Over the past few months, the pandemic has accelerated the transition to a fully digital world. We are seeing more e-commerce and online offerings to help us socially distance. From ordering groceries online to signing up for online gym classes and communicating with friends and family, our digital presence has increased significantly. Unfortunately, this growing digital presence leads to a rise in cyber-attacks, too, and more specifically, fraud. Joe Bloemendaal, Head of Strategy at Mitek, explains further below.
Fraud cases were predicted to be on the rise even before the mass lockdown. According to Juniper Research, online payment fraud for businesses in e-commerce, banking services, money transfer and airline ticketing were suspected to lose over $200 billion to online payment fraud between 2020 and 2024. The recent growth in digital services and accounts, and advanced technology like AI, is further driving the frequency of these fraudulent activities.
With easy access to an abundance of consumer data, advanced computational power and tools, it is becoming easier for cyber-criminals to completely take over legitimate accounts. So, how can we stay protected against these attacks? The first step is to understand what these cyber-criminals are after and this is often easy to overlook. Social media allows people to stay connected, but it also exposes a large amount of personal information, making people’s digital identity readily accessible to hackers. At every corner, hackers are lurking behind the screen trying to trick banks by stealing people’s details in order to access their hard-earned savings or turning to other methods of phishing scams.
Thankfully, with the help of unique identifiers and usage-patterns, it is possible to verify the digital identity and verify a user – making sure that they are who they claim to be when participating in any online or digital interaction. For financial services institutions to stop fraud in its track, they need to begin with understanding how to protect this digital identity.
But first, what is a digital identity?
A digital identity can be defined as “a body of information about an individual or organisation that exists online.” But the reality is that not many understand what really makes up a digital identity, and so cannot protect it. Is it our social media profile? Our credit score or history? Is it contained within a biometric passport?
A digital identity can be defined as “a body of information about an individual or organisation that exists online.”
This confusion means many are also concerned about the level of access a digital identity exposes to potential fraudsters. Once a hacker has our personal details, how much of ‘us’ can they really access? In the US, we found that 76% of consumers are extremely or very concerned about the possibility of having their personal information stolen online when using digital identities; but 60% feel powerless to protect their identity in the digital world.
This is mainly because many trust in their old methods and devices for security control – passwords, security questions, and digital signatures. But as modern security techniques evolve, these methods are no longer able to protect us on their own.
More advanced and secure methods of identity verification mirror modern social media habits. Most of us are familiar with taking selfies. Now, technology can match that selfie to an ID document such as a driving licence, turning a social behaviour into a verifiable form of digital identification. A simple, secure process enables people to gain access to a variety of e-commerce and digital banking services, without a long and friction filled ‘in-person’ process.
Even in the case of a compromised photo ID or stolen wallet, we can re-verify our digital credentials once we have our paperwork back in order – and restore a digital profile to full health.
But this doesn’t address the question of who is responsible for our digital identity – who will protect the long-term health and protection of our digital ‘twin’?
Historically, governments have proven to be poor custodians of their citizens’ data, given the loss of 25 million tax records, including payroll information, in the not-so-distant past. Some of the world’s biggest companies are not immune either, being held responsible for countless data breaches over the years.
As such, some believe citizens should be responsible for their own digital identities, making them ‘self-sovereign’. The ambition is to free our own personal information from existing databases and prevent companies from storing it every time we access new goods or services. Data controls such as GDPR and CCPA are a start – policing and regulating how companies use, control, and protect data.
However, ‘self-sovereign’ identities could only become mainstream if governments relinquish their sole responsibility for issuing and storing our identity information. It will also require new technologies, such as blockchain, to gain traction and be trusted. A cultural shift will be paramount, too.
Some suggest that instead of the rise of ‘self-sovereign’ identities, we’ll see some of the industry’s biggest players emerge instead. We’re already used to verifying our identities through Google and Facebook, using them to speed up registrations or access new services. Could those tech giants become our digital identity guardians?
Or would we rather entrust our digital identities to financial companies such as Visa or Mastercard, who have been looking after our financial transactions for decades, historically taking on the risk for us, and are now able to process disputes and stop unauthorised withdrawal of funds even faster?
Balancing trust and control
It’s clear that taking good care of one’s digital identity is a fine balance between trust and control. Security is also a personal thing, and what is right for one may not suit another. One thing is for certain: identity is the essence of the human being, so guardianship should be hard-earned.
Both businesses and individuals have a part to play when protecting our digital twin. With the help of digital identity verification and cybersecurity protection technologies, we can make self-sovereign identities a reality – if that’s what the people want.