By Joe Bloemendaal, Head of Strategy at Mitek
Over the last few months, we have been presented with more e-commerce and online offerings than ever before. From online shopping to virtual gym classes, the pandemic has accelerated the move towards a fully digital world. Unfortunately, this growing digital presence leads to a rise in cyber-attacks, too, and more specifically, fraud.
Even before the mass lockdown, fraud cases were predicted to be on the rise. According to Juniper Research, online payment fraud for businesses in e-commerce, banking services, money transfer and airline ticketing were suspected to lose over $200 billion to online payment fraud between 2020 and 2024. The recent growth in digital services and accounts, and advanced technology like AI, is further driving the frequency of these fraudulent activities. It’s safe to say the finance sector is in unchartered territory.
With easy access to an abundance of consumer data, advanced computational power and tools, it is becoming easier for cyber-criminals to completely take over legitimate accounts. So, how can we stay protected against these attacks? The first step is to understand what these fraudsters are after and this is often easy to overlook. Social media allows people to stay connected, but it also exposes a large amount of personal information, making people’s digital identity readily accessible to fraudsters. At every corner, fraudsters are lurking behind the screen trying to trick banks by stealing people’s details in order to access their hard-earned savings or turning to other methods of phishing scams.
Thankfully, with the help of unique identifiers and usage-patterns, it is possible for banks and fintechs to verify a user’s digital identity – making sure that they are who they claim to be when participating in a digital interaction. But for financial services institutions to stop fraud in its tracks, they need to begin with understanding how to protect our ‘digital identities’.
But first, what is a digital identity?
A digital identity can be defined as “a body of information about an individual or organisation that exists online.” But the reality is that not many understand what really makes up a digital identity so how can they protect something they don’t understand. Is it our social media profile? Our credit score or history? Is it contained within a biometric passport?
This confusion means many are also concerned about the level of access a digital identity exposes to potential fraudsters. Once a hacker has our personal details, how much of ‘us’ can they really access? In the US, we found that 76 percent of consumers are extremely or very concerned about the possibility of having their personal information stolen online when using digital identities; but 60 percent feel powerless to protect their identity in the digital world.
This is mainly because many trust in their old methods and devices for security control – passwords, security questions, and digital signatures. But as modern security techniques evolve, these methods are no longer able to protect us on their own.
More advanced and secure methods of identity verification mirror modern social media habits. Most of us are familiar with taking selfies. Now, technology can match that selfie to an ID document such as a driving licence, turning a social behaviour into a verifiable form of digital identification. A simple, secure process enables people to gain access to a variety of e-commerce and digital banking services, without a long and friction filled ‘in-person’ process.
Even in the case of a compromised photo ID or stolen wallet, we can re-verify our digital credentials once we have our paperwork back in order – and restore a digital profile to full health.
But this doesn’t address the question of who is responsible for our digital identity – who will protect the long-term health and protection of our digital ‘twin’?
Historically, governments have proven to be poor custodians of their citizens’ data, given the loss of 25 million tax records, including payroll information, in the not-so-distant past. Some of the world’s biggest companies are not immune either, being held responsible for countless data breaches over the years.
Balancing trust and control
As such, some believe citizens should be responsible for their own digital identities, making them ‘self-sovereign’. The ambition is to free our own personal information from existing databases and prevent companies from storing it every time we access new goods or services. Data controls such as GDPR and CCPA are a start – policing and regulating how companies use, control, and protect data.
However, ‘self-sovereign’ identities could only become mainstream if governments relinquish their sole responsibility for issuing and storing our identity information. It will also require new technologies, such as blockchain, to gain traction and be trusted. A cultural shift will be paramount, too.
Some suggest that instead of the rise of ‘self-sovereign’ identities, we’ll see some of the industry’s biggest players emerge instead. We’re already used to verifying our identities through Google and Facebook, using them to speed up registrations or access new services. Could those tech giants become our digital identity guardians?
Or would we rather entrust our digital identities to financial companies such as Visa or Mastercard, who have been looking after our financial transactions for decades, historically taking on the risk for us, and are now able to process disputes and stop unauthorised withdrawal of funds even faster? Could the financial sector’s role become even more important when it comes to our digital identity?
It’s clear that taking good care of one’s digital identity is a fine balance between trust and control. Security is also a personal thing, and what is right for one may not suit another. One thing is for certain: identity is the essence of the human being, so guardianship should be hard-earned.
Both businesses and individuals have a part to play when protecting our digital twins. With the help of digital identity verification and cybersecurity technologies, we can make self-sovereign identities a reality – if it works for our financial sector, and it’s what the people want.
