, flexible y verificada tanto en el ámbito público como privado para que puedan acceder con total seguridad y confianza a aquellos sistemas más susceptibles de sufrir ataques cibernéticos.

Seguridad América es una organización con sede en América Latina con una cartera de soluciones destinadas a ayudar a las organizaciones con requisitos crecientes para la gestión de la seguridad cibernética y permitir a las empresas expandirse de manera eficiente y segura. Su compromiso es facilitar el acceso de la empresa privada y los organismos públicos a soluciones digitales robustas y seguras, así como entregar a sus clientes soluciones flexibles que permitan el fácil ingreso a los portales y manejo de las identidades para que el entorno sea productivo.

Seguridad América es partner de Ubisecure y RapidLEI. Puedes leer más sobre asociación aquí.

[In English]

Challenges of digital identity in Latin America with Josselyne Abarca, Seguridad América – Podcast Episode 27

[Scroll down for English transcript]

“Companies and organisations are migrating all their services to digital solutions and one of the challenges they face is to certify or verify the identity of the people who access their systems and services.”

Josselyne Abarca is General Manager and founding partner of Seguridad América. Josselyne has been involved in digital authentication and security since the days of VeriSign, where she began her business career.

For Josselyne, one of the greatest challenges in Latin America is the need to provide users with a global, robust, flexible and verified identity, both in the public and private sector, so that they can access the most susceptible systems with total security and confidence.

Seguridad América is a Latin American-based organisation with a portfolio of solutions aimed at helping organisations with increasing requirements for cybersecurity management and enabling businesses to expand efficiently and securely. Its commitment is to facilitate the access of private companies and public organisations to robust and secure digital solutions, as well as to provide its clients with flexible solutions that allow easy access to portals and management of identities.

Find Josselyne on LinkedIn.

Find out more about Seguridad America at www.seguridadamerica.com.

Seguridad America is a Ubisecure and RapidLEI partner. Read more about the partnership here.

We’ll be continuing this conversation on LinkedIn and Twitter using #LTADI – join us @ubisecure!

­Go to our YouTube to watch the video transcript for this episode.

Let's Talk About Digital Identity
Let's Talk About Digital Identity
Ubisecure

The podcast connecting identity and business. Each episode features an in-depth conversation with an identity management leader, focusing on industry hot topics and stories. Join Oscar Santolalla and his special guests as they discuss what’s current and what’s next for digital identity. Produced by Ubisecure.

 

Podcast transcript (translated to English)

OSCAR: Hello and welcome to the show, this time and for the first time we are going to speak in Spanish and what we are going to touch on today are the challenges of digital identity in Latin America, and for this I have a special guest who is Josselyne Abarca. Josselyne is CEO and Founding Partner of Seguridad América. Josselyne has been involved in digital authentication and security since VeriSign where she began her business career. Hi Josselyne.

JOSSELYNE: Hi Oscar, how are you?

OSCAR: Very good, welcome, it’s nice talking to you. I’m very glad of having this conversation with you. As I mentioned, it is the first that we do this podcast in Spanish and we are really super interested in knowing what the situation and challenges of digital identity are in Latin America, but before we talk about that, I would like to know a little more about you, we would like know what your trajectory has been towards the world of cybersecurity and digital identity.

JOSSELYNE: [01:22] Perfect. First of all, Oscar, thank you very much for the invitation, it is an honour to be able to participate in this podcast in Spanish. Well, I’m going to tell you a little more about myself. I started my career around 2010, 2011 in the VeriSign company, I also started with identity and digital security in the commercial area, I started as the executive of large accounts at this time. Thanks to that I acquired some knowledge, I took it with me to Seguridad América and obviously I made the most of it there, and also the market opportunities led me to get a little more involved in this issue of digital identity and digital security.

[02:31] For this reason, we as a group began to train ourselves on the subject, and also to generate strategic alliances so that we could be in accordance with the requirements of our clients here in Chile when we started. In 2017, thanks to all this, like I said, I was able to participate in the IAM Academy in Finland together with you, I achieved the certification, and since then, I must be quite honest, the vision I had about digital identity is changed. I valued it, of course, but after the academy course I realised the real importance of digital identity to everything, both to people and organisations.

OSCAR: [03:34] Excellent, and like you said, one of the main companies where you worked was at VeriSign, the Certification Authority that issues digital certificates, that is, [inaudible], digital signatures, it is a company that became [inaudible] then, and then it became another conglomerate. In other words, you have been actively participating in this evolution of digital certificates up until now, and I suppose that you already had an understanding of how digital identity was already part of digital services and web services until now. But everything has changed a lot in recent years, as you said. What would you say are currently the main challenges that companies and organisations in Latin America in particular have regarding digital identity?

JOSSELYNE: The companies?

OSCAR: And organisations.

JOSSELYNE: [04:51] Perfect. Look, nowadays we know that the market has changed exponentially. I would say that about 10 years ago or 7 years the users, the market, and companies are migrating to everything online, we are in a much more connected world. So, one of the challenges these organisations have is being able to certify or verify the identity of the person who is accessing their systems or services. It is also important that the user themselves inputs the corresponding data depending on the service, depending on the management that they are going to use so that the identity of this person is accurate, real, and they can achieve a transaction, perhaps a commercial approach, or something more direct, like for example, an employment contract.

[05:57] Nowadays companies are migrating everything to online services, digital signatures remotely, especially with this pandemic. We know that online operations increased a lot throughout Latin America and companies have had to adapt quickly to this digital transformation or else they would unfortunately fall behind. I have been in contact with clients for about 10 or 12 years, and I have realised that for clients, for users, you always have to try and facilitate the environment because that maintains the business continuity, to a certain extent. Not only economically, but also for example, today government websites are used to carry out personal procedures.

[07:08] In the past, these procedures had to be done in person because there was no other way to obtain a marriage certificate, a background certificate, etc. We can also thank the pandemic a bit for this, because at least Chile has accelerated laws for electronic documents a lot. What does this mean? The electronic document even includes identity, because in an electronic document we certify with a signature the identity of the person who writes it, and as I said, signs this document. It is as important for private organisations as well as for public organisations to have control of people’s identity, of companies, and also have flexible systems. The idea is to facilitate this digital identity for everyone, companies and people.

OSCAR: [08:27] Yes, without a doubt. And as you mentioned, the public sector has had to respond to the challenges of the pandemic, to launch many of its procedures services virtually because there was no other safe way to do them, and this is allowing or forcing these institutions to strengthen their digital identity systems. And the same is obviously happening in the commercial side. Many people are buying online more and more because in some cases there is no other way to do it, it is safer. On the people’s side, what would you say are the challenges people have today? As an end user, like Josselyn or like Oscar, what are the challenges that people have regarding digital identity?

JOSSELYNE: [09:34] Look, Oscar, I am going to make a super personal comment, it is my case, I think for the rest of people too. As I was saying, the market has changed drastically, all the procedures that we did 10 years ago in a queue today are done digitally, that is why we have registered ourselves in various websites, be it basic accounts, bank accounts, public systems. We even also have personal information, we have passwords for our emails, for music apps, for our cell phone. In other words, adding to that, the number of passwords that a person manages on a daily basis could be about 20, at least. Someone with very few accesses, very little accounts, perhaps they pay for everything through the bank, but we don’t rule out all that I mentioned, the subject of additional apps.

[10:49] In my case I handle a lot of passwords, access to websites, email, among other things, and for me the issue of identity, as I was saying, is super important. I am super meticulous with the issue of passwords, that they are correct, that they are secure, and I think that is one of the challenges we have today, being able to manage our identity at a national level. For example, for an electricity supplier I can be Josselyne Abarca, but for the music apps I can be just Jossy, you know? So, trying to unify this identity at the level— Ideally, it would be at the global level. I think that could be an interesting challenge, and to be honest, I think that’s where we’re headed. As I was saying, the market, technology is driving towards it.

[12:00] So, we have to value it as is, our identity is online, and that also goes hand in hand with some security policies or knowledge that I can comment on later.

OSCAR: [12:19] Without a doubt. You mentioned that you estimate that an average person who doesn’t have as much access to digital services as we do may have about 20 passwords, about 20 identities that they will use with a certain frequency. Many people have more, I undoubtedly have more, I wouldn’t be surprised to have more than 100 accounts that I use from time to time, and that is a headache not only because of handling passwords, but as you mentioned, it is like having 100 different identities for one single person, and they are scattered, some are in social network services, music services that may be in the United States, as most are, others will be in the country where you reside, etc. So yeah, it is quite a challenge, as you mentioned.

JOSSELYNE: [13:30] And I also want to mention a challenge— This is super personal, Oscar, it’s a constant problem that happens to me. For example, before the pandemic, when we worked in the office, I obviously sometimes bring my computer home, otherwise I work with the one I have here at home. One day I left my work computer at the office, and unfortunately my home computer was not up to date, it didn’t have the latest password and access updates, and believe me, I lost a day and a half trying to update it. That means that it took me all weekend to be able to recover a password from a website. That is also a challenge, having the flexibility of being able to recover your identity or your password faster.

OSCAR: [14:49] Exactly. It’s something that seems obvious that someone wouldn’t think about it until it happens, until you’re in that situation. Something as simple as resetting a password can be very poorly designed, very manual, or very difficult. It may have too many security requirements that make it too difficult, and it can take you a whole day to reset access to a few services that you use on a daily basis.

JOSSELYNE: Sure.

OSCAR: And speaking a little now about some solutions. What solutions have you seen? Focusing on the region, what solutions or initiatives have you seen about digital identity that you would like to tell us a bit about?

JOSSELYNE: [15:50] Well, here in Chile the government started the single password initiative. This password allows all Chileans to enter public systems without having to create identities. Why? Because this data comes from the civil registry. It means that the person who is born and registered can now access their unique password. This challenge in Chile is quite interesting, this proposal sounds very attractive, it is very interesting, as I was saying, but it has had many buts along the way. You know that being a government entity it is always the objective of people who are not satisfied, or are against it, and is always the objective of cyber-attacks, really.

[17:01] A couple of months ago the option of being able to access this unique password through the cell phone came out, when it was launched, not two hours went by and the app was already down due to a massive hack, which takes us back years to where we have to queue again at the civil registry, and knowing the pandemic in which we are, request the password, they give it to you manually, and then later we can go in the web page to change this generic password that they give us to be able to have access.

[17:50] As I was saying, this is an excellent initiative, a unique password for all government websites, wonderful. But it is not safe from these attacks, as I mentioned. So, what I believe is that as long as these entities don’t have the security paraments or work directly with an entity that provides digital identity, this instability will continue.

OSCAR: [18:25] No doubt this single password initiative somehow embodies this single sign-on mechanism. One of the things that came to mind when you were mentioning it is how you register with that service, that service was available but people didn’t use it much until there was a need of massively using it because of the pandemic, and since people hadn’t activated it before, then comes the challenge of how to register for that service in a unique way, how to verify your identity to obtain that verified digital identity, that the government verifies you.

JOSSELYNE: [19:29] Even though the system is very complete. We know that they verify all the data from the civil registry itself. But as you mentioned, the pandemic has prevented people from doing the normal procedures, there can’t be that many people queuing in certain offices of this registry, and that is also important, what you mentioned, having a way to be able to access this identification, this password that’s actually ours in an easier and simpler way, and that it also adapts to each person’s resources.

[20:17] For example, some people don’t have email or don’t use it much, but they do have a cell phone. So, try to devise some methodology to access your password with a text message, or something easier so that these procedures are not cumbersome, they are not archaic, so that we use the appropriate technology.

OSCAR: [20:48] Exactly. Yes, very interesting. Any other initiative or other service that you have seen in the region?

JOSSELYNE: [21:00] Yes, look. Here in Chile for example— I am only mentioning Chile because it’s news that are happening nowadays. This week the government decided to hand over 10% of the AFP, which are the pension funds that manage the funds while you work, for your future retirement. These funds are withdrawn once you retire, they are delivered in parts to the people who contribute. Due to the pandemic, the government decided to deliver 10% of these funds so that people could use them in this situation, in this emergency.

[21:57] Just yesterday, if I’m not mistaken, the law was already enacted, so that within 15 days people could access this 10%, they also saw the ease of doing it online. Great, perfect, everyone’s happy. But we go back to the same topic, how do we verify and how do we prove people’s identity? In parallel, while this law was being promulgated, hackers, cybercriminals had begun to devise methodologies to steal this information, steal these identification numbers, these codes that you need to enter these pages to get these funds back. So, what do we do against that?

[22:55] With a secure identity, a flexible identity that the user can constantly change or have the option for them to quickly manage its security, believe me this wouldn’t happen. But AFP’s systems quickly had to adapt their pages, also update the data. I’m talking about in less than a month. Imagine the number of Chileans who are entering the sites every minute to update their data. This also goes hand in hand with the issue of security, entering a site that has some SCL protection, the issue of the password, having a strong password. And AFP, knowing that they have only 15 days, are just starting to apply these tips.

[24:04] So, it is a sensitive issue, there are already news about cyber scams, like “send me your ID photo to win a cell phone plan” and that way they steal these codes to be able to access this page. So, I think it would also be interesting if users could have a verified identity, a unique identity, to access these funds, and also that the users themselves had the power to make access more flexible. How to obtain this secure password? How to protect your data? After all, they are protecting their funds.

OSCAR: [25:01] Exactly. Yes, as we can see in this case there was already a single sign-on identity initiative underway, but it still lacked levels of— What’s missing there is a verified identity that is already active, so that whatever happens, may another pandemic or other situation occur that forces citizens to use digital services, citizens already have that verified identity ready and are familiar, either based on email or based on their cell phone, that they already have it ready to use safely.

[25:57] And actually the same thing can be done not only in the public sector, not only in government services, but also in online stores. I’m sure there has been more demand, more online purchases, but in the same way digital identities are relatively fragile in companies.

JOSSELYNE: [26:27] Correct. Also, as you mentioned, not only focusing on this government identity, this unique password, which is a very important initiative. We must also rescue the private environment, business owners, organisations, protect the identity of employees, of the people who access their websites, and that these ways of accessing or obtaining identity are easy, simple, accessible, without that many buts. For example, I remember a couple of years ago a client had a problem with their [inaudible] and couldn’t create a user. I don’t know, actually she had a little internal disorder, so these users’ profiles were getting mixed, a secretary could access management folders and vice versa.

[27:42] We know that we have to maintain the privacy of the area, there are also personal issues that the rest of the colleagues should not access, that is why these folders are created. Well, it turns out that precisely the client, we don’t know how, but they had a virus, they had to start everything from scratch, re-register in a certain way the profiles of each of them in the company. Luckily, this company is not a big company, it has 150 or 200 people. But I imagine the chaos it must have been for a large store. For example, some retail companies that have the company that sells construction articles, other for groceries, we also have the issue of clothing, accessories, it is a complete holding company. But we have an identity for each service knowing that it is the same company.

[29:05] So, for us to be able to provide our clients a solution that makes it easier to sign into websites, facilitate users the way they register their identity in the system, for us that’s quite important because we know that nowadays companies are looking to have the security, control, and flexibility of everything I mentioned. Being able to have flexible and safe solutions so that the environment is productive. We know that recovering a password nowadays depends on the administrator, the support system, not all companies have systems that allow you to recover the password with a couple of commands, nor do we have the unique password system incorporated with private companies. So, I think that in this case the digital identity that Ubisecure provides would be ideal for all these environments that we have mentioned.

OSCAR: [30:37] Yes, this last reflection that you make in the business environment is very interesting as well. Any other business-related scenario? Speaking about companies now, what other scenario do you think companies in the region could adopt to also benefit from digital identity?

JOSSELYNE: [31:03] Sure. One benefit that I find necessary for organisations today is the LEI code. This code comes to deliver the digital identity of the organisation worldwide. It’s the same that we just mentioned, the unique password, the digital identity delivered by the government or by private entities. This code is focused only on companies. This code is an alphanumeric number, twenty digits, it allows a company to authenticate anywhere in the world. What does this mean? That we as Chileans can start doing business without so much documentation, perhaps without proving so much identity or without sending so many documents, with a company in Europe perhaps.

[32:10] Why? Because this LEI code, as I was saying, is recognised worldwide, therefore it has the full support of [inaudible], which are entities that are dedicated to delivering secure digital identity.

OSCAR: [32:33] Yes, definitely. As you say, the LEI, for its acronym in English, Legal Entity Identifier, in Spanish is Identificador de Personas Jurídicas, it’s a company’s identifier, or it can also be a non-profit organisation, even a single [inaudible] could be too. And as you say, for example, now we are in this time when it’s not easy to have face-to-face meetings with potential strategic partners or suppliers that are in another part of the world, and since there is no way to travel and meet face to face, how do we verify the identity of that provider with whom we would be starting a commercial activity? So, definitely the LEI code is a great tool to provide trust between entities, between companies.

JOSSELYNE: Of course.

OSCAR: [33:57] Josselyn, we are near the end of this conversation, I would like to hear some advice that you can give us, for people in general, how could any of us listening to this podcast can use that advice to protect their digital identity?

JOSSELYNE: [34:21] Well, it is important that we as users are responsible for creating our identity on different website. I always recommend, and it is worth remembering, strong passwords, that have alphanumeric characters, avoid birthdates, names, addresses, because believe me that’s the first thing criminals look for, addresses, phone numbers, birthday numbers. Another piece of information that at least I pay attention to when I am going to make a transaction or enter some information is that the website where I am signing up has the security certificate, so that it has the lock symbol, the SSL certificate, that helps a lot.

[35:29] An important piece of information is also about public networks, trying to avoid them because we know that this is where identification theft occurs the fastest. Why? Because you are accessing a public network without a password, without anything, you come and access it, and as easy as you could access, imagine how these criminals are waiting to receive your information.

OSCAR: [36:04] Exactly. Well, thank you very much Josselyn for those last tips that are sometimes good to remember, reiterate and put into practice to protect our digital identity. Finally, I would like to know how those who are listening to us could either contact you or learn more about what you and Seguridad América are doing.

JOSSELYNE: [36:29] Sure. Well, Seguridad América has been in the Chilean market for about 8 years, within these 8 years we have expanded the subsidiaries to Mexico, Peru, Colombia and Argentina, and the idea is that they get to know us, they can access our website, www.seguridadamerica.com, there are all the solutions that we deliver, and there is also more information to contact us.

OSCAR: Excellent. Thank you very much Josselyn for this conversation and see you soon.

JOSSELYNE: Thank you very much, Oscar. Have a great day!

[End of transcript]