Digital Identity 2.0: A new relationship between UX and security

In 1999, in an interview with the BBC, David Bowie made some predictions on the future of the internet which have ended up being eerily accurate: “I don’t think we’ve even seen the tip of the iceberg. I think the potential of what the internet is going to do to society, both good and bad, is unimaginable. I think we’re actually on the cusp of something exhilarating and terrifying”. This couldn’t have been more true.

In fact, the Mobile World Congress 2019 was the stage for the first surgical operation directed live with 5G.
The internet isn’t just a useful tool. Of course, it makes our day-to-day lives easier but it goes beyond that. The digital world is as real as the physical world, we can no longer understand our daily life without one or the other. It’s the same with our identity, one of the most prominent topics of debate for this particular MWC.

Xavi Anglada, General Manager and Digital Lead at Accenture MENA and Turkey, James Brodhurst, Head of Fraud and ID Sales Engineering EMEA at Experian, Francisco Faraco, Fraud Prevention and Partner at Deloitte, and Richard Harris, SVP, International Operations Manager, all participated in the expert panel organised by Mitek and discussed new trends in digital identity verification.

Trust continues to be the key

One point on which all parties agree is the need to establish trust-based relationships with users. However, trust in the digital environment has to work both ways. The company must be able to verify the identity of the user. In other words, they need to know that the person really is who they say they are. In turn, they have to provide the user with a good experience and a secure environment for their data.

An interesting concept that came up during the debate was that of the users’ “liquid expectations”, in other words, expectations which change over time and to which technology must constantly adapt.
For example, users of a certain age in the UK feel more comfortable with traditional banking institutions which have adapted to the digital environment, than with new companies. However, millennials and younger members of the public trust technology companies more than financial companies.

Another idea raised was that of real-time trust. Can we establish the user’s identity from their behaviour in real-time or by geolocalisation...? The possibility is there, although it involves constant analysis of the user’s activity in order to establish reliable patterns.

Our behaviour will be our identity

The most difficult thing to falsify is how a person behaves on different devices. Luckily, the technology necessary to compile this information exists today. The data is there. What we need to do is analyse it, connect it and understand it better.

Furthermore, we must take all context into account. For example, an onboarding operation is not a simple yes or no process. The person’s mood changes according to the transaction being carried out and influences the decision of whether to continue or not.

Once more, everything revolves around the user.

Data minimalism, a new concept at play

Companies need to ask for the correct data, not all data. In this sense, several experts commented that digital identity will change significantly in the next few years. It won’t be a matter of confirming some data on paper, but about getting to know the person. Digital identity will be a way of projecting who we are beyond a document.

Furthermore, the processes must be quick and easy. The amount of data requested, therefore, must be proportional to the value of what is being offered. In other words, it must be proportional to the user’s perception of the value.

What is really secure?

According to some of the experts, the future of digital identity won’t involve biometrics. It is convenient and easy, but it is not secure. Digital fingerprints, for example, can be obtained from using high-resolution photography and mobiles are not secure enough. Our biometric data can be stolen and, once compromised, it cannot be changed.

Blockchain technology may be a better alternative in this respect, but some suggest that it is not secure enough either.

Once again, the idea of real-time identity verification according to the user’s behaviour comes up. It is the most difficult to falsify and it cannot be ‘stolen’.

The constant search for balance between UX and security

UX has been essential for building a trust-based relationship between the company and the user. But additionally, it provides essential information for understanding and predicting their behaviour. It’s true that when users place a high value on the outcome they obtain, they are more tolerant of a certain amount of friction during the transaction. But in the case of daily operations or operations of a low perceived value, UX still comes out on top. Therefore, the key to balance is in the level of trust necessary to carry out a given operation.

In summary, balance will involve using the information to find out more about the user, especially their behaviour, in order to provide the best UX and security during each process and transaction, according to their every expectation.

There is still a lot left to do, and so much potential in terms of both technology and the information to be exploited in order to improve relations between users and companies.