Supporting Trusted Digital
Identification and Authentication

PSR report on 'Payments Strategy for the 21st Century' publicly aligns with the Midas Alliance's code of practice.

UK Finance supports the MIDAS Alliance

Emerging Payments Association report recommends to build on industry standards such as PAS499

TechUK heralds PAS499 for providing a streamlined approach to authentication and thus to digital ID's

Metro customers hit by text-targetting attack

Time for social media to face up to the age of responsability

The MIDAS Alliance

The MIDAS Alliance was formed in 2015 to develop and promote an industry standard for digital identification and authentication. The focus was enabling individuals and organisations to trust each other’s identity across digital channels and to manage this simply, securely and reliably.

Since its foundation five years ago, the MIDAS Alliance initiative successfully brought together members, forged important partnerships with organisations across the finance industry and allied sectors, and helped to galvanise action to meet the prevailing and foreseeable business and regulatory needs. The Alliance was pivotal in helping to bring about much needed clarity in the area of Strong Customer Authentication (SCA) and was instrumental in driving an acceptable common standard in an

otherwise fractured and fragmented market, especially through its contributions to the successful publication by the British Standards Institution of the Code of Practice for Digital Identification and Strong Customer Authentication (PAS 499). Following this publication, and with the date for enforcement of the Payment Services Directive 2 Regulatory Technical Standards for SCA approaching, the MIDAS Alliance has now fulfilled its original purpose and is formally dissolving and offers grateful thanks to all those who have helped shape the future of a safer and more secure digital authentication future.

The Alliance operated collectively and collaboratively, breaking down traditional silos, to foster a brighter future for all those involved in or reliant upon trusted authentication and safer payment.

What is PAS499?

PAS499 creates a secure authentication management and technology standard that meets the needs of all the disparate legislation and regulations for both domestic and international applications.

PAS499 was developed from a number of public meetings involving hundreds of stakeholders and further small committees within the rules of the BSI with senior stakeholder representatives from across the government, payment, technology and consumer sectors to participate in helping draft the content of PAS499.

PAS499 sets out recommendations for organizations to meet security, regulatory, and usability requirements in the provision of user identification and authentication in digital services.

It aims to assist organizations in understanding changes to existing security practices necessary to prevent fraud techniques that have evolved, or could be developed, to circumvent controls.

It aims to help organizations secure their systems to prevent fraudulent misrepresentation of a natural or legal person.

The PAS covers in detail the following subjects:

Identity Validation

Identity Proofing

Enrolment

Authentication

Delegated Authority and Authorization

Security and Usability

Authentication Risk Model

Accreditation

The MIDAS Alliance Accreditation Scheme is the sole scheme for the United Kingdom to assess organisations against the management and technical requirements of the British standards Institute (BSI) PAS499 “Digital Identification and Authentication”.

Compliance certification to the scheme by accredited auditors demonstrates assurance that an organisation has understood and acted upon the security and risk management recommendations of PAS499.

Certifying to the MIDAS Alliance Scheme enables organisations to give confidence to all interested parties that the complete lifecycle of their handling of digital identity meets the PSD2 requirement of strong customer authentication.

Certification will be vital to any organisation that incorporates digital identification, validation, proofing or authentication, into their business model whether they are organisations that provide software or hardware solutions; provide digital id services; those that rely on products and outsourced services for their digital ID and authentication; and those that build and operate their entire digital identity ecosystem.

MIDAS Alliance are currently working with UKAS with a view to developing this into a UKAS accredited Certification Scheme.

Consulting

The MIDAS Alliance trains organisations to meet the requirements of its management and technical requirements of the MIDAS Alliance Accreditation Scheme.

Benchmarking

The MIDAS Alliance will provide benchmarking for technology assessments in order to help organisations understand and compare suppliers against recognised industry standards

Supporting Trusted DigitalIdentification and Authentication