EXPERT PANEL: Does AI have a role in the world of identity? And if so what is it?

With so much hype surrounding artificial intelligence (AI) we invited a range of experts to share their expert insights regarding if and how AI and machine learning will impact the world of identity. Here is what they had to say. 

Péter Gyöngyösi, Director of Privileged Access Management solutions, One Identity

AI can be useful in three different domains around identity: helping identity governance efforts, detecting identity theft and introducing new ways of authentication.

In any decent-sized organisation, identity and access databases can grow huge quickly. Peter_Gyongyosi2The periodic review and clean-up of access settings is paramount to ensure the safety of the organisation. Machine Learning and other AI algorithms are incredibly good at munching through vast amounts of data and highlighting anomalies and risky situations, allowing security teams and managers to focus on reviewing access rights that can cause problems – instead of wasting their time by clicking through hundreds and hundreds of business-as-usual records.

User Behaviour Analysis is one of the emerging fields of security and it’s a good example of how can AI be utilised to detect identity theft. By monitoring and analysing the behaviour of users and learning what’s normal for them, it becomes possible to quickly recognise if someone’s credentials have been stolen.

Advanced machine learning methods also allow us to introduce new ways of authenticating users based on how they interact with their devices. Through analysing typing patterns or mouse movements, we can introduce an unobtrusive yet reliable additional layer of biometric authentication for the most critical parts of the infrastructure.

Arta Sylejmani, Strategic Manager eBanking, Gemalto

One approach to seamless and secure online authentication used by banks combines machine learning, artificial intelligence, and authentication to offer convenient and Arta Sylejmanirobust protection. Using these techniques it’s possible to intelligently and automatically analyse a user’s online profile and identify any unusual behaviour, requesting an additional layer of authentication if necessary. For example, if a user made a purchase every lunchtime at the same sandwich shop, but then suddenly completed a transaction in another country, the system would recognise the unusual purchasing pattern and require the user to provide additional verification, perhaps through a fingerprint scan.

At the same time, it could analyse the behaviour and usage of the digital identity solution, to know that you are actually traveling. No need for the bank to make a call or add an additional step of authentication.

A solution like this offers benefits for consumers and banks alike. For financial institutions, it allows them to cut operational and administrative costs but it also adds a layer of security, while customers benefit from a personalised authentication journey, altering the number of verification steps required based on the transaction being completed and the user’s profile.

This balance between security and convenience is becoming increasingly important not just for banks but also for other organisations such as mobile operators and eGovernment as they roll out digital services. However, strict regulations such as PSD2 and consumer trust mean that banks are uniquely placed to provide the secure and convenient digital identity scheme the internet needs. And we’re likely to see such frameworks becoming more common as the digital services world matures.

Simon Evans, CTO, Amido

AI is a business paridigm shift that cannot be ignored, so the answer is yes it does in both AuthN methods such as FaceID, and also anomaly detection. The most interesting part is the role that Identity needs to play with AI; in particular around access control of data used for Machine Learning.

Anomaly detention is the process to running AI (predictive analytics) over authenticationSimon - Amido to predict when someone is likely to having their credentials stolen; so for example, if I were to log into an application from an IP address in London and then five minutes later use my log in credentials from an IP address in Hong Kong, the predictive analytics would spot a probable case of fraud. Anomaly detection does not require AI, but AI could be used to make the process more intelligent and learn new patterns of fraud over time.

Access control (authorisation) is really important in data lake scenarios, where access to sensitive data stored within the lake needs to be managed (normally for internal staff). Levels of access and separation of duties are paramount to ensure that only the employees with the appropriate level of access can get to sensitive data in the lake.

A data lake is the source of data for Machine Learning which is encrypted. However, you will still have certain staff who have access to the data and this must be managed through IDAM (Identity Access Management) and the use of PAM (privileged access management).

Access control as provided by an IDAM solution, and anonymisation of data
You dont anonymise the source data in a lake though., That’s why you need to provide the apprpriate access control through identity.

Tech entrepreneur, Tej Kohli

Does artificial intelligence have a role in identity? In a word: yes. As a tech entrepreneur and investor in artificial intelligence, I’m passionate about how robotics and artificial intelligence can be used to make our lives better. I believe their role in our identity will only grow, as the sophistication of these technologies develops.

Robotics is set to revolutionise the workplace and transform our homes, replacing old Tej Kohlijobs and creating new ones in their place. We need to embrace this revolution and explore the unique opportunities that artificial intelligence offers.
These opportunities go beyond the world of business. AI can find solutions to the challenges that threaten our humanity and identity: the danger of climate change, growing food insecurity and humanitarian crises.

As the lead backer for robotics-focused venture studio, Rewired, I am investing in start-ups doing just that. Open Bionics is developing artificial limbs and prosthetics that can be used by victims of humanitarian disaster, war and violence. Seldon, a start-up focusing on machine-learning, is developing robots with sensory capabilities, which will be safely and efficiently integrated into our everyday lives.

The aim is to do what human beings have always done: use innovative thinking and ideas to make our daily lives easier. By embracing artificial intelligence, and recognising the opportunities it offers, we can use it to compliment and assert our identity.

Rupert Spiegelberg, CEO, IDnow

As we do more online, knowing your customer has become more important than ever. Digital identities are the new currency and organisations need to be able to securely andIDnow_Rupert_Spiegelberg[1] easily verify customers. Successfully achieving this, however, is much easier said than done. Technology has evolved to allow businesses to address identity and authentication in a digital setting, through AI-powered identity platforms. These solutions use algorithms to read security features embedded in ID documents, such as driving licenses and ID cards, in order to detect forged identities. A poorly-timed or lengthy verification process can turn customers away for life.

With an always-on solution that’s driven by AI, you can serve and verify customers quickly at logical points in their journey. This method of verification is fast, compliant and secure. It offers the end user a convenient and trustworthy method of onboarding, and provides corporate customers with improved customer conversion rates at a lower cost.

Richard Skellett, future of work and digital transformation expert  and founder of  Digital Anthropology

AI is already playing a major part in identity – you just have to look at the proliferation of fingerprint and retinal scanners, and I believe we will continue to see a rise in biometric identification.

Much like all aspects of personal data – we need to trust exactly who holds it, and know Richard Skelletthat they are only using it within the permissions we have given. Likewise, there is a responsibility from companies to uphold this and that the data they hold is safe and secure. The potential for hackers or thieves to exploit this information and have access to the most intimate and personal details about is terrifying.

As with any aspect of AI or automation, we need to fully understand the consequences and social impact of its continued implementation. Technology can have many benefits – but it needs to be used in a way that augments humans, rather than displacing them.