The current debate about digital identity goes far beyond matters of security. While it is true that ever-increasing cyberattacks, data theft, and identity fraud underscore the need for digital security, we as users don’t want to miss out on good on-line experiences.
How can we strike a balance between these two concerns? The Expert Panel organized by ICAR and Mitek at the Mobile World Congress 2018, Solving the Global Identity Crisis, brought together six experts from different industries who deal with the daily challenge of verifying the digital identity of users.
Digital transformation has also changed user expectations. They want to access services fast, anywhere and at any time. But they are also increasingly concerned about data theft and identity fraud.
Thus, the main challenge remains to strike a balance between user experience and security. But that’s not the only challenge. Regulatory compliance is essential for companies, but regulations can’t always adapt quickly enough to technological change. And to top it all off, the level of digital security required for digital transactions varies from country to country, meaning that it is still difficult to find a system capable of verifying a user’s identity from absolutely anywhere on the planet, while also complying with regulations.
The changes brought about in users by the Internet is not limited to the digital realm. Users want it all and they want it now, even in the physical world, and so verification and authentication processes must be fully automatic.
In addition, the simplicity that users require of a digital process must now carry over into the physical world. For example, if they order a product online, they don’t want to wait or queue up to receive it physically. Online and offline processes must be perfectly integrated, fast, and easy.
It isn’t enough anymore to connect a name and a face with an identification document. It is necessary to know the user, to analyze his behavior in every channel, and to track his digital footprint. On the one hand, this kind of multi-channel knowledge makes it possible to verify a user with greater reliability, in particular by identifying anomalous behavior patterns. On the other hand, the company can use this information to offer much more personalized services to the user.
The user is the sum of his physical and digital identities, and companies need to understand and connect the full context that identifies the individual.
One idea that kept coming up in the session was the need to give the user control of his data at all times. Blockchain and encryption technologies are key in this regard.
More than half of all users are willing to provide personal data in order to identify themselves. But about 45% are not, either because they don’t trust the process or they don’t understand it.
Trust is the new digital currency, and to build trust, companies must offer transparency. The user needs to know why his data are being requested and what they are used for, and what security measures will be used to protect them.
Biometric technologies, such as facial, voice, and fingerprint recognition, play an increasingly important role in the verification of digital identity. Verification processes that incorporate biometrics are faster and simpler for the user, as well more secure when compared to traditional methods such as passwords or even manual verification.
Where is digital identity heading? Identification is based on trust between the company and the user. Technology is what makes it possible, but the user should always be the focus of the company’s strategic decisions.
Another idea presented was to assign to the government the role of standardizing the different identity verification processes used, for example, by banks and telecommunications companies. The goal would be a single process for the user, allowing him to identify himself digitally with any company or entity.
In this regard, biometrics could evolve to the point where the user actually becomes his own identification. In other words, by simply sitting down at the computer, and using biometric information unique to the user —what he does or how he does it— the user could be identified.
While it is true that greater regulation will be needed to cover these and other technological advances, it is clear that in the digital future, we will be our own identification.