What is digital identity and why should you care

February 1, 2022

Digital identity EDCWhenever a person leaves the house, most do a sanity check for items they require – “do I have my phone, wallet, keys, glasses, money, watch, ID etc.” Dubbed everyday carry or “EDC” by the internet communities, EDC tools help people interact in the world outside their homes: a watch to keep time, a wallet to store money and identity documents, keys to lock up houses or drive cars.

But as the world goes digital, people are drastically cutting down the things they need to stuff into pockets before heading out. One of the last items in most EDC that’s going digital is the humble Identity Document. Though adoption may be slow, many countries in Europe, the Middle East, Africa, Asia, and Latin America have rolled out programs to have a National ID card that is valid for both the physical and digital world domains. But just because a person has a digital ID card, does that mean they have a “Digital Identity”? Yes and no.

Though it may soon become a reality there’s no need to bring physical ID documents, like a driver’s license everywhere, a person’s overall digital identity is vastly different and more complex than a simple digital ID. A digital identity encapsulates a person’s online activity, biometric behavioral data, and a number of other important aspects that allow people to login into the online community every day and interact – call it a digital “EDC” that’s always there and always online.

 

               Download The Future of Identity 2.0: Digital identity in a new world - the future came faster, by Mitek CTO, Stephen Ritter 

 

Read on for more for answers to the most common digital identity questions:

What is Digital Identity?

A person’s digital identity is an electronic file containing personally identifiable information (PII).

Examples of PII include the following:

  • Social Security number
  • Biometric data
  • Driver’s License number
  • Passport number
  • Login credentials (usernames and passwords)
  • Date of birth
  • Bank account number

PII is used by banks and websites to prove a person's identity through an identity verification process. Digital Identity is becoming more important and more complex as fraudster’s identity theft techniques get more sophisticated. The need for digital identity security and fraud management solutions is more important than ever and so is knowing that a company has a solid identity verification on-boarding process.

What is biometric authentication technology?

Biometric authentication technology is used to verify a person’s identity. These unique biometric and behavioral biometric features include elements like facial recognition, fingerprints, voice recognition, palm symmetry, iris recognition and more. Examples of using biometric authentication  technology being used in everyday situations would be when you use your voice or facial recognition to unlock your phone or use your voice to ask Siri where the closest gas station is. Because every person has a unique identifier, using biometrics as a digital identity solution can help fight against fraud like financial crime by making it harder for fraudsters to falsify an identity.  

How does multi-factor authentication improve access management?

When someone creates an account online, they will need credentials for accessing their account and usually set up a password and a user ID. This is known as a single factor authentication or SFA and is the one of the simplest forms of authentication. Two-factor authentication, or 2FA for short, requires a password (the first factor) then a numeric code, security token or a biometric such as a voice (the second factor) to access online data. Also known as two-step verification or dual-factor authentication, 2FA validates both sets of user credentials before granting access to an online account.  Multi-factor authentication (MFA) is a method of electronic authentication in which two or more factors (eg. a password, voice recognition and ID) are required for a user to gain access to a website or application. By involving multiple authentication layers, the access control systems remain secure even if one of the authentication factors is compromised.  

Most multi-factor or 2FA processes combine two or more of five common authentication factors: knowledge; possession; inheritance; location, and time. Knowledge factors are items the user knows such as a password or PIN, whereas a possession factor is something the user possesses, such as their mobile phone or an ID. Inheritance factors, also known as biometric factors, include facial features, voice tone, fingerprints and other inherited identifiers.

Often times we hear the term identity and access management (IAM) when we are talking about user verification and authentication. Identity and access management is a framework of technologies that ensure the right users have the appropriate access to technology, platforms and resources, at the right time. Although very helpful in a lot of instances, it does not necessarily authenticate the user throughout the lifecycle of the relationship.

What is Self-Sovereign Identity?

Self-sovereign identity refers to individuals or organizations maintaining exclusive ownership of their digital identification and analog identities as well as determining how this personal data is distributed and used.  Christopher Allen’s Ten Self-Sovereign Identity (SSI) Principles itemize the fundamental components of a self-sovereign digital identity framework:

  1. Existence — Users must have an independent existence.
  2. Control — Users must control their identities.
  3. Access — Users must have access to their own data and any associated claims without the interference of gatekeepers or intermediaries.
  4. Transparency — Systems and algorithms must be transparent.
  5. Persistence — Identities must be long-lived.
  6. Portability — Information and services about identity must be transportable.
  7. Interoperability — Identities should be as widely usable as possible.
  8. Consent — Users must agree to the use of their identity.
  9. Minimization — Disclosure of claims must be minimized.
  10. Protection — The rights of users must be protected.

The pros of self-sovereign identity management are that personal data is more private, and a person is in full control over the personal information they choose to share. A con is that the individual is also responsible for the security of that information, which can create opportunities for identity thieves to commit identity fraud.

How necessary is supporting sovereign ID to your financial services business model? The Mitek 2018 Digital Identity Consumer Confidence Report found 85% of people want to do business via websites that verify the identity of all users, and 67% prefer doing business with a website that can guarantee a person is whom they claim to be. According to Gartner Research, consumers also care about how companies manage the mobile identity verification process. “By 2022, digital businesses with great customer experience during identity corroboration will earn 20% more revenue than comparable businesses with poor customer experience.”

Self -sovereign identity solves two challenges for financial services’ digital product managers: confidence and risk. Accepting a customer’s sovereign digital identity as verified by the decentralized, irreversible, and transparent blockchain builds consumer confidence in your platforms and facilitates KYC identity verification/AML compliance.

Self-sovereign identity also reduces costs associated with multiple identity assurance systems by limiting PII to what’s necessary to complete the desired transaction.

What is the future of digital identity verification?

Convenience battles security when it comes to digital identity adoption. While consumers value digital identities for access to new services, they remain concerned over security risks and are fighting to find a balance between the two. But when it comes to the sharing economy, consumers are already actively using digital identities, setting the stage for the next frontier of digital interactions.

“The fact remains, however, that biometric identity verification solutions offer much greater security than traditional username/password methods. As the technology continues to grow in its sophistication, malicious access to this data will become increasingly difficult for hackers, providing both a more secure and convenient solution for users to access and verify their digital identities," explains Mitek CEO, Max Carnecchia.

As fraudsters and criminals try to steal identities, having a more secure system of identity authentication is also becoming more sophisticated. The new normal for digital identity verification will be in the form of a multi-factor authentication that includes some form of unique biometric identifier such as facial or voice recognition. This offers the consumer both convenience and an extra layer of security.

As hackers evolve, cybersecurity is as important as ever to avoid a business-altering data breach and expose your customer's personal information to a potential fraudster.  As the world moves more towards digital ID systems, financial institutions need to make sure they have a secure digital identity management solution built with sophisticated technology to protect personal data at all costs.