Digital identities: protecting our digital twins
Tue 9 Jun 2020 | Joe Bloemendaal
Identity is the essence of the human being – so guardianship should be hard-earned, says Joe Bloemendaal, head of strategy at Mitek, investigates
The pandemic has demonstrated just how much we depend on our online devices. From being able to work in the safety of our homes, to buying groceries online and booking virtual workout classes, it has proved that the move towards a fully digital world is within reach. Our dependence on the internet has also reminded us how much personal information we share – whether on social media, online banking and shopping, or our own professional profiles.
These characteristics that we openly disclose are exactly what fraudsters are looking for to exploit us – from using this information to pull our heartstrings in online dating scams to tricking our banks to gain access to our savings. We often overlook the trail of breadcrumbs of information we are leaving behind us, making it all too easy for a fraudster to take advantage.
Fortunately, there are ways to ensure fraudsters can be stopped in their tracks. With the use of unique identifiers and usage patterns, it is possible to verify the digital identity and verify a user – making sure that they are who they say they are when participating in any online or digital interaction. To protect our digital identity from fraudsters, we must first look at what makes up a digital identity.
What is a digital identity?
A digital identity can be defined as “a body of information about an individual or organisation that exists online.” But the reality is that consumers remain confused about what actually constitutes a digital identity. Consumers don’t feel they can fully protect what they don’t understand. Is it our social media profile? Our credit score or history? Is it contained within a biometric passport?
This confusion means many are also concerned about the level of access a digital identity exposes to potential fraudsters. Once a hacker has our personal details, how much of ‘us’ can they really access? In the US, we found that 76 percent of consumers are extremely or very concerned about the possibility of having their personal information stolen online when using digital identities; but 60 percent feel powerless to protect their identity in the digital world.
This is mainly because many people trust in their old methods and devices for security control – passwords, security questions, and digital signatures. But as modern security techniques evolve, these methods are no longer able to protect us on their own.
More advanced and secure methods of identity verification mirror modern social media habits. Most of us are familiar with taking selfies. Now, technology can match that selfie to an ID document such as a driving licence, turning a social behaviour into a verifiable form of digital identification. A simple, secure process enables people to gain access to a variety of e-commerce and digital banking services, without a long and friction filled ‘in-person’ process.
Even in the case of a compromised photo ID or stolen wallet, we can re-verify our digital credentials once we have our paperwork back in order – and restore a digital profile to full health.
But this doesn’t answer the question of who holds our digital identity data. Where is it stored? Who has access to it? Who is responsible for the long-term health and protection of our digital ‘twin’?
Who can protect our digital twin?
Historically, governments have proven to be poor custodians of their citizens’ data, given the loss of 25 million tax records, including payroll information, in the not-so-distant past. Of course, some of the world’s biggest companies are not immune either, being held responsible for countless data breaches over the years.
As such, there is a school of thought that citizens should be responsible for their own digital identities, making them ‘self-sovereign’. The ambition is to free our own personal information from existing databases and prevent companies from storing it every time we access new goods or services. Data controls such as GDPR and CCPA are a start – policing and regulating how companies use, control, and protect data.
However, ‘self-sovereign’ identities could only become mainstream if governments relinquish their sole responsibility for issuing and storing our identity information. It will also require new technologies, such as blockchain, to gain traction and be trusted. A cultural shift will be paramount, too. At present, some of us are all too willing to give up our data to get access to better offers or cheaper goods and services.
Some suggest that instead of the rise of ‘self-sovereign’ identities, we’ll see some of the industry’s biggest players emerge instead. We’re already used to verifying our identities through Google and Facebook, using them to speed up registrations or access new services. Could those tech giants become our digital identity guardians?
What about connectivity companies that know a lot about us already and who could make it even safer for us with the added benefit of a quick geolocation check? Or would we rather entrust our digital identities to financial companies such as Visa or Mastercard, who have been looking after our financial transactions for decades, historically taking on the risk for us, and are now able to process disputes and stop unauthorised withdrawal of funds even faster?
It’s clear that taking good care of one’s digital identity is a fine balance between trust and control. Security is also a personal thing, and what is right for one may not suit another. One thing is for certain: identity is the essence of the human being, so guardianship should be hard-earned.
It’s down to individuals to ensure their digital identities are protected, but businesses too, have a role to play in protecting them. If people are in favour of self-sovereign identities, this will be part of our reality with the help of proven digital identity verification and cyber security protection technologies.