As the volume of personally identifiable information (PII) online continues to grow, the amount of this data that has the potential of being exposed via breaches also increases.
Such breaches are becoming far too commonplace, striking every industry and every sector, from small, independent businesses to Fortune 500 companies. In the UK alone, one small business is successfully hacked every 19 seconds according to Hiscox, and it’s been reported that data breaches driven by identity theft have been costing the UK nearly £4 billion every year for almost a decade. This leaves PII including names, email addresses, phone numbers, credit card details, usernames and passwords destined for the dark web. There, it is then bought and sold by opportunistic fraudsters who use it to carry out, often lucrative, identity fraud.
Therefore, in today’s world, it’s no longer a certainty that someone using an online service is who they say they are, with the impact on the person and businesses extremely damaging. Acknowledging this risk, the UK government recently revealed its plans to introduce digital identities to help tackle the “record high” levels of fraud in the UK.
However, it’s not just organisations that are concerned about the impact of identity fraud. Consumers are worried about it too. Findings from our recent global survey reveal how UK consumers are demanding better assurance and are realising the important role digital identity solutions play in establishing this trust. For example, over three-quarters of UK consumers (78%) believe it’s important to use a digital identity to prove who they say they are when engaging with financial services online in particular. It’s clear that businesses must take steps to protect themselves and their customers, and leveraging digital identity solutions can help to cement that all-important trust.
Digital identity as an enabler
Whether it’s ID cards, health cards, passports or driving licences, we’ve long relied on various forms of physical ID to prove our identity. But as we move to a digital society, organisations need to find ways to verify customers’ identities remotely – and this is where the problem arises. In an online world, how can the person and the business on both sides of the interaction know that who they are dealing with is a genuine and trusted party?
Digital identities help to bridge this gap. Essentially, a digital identity is a collection of personal information about you that exists online and can be connected to your actual identity. It’s a reusable, electronic proof of identity issued by a trusted authority with a known level of assurance. As it’s cryptographically secured, it allows individuals to have greater privacy and data protection than a traditional form of identification.
Applying it to verification
The basics of digital identity can easily be applied to identity verification, particularly at the account opening stage when bridging the physical/digital gap is especially important. What’s more, 84% of UK consumers think it’s important to accurately verify their identity online when opening a financial services account, with 60% saying the same for opening a healthcare account and 32% agreeing this is required when opening a gaming /gambling account.
In this scenario, organisations can compare a user’s selfie to a photo taken of a government-issued ID, like a driving licence or passport. Using biometric technology, this process can deliver a definitive “match” or “no match” decision within seconds. This adds a critical layer of protection against stolen IDs and allows organisations to accurately verify whether the ID document truly belongs to the person making the transaction, and thus creating a digital identity. In addition, liveness detection can be layered to ensure the person holding the ID is physically present during the transaction. This protects organisations from advanced spoofing attacks by ensuring the images captured during onboarding are from a real human and not a spoofing artifact.
Establishing this level of trust with an organisation is something that consumers are valuing too. Our research showed that UK adults were more likely to engage with certain organisations if they have robust identity verification measures in place. For example, 57% would be more likely to engage with a financial services organisation online while 51% would be more likely to engage with online healthcare services.
Taking it to authentication
This tactic doesn’t need to be on sign-up only, though. The method can be used to continually verify users and provide even more identity assurance, which is particularly important in higher-risk scenarios like online banking. By requesting the user to take a fresh selfie every time they login to their online account or app, this generates a new biometric template. This can then be compared to the original biometric information captured during onboarding to unlock the user’s digital identity in seconds for continuous authentication. A third of Brits (34%) say that they would carry out biometric verification every time they log into their financial services account, so the appetite for this in some sectors is certainly there.
The government’s plan to introduce digital identities is a positive step in addressing identity fraud, and the findings from our research also show how, when utilised for identity verification, digital identities can even provide a competitive advantage. To ensure that customers and transactions are always protected, organisations should harness the power of this technology, tapping into the benefits to create an ecosystem of trust that stops identity fraudsters in their tracks – something particularly important in an era of continual data breaches.
About the Author
Philipp Pointner is Chief of Digital Identity at Jumio. When identity matters, trust Jumio. Jumio’s mission is to make the internet a safer place by protecting the ecosystems of businesses through a unified, end-to-end identity verification and eKYC platform. The Jumio KYX Platform offers a range of identity proofing and AML services to accurately establish, maintain and reassert trust from account opening to ongoing transaction monitoring.
Featured image: ©Fgnoprn