Everyday, we are drowned even more into the online world. With the fast development of services, the consumer is making more online purchases and accessing more services all through his mobile. For example, purchasing goods or carrying out a bank operation through your bank's mobile application are both very common actions that have never been easier. Undoubtedly, this is considered as a huge step forward for technology; however, it carries various challenges regarding the security of the consumer's digital identity and the privacy of our personal data online. One of the biggest challenges is developing systems that allow any person to authenticate his/her online identity.
Forming a digital identity to access an online service will require you first of all to set a username or an email address and associate a password to it. But that's not all, there are other information that are also being collected once online such as the consumer's date of birth, social security number, purchasing behavior or history, online search activities, medical history, etc.
This leads us to two different notions: digital identification and digital authentication. The identification process is saying who you are, providing information about yourself such as your name and surname, birthdate, gender, level of education, etc., whereas the authentication process is proving that you are who you say you are, proving to the other party that they are dealing with the right person. That is done through passwords as the first step, and for more security, biometrics can be added afterwards such as iris recognition, retina recognition, voice recognition, fingerprints, face ID and chips.
Very often, people put their actual personal information online. This places the consumer in a position where he/she is prone to privacy and security risks leading to identity theft. This phenomenon has been rising in recent years which is why it takes not just one, but two and even multiple factors to complete a "sign-in" along with authentication systems that are becoming even more sophisticated. An example of that would be Apple's facial recognition system, Face ID. This system changes the fingerprint for the face, so that iPhone X users can authenticate and access their device, verify payments with Apple Pay or pay in the App Store.
In addition, there are new tools, big data and analytics that can help to algorithmically validate whether a person or organization is who or what he claims to be. However, gathering and curating this data, connecting it together and assigning a conﬁdence score to the conclusion is still challenging.
Traditionally, digital identity issues were considered as a business-to-business concern. But as consumers adopt more active roles as stakeholders while completing their online operations, this relationship is becoming a business-to-business-to-consumer one. However, the increase of consumers' interaction in the online place is leading to higher expectations and demands. For instance, people try to avoid having to rekey their data every time. Instead, they follow what is immediate and what keeps them always connected. So, people will expect technology to perform better and security to be higher.
Back in the simple times, people used to only take precautions of hackers stealing their passwords. Today, privacy has taken a whole new level especially with citizens having to share their fingerprints or iris scans. These should be given the same level of protection as other personal data, such as medical records, financial information and employment history.
However, protection systems alone can't be enough if users themselves don't have some maturity in acting online. They have the choice to select what kind of information goes online and what kind doesn't. In addition, they should be informed of who is collecting their biometric data, why it is being collected, how it will be used, where it will be stored and who will have access to it.
The frequency and severity of data breaches highlights the growing importance of identity authentication. But just as security is front-of-mind for companies, it is increasingly important today to consumers as well.
Nevertheless, it's true that with these developments, one may face challenges and risks, but positive factors also exist. In the near future, and with this fast-growing pace, the sector of Open Banking is likely to witness much more activity. And, if that service is to truly take off, assuring and protecting identity must be a key component.
Furthermore, getting the hang of digital identity could also be a very good thing for the economy, in that it would make digital trade smoother, easier and faster.
In the industry, talks were happening about these issues for some time. Perhaps the solution could come this year, or might be years away. But there is definitely a change in the air. Either way, it would be smart from companies to start to get their heads around managed identity and how it might affect their business model.
As we go forward through life, we leave behind crumbs of digital data in miscellaneous sites we visit, essentially forming a digital silhouette of ourselves. This silhouette might even be a better representation of ourselves, as it can save and remember our precise information and searches from the past. This digital identity can predict, from past data, what our actions would be in the future, thus suggesting sites we would be interested in surfing. We expect to see: more mobility, greater demand for security and trust, an accelerating shift towards smart cities, and more calls for public supervision of digital identification systems.