In recent months, we have experienced a surge in the range of e-commerce and online offerings – from online gym classes to grocery deliveries – to help us socially distance. Because of this, we are exposing more personal information on these digital platforms than we realise – through social media, online shopping and banking and even on our professional profiles. Sadly, this increased digital presence is mirrored by a rise in fraud, too. Fraudsters are ready to use any method of phishing scams to trick our banks into accessing our savings.
Luckily, unique identifiers and usage-patterns make it possible to verify the digital identity and verify a user – making sure that they are who they claim to be when participating in any online or digital interaction. Understanding what constitutes a digital identity is the first step to keeping hackers at bay.
What is a digital identity?
A digital identity can be defined as “a body of information about an individual or organisation that exists online.” But the reality is that consumers can’t protect what they don’t understand. This confusion means many are also concerned about the level of access a digital identity exposes to potential fraudsters. Once a hacker has our personal details, how much of ‘us’ can they really access? In the US, we found that 76 percent of consumers are extremely or very concerned about the possibility of having their personal information stolen online when using digital identities; but 60 percent feel powerless to protect their identity in the digital world.
This is mainly because many trust in their old methods and devices for security control – passwords, security questions, and digital signatures. But as modern security techniques evolve, these methods are no longer able to protect us on their own.
More advanced and secure methods of identity verification mirror modern social media habits. Most of us are familiar with taking selfies. Now, technology can match that selfie to an ID document such as a driving licence, turning a social behaviour into a verifiable form of digital identification. A simple, secure process enables people to gain access to a variety of e-commerce and digital banking services, without a long and friction filled ‘in-person’ process.
But this doesn’t address who can access and be held responsible for the long-term protection of our digital ‘twin’?
Striking the balance between trust and control
Historically, governments have proven to be poor custodians of their citizens’ data, given the loss of 25 million tax records, in the not-so-distant past. Some of the world’s biggest companies are not immune either, being held responsible for countless data breaches.
As such, some believe that citizens should be responsible for their own digital identities, making them ‘self-sovereign’. The ambition is to take control of our own personal information and prevent companies from storing it every time we access new goods or services. Data controls such as GDPR and CCPA are a start – policing and regulating how companies use, control, and protect data. However, ‘self-sovereign’ identities could only become mainstream if governments relinquish their sole responsibility for issuing and storing our identity information.
Some suggest that instead of ‘self-sovereign’ identities, we’ll see some of the tech giants held responsible instead. Verifying our identities through Google and Facebook, using them to speed up registrations or access new services is common, so why not verify our digital identities too?
Or would we rather entrust our digital identities to financial companies such as Visa or Mastercard, who have been looking after our financial transactions for decades, and are now able to process disputes and stop unauthorised withdrawal of funds even faster?
It’s clear that taking good care of one’s digital identity is a fine balance between trust and control. Identity is the essence of the human being, so guardianship should be hard-earned. Both businesses and individuals have a role to play in protecting our digital twins. With the help of proven digital identity verification and cybersecurity protection technologies, we can make self-sovereign identities a reality – if that’s what the people want.
Author: Joe Bloemendaal, Head of Strategy at Mitek